From owner-freebsd-pf@freebsd.org  Mon Jun 29 09:45:09 2015
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F041298CE78
 for <freebsd-pf@mailman.ysv.freebsd.org>; Mon, 29 Jun 2015 09:45:09 +0000 (UTC)
 (envelope-from freebsd-pf@dino.sk)
Received: from mailhost.netlabit.sk (mailhost.netlabit.sk [84.245.65.72])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6D7F72A23
 for <freebsd-pf@freebsd.org>; Mon, 29 Jun 2015 09:45:08 +0000 (UTC)
 (envelope-from freebsd-pf@dino.sk)
Received: from zeta.dino.sk (fw1.dino.sk [84.245.95.252]) (AUTH: LOGIN milan)
 by mailhost.netlabit.sk with ESMTPA; Mon, 29 Jun 2015 11:45:06 +0200
 id 000F180F.559113A2.000031F3
Date: Mon, 29 Jun 2015 11:45:06 +0200
From: Milan Obuch <freebsd-pf@dino.sk>
To: Daniel Hartmeier <daniel@benzedrine.ch>
Cc: Ian FREISLICH <ian.freislich@capeaugusta.com>,
  freebsd-pf@freebsd.org
Subject: Re: Large scale NAT with PF - some weird problem
Message-ID: <20150629114506.1cfd6f1b@zeta.dino.sk>
In-Reply-To: <20150629092932.GC22693@insomnia.benzedrine.ch>
References: <14e119e8fa8.2755.abfb21602af57f30a7457738c46ad3ae@capeaugusta.com>
 <E1Z6dHz-0000uu-D8@clue.co.za> <E1Z6eVg-0000yz-Ar@clue.co.za>
 <20150621195753.7b162633@zeta.dino.sk>
 <E1Z7Ixx-0006K1-5p@clue.co.za> <E1Z7K1Y-0006Ph-ON@clue.co.za>
 <20150623112331.668395d1@zeta.dino.sk>
 <20150628100609.635544e0@zeta.dino.sk>
 <20150629082654.GA22693@insomnia.benzedrine.ch>
 <20150629105201.7ee24e38@zeta.dino.sk>
 <20150629092932.GC22693@insomnia.benzedrine.ch>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.27; i386-portbld-freebsd10.1)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2015 09:45:10 -0000

On Mon, 29 Jun 2015 11:29:32 +0200
Daniel Hartmeier <daniel@benzedrine.ch> wrote:

> On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
> 
> > Does this answerred your question fully or something more would be
> > usefull?
> 
> How are you doing ARP?
>
> You're not assigning every address on x.y.26.0/23 as an alias, are
> you?
> 
> So who answers ARP requests of the upstream router?

There is no ARP on routed address block.

In cisco speak, there is just

ip route x.y.24.0 255.255.252.0 x.y.3.19

statement and that's it. Nothing more. Whole address range from
x.y.24.0 to x.y.27.254 is routed here as it should be. For something
like this ARP would be really evil solution.

Milan