From owner-freebsd-pf@FreeBSD.ORG  Wed May 24 19:32:52 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3FB3916A955
	for <freebsd-pf@freebsd.org>; Wed, 24 May 2006 19:32:52 +0000 (UTC)
	(envelope-from phoemix@harmless.hu)
Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C8D443D5C
	for <freebsd-pf@freebsd.org>; Wed, 24 May 2006 19:32:48 +0000 (GMT)
	(envelope-from phoemix@harmless.hu)
Received: from localhost (localhost [127.0.0.1])
	by marvin (Postfix) with ESMTP id 04CCC20001CB
	for <freebsd-pf@freebsd.org>; Wed, 24 May 2006 21:32:46 +0200 (CEST)
Received: from marvin.harmless.hu ([127.0.0.1])
	by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 22055-09 for <freebsd-pf@freebsd.org>;
	Wed, 24 May 2006 21:32:45 +0200 (CEST)
Received: by marvin (Postfix, from userid 1000)
	id 4CFC420001C9; Wed, 24 May 2006 21:32:45 +0200 (CEST)
Date: Wed, 24 May 2006 21:32:45 +0200
To: freebsd-pf@freebsd.org
Message-ID: <20060524193245.GA31411@marvin.harmless.hu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
From: phoemix@harmless.hu (Gergely CZUCZY)
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu
Subject: pf-nat with userland ppp source address issue
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2006 19:32:52 -0000


--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

hello

i've met a very strange issue with NATting.

i've noticed that only every second outgoing SSH connections succeed, and
this was a bit strange. i've started a few, and tcp dumped them, applied
a filter for S/SA tcp flags, and i've got the following result:

No.     Time        Source                Destination           Protocol Info
     31 4.513136    213.178.116.238       195.56.55.204         TCP      53480 > ssh [SYN] Seq=0 Len=0 MSS=1460 WS=1 TSV=2969214 TSER=0
     32 6.542201    213.178.109.103       195.56.55.204         TCP      56051 > ssh [SYN] Seq=0 Len=0 MSS=1460 WS=1 TSV=2971243 TSER=0
     73 8.293252    213.178.116.238       195.56.55.204         TCP      61535 > ssh [SYN] Seq=0 Len=0 MSS=1460 WS=1 TSV=2972994 TSER=0
     74 9.834288    213.178.109.103       195.56.55.204         TCP      59672 > ssh [SYN] Seq=0 Len=0 MSS=1460 WS=1 TSV=2974535 TSER=0
    115 11.384353   213.178.116.238       195.56.55.204         TCP      60708 > ssh [SYN] Seq=0 Len=0 MSS=1460 WS=1 TSV=2976085 TSER=0

take a look at the source address
now i've checked the interface configuration:

# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 213.178.109.103 --> 195.70.32.11 netmask 0xffffffff
        Opened by PID 208

for my information i looked them up:
238.116.178.213.in-addr.arpa domain name pointer caracas-4334.adsl.interware.hu.
103.109.178.213.in-addr.arpa domain name pointer caracas-2407.adsl.interware.hu.

so it appears that's just an other user-IP from my ISP's ADSL-pool.

now the ppp.log looked like really interesting, here comes the point:
--- chop with axe here ---
May 24 18:08:02 beeblebrox ppp[208]: tun0: IPCP:  IPADDR[6] changing address: 213.178.116.238  --> 213.
178.109.103
--- chop with axe here ---
as you can see, one source IP is the old one i had before, and the other on is that i'm using
currently. i've tried to re-read pf.conf with pfctl -f, but that didn't helped, nor -d/-e (disabling
and then enabling it).

this solved it:
# pfctl -d
# pfctl -F nat
# pfctl -F state
# pfctl -F Sources
# pfctl -f /etc/pf.conf
# pfctl -e

i'm using userland ppp service, as it seems from the tun0 interface.

is this issue alread known, and is it really a bug, or i'm doing something wrong?
the pf.conf is availabe from here. this is my home gateway, it's also a testbox, some
kind of playground.

uname -a:
FreeBSD beeblebrox.harmless.lan 6.1-STABLE FreeBSD 6.1-STABLE #0: Fri May 19 14:25:03 CEST 2006     root@beeblebrox.harmless.lan:/usr/obj/usr/src/sys/BEEBLEBROX  i386

pf.conf:
http://phoemix.harmless.hu/pf.beeblebrox.conf

Bye,

Gergely Czuczy
mailto: gergely.czuczy@harmless.hu
PGP: http://phoemix.harmless.hu/phoemix.pgp

Weenies test. Geniuses solve problems that arise.

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEdLTdbBsEN0U7BV0RAkJcAJ9UzCa8718ZHVPmnjfCjX7gPkRrdACgoqX7
cgfJH/mN1ctcZCt2jx874DU=
=q2xO
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--