Date: Wed, 17 Aug 2016 11:24:05 +0100 From: <mail+lists@m.jwh.me.uk> To: <freebsd-net@freebsd.org> Subject: PF weirdness Message-ID: <028b01d1f871$7b9af200$72d0d600$@m.jwh.me.uk>
next in thread | raw e-mail | index | archive | help
Hi all, Ok so, I have an ERL that just does PPPoE and NAT via PF, however it seems to be modifying the packets passing through the nat filter such that traceroutes end up like this: C:\Users\jwh>tracert -d -w 1 8.8.8.8 Tracing route to 8.8.8.8 over a maximum of 30 hops 1 5 ms 1 ms 1 ms 172.21.88.254 2 47 ms 40 ms 39 ms 8.8.8.8 3 40 ms * 39 ms 8.8.8.8 4 37 ms 25 ms 67 ms 8.8.8.8 [root@lxc1 ~]# traceroute -In 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 172.21.88.254 0.485 ms 0.387 ms 0.483 ms 2 8.8.8.8 24.288 ms 24.301 ms 24.244 ms 3 8.8.8.8 24.870 ms 24.821 ms 25.036 ms 4 8.8.8.8 25.282 ms 25.646 ms 25.777 ms It also affects any packets originating from the router itself, and the same appears on UDP traceroutes. Nothing looks out of the ordinary on the wire, but as soon as I run pfctl -d it behaves normally, any ideas? root@r1:~ # uname -a FreeBSD r1.internethq 10.3-STABLE FreeBSD 10.3-STABLE #13 r303656M: Fri Aug 12 11:22:59 BST 2016 root@warez:/usr/obj/mips.mips64/usr/src/sys/ERL mips root@r1:~ # cat /etc/pf.conf set skip on lo nat on ng0 from any to any -> (ng0) root@r1:~ # cat /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.ip.fastforwarding=1 net.inet6.ip6.forwarding=1 net.inet.icmp.reply_from_interface=1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028b01d1f871$7b9af200$72d0d600$>