Date: Thu, 9 Jun 2005 23:07:13 -0400 From: "Tony Martino" <crumb@msnomer.com> To: <freebsd-pf@freebsd.org> Subject: PF with routable internal addresses Message-ID: <20050610030633.15A8210659@mx01.ca.mci.com>
next in thread | raw e-mail | index | archive | help
Hi, My internal network is 209.167.184.32/27, connected to the firewall on fxp0. The firewall machine is connected to the Internet through a PPPOE connection on fxp1/tun0, at 66.48.11.93. There are no NAT rules configured. This is on a 5.4-release system. I noticed a lot of bittorrent traffic getting blocked by the default deny rule, rather than getting passed by rules set up to let it through: pass in on $ext_if inet proto tcp from any to $azureus_users port 6882 pass in on $ext_if inet proto udp from any to $azureus_users port 6882 Then I noticed the IP that the bittorrent peers were trying to connect to was the tun0's address, rather than the address of the windows box the bittorrent client is running on. From this output, it appears that something is rewriting the source address on outgoing packets: carriertone# tcpdump -i tun0 | grep whatis tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type NULL (BSD loopback), capture size 96 bytes 16:25:27.006924 IP 209.167.184.39.4029 > mail.whatismyip.com.http: P 4256462602:4256463003(401) ack 2685840180 win 65535 16:25:27.070236 IP mail.whatismyip.com.http > 209.167.184.39.4029: . 1:1293(1292) ack 401 win 64000 16:25:27.070568 IP mail.whatismyip.com > 209.167.184.39: tcp 16:25:27.073661 IP mail.whatismyip.com.http > 209.167.184.39.4029: P 1441:2739(1298) ack 401 win 64000 16:25:27.074116 IP 209.167.184.39.4029 > mail.whatismyip.com.http: . ack 2739 win 65535 16:25:27.194978 IP mail.whatismyip.com.http > 209.167.184.39.4029: . ack 401 win 64000 carriertone# tcpdump -i fxp1 | grep whatis tcpdump: WARNING: fxp1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 16:25:27.007091 PPPoE [ses 0x1a7b] IP 66.48.11.93.4029 > mail.whatismyip.com.http: P 4256462602:4256463003(401) ack 2685840180 win 65535 16:25:27.070045 PPPoE [ses 0x1a7b] IP mail.whatismyip.com.http > 66.48.11.93.4029: . 1:1293(1292) ack 401 win 64000 16:25:27.070446 PPPoE [ses 0x1a7b] IP mail.whatismyip.com > 66.48.11.93: tcp 16:25:27.073515 PPPoE [ses 0x1a7b] IP mail.whatismyip.com.http > 66.48.11.93.4029: P 1441:2739(1298) ack 401 win 64000 16:25:27.074262 PPPoE [ses 0x1a7b] IP 66.48.11.93.4029 > mail.whatismyip.com.http: . ack 2739 win 65535 16:25:27.194848 PPPoE [ses 0x1a7b] IP mail.whatismyip.com.http > 66.48.11.93.4029: . ack 401 win 64000 Isn't this NAT? Why is this happening when there is no NAT configured anywhere on this system? Thanks, Tony
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050610030633.15A8210659>