From owner-freebsd-questions@FreeBSD.ORG Fri Apr 13 14:14:42 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F4131106573B for ; Fri, 13 Apr 2012 14:14:41 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id AE00F8FC15 for ; Fri, 13 Apr 2012 14:14:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; s=DKIM-NAME-SERVICES; d=a1poweruser.com; h=From:To:Cc:Subject:Message-ID:X-Sender:X-Envelope-From; l=500; bh=w4rzdpIKXdi0I10oEkypnyKtBd5o46w4Xth+F8dDUgg=; b=NRSnSPcqdw2uQaTIo25VeMH/sPYSiuxZZloM7LLXWMfOzu18sBtX1uI7ANOFPoZbrHE+/oGkz3mQujJz38kfoJLfPtj+/AQPlCUe+eUm6CPyV/7xgs1X5ND1LAU9iB1r7eC/UAc6Nbw1bf61uQMNhCSh9Jgz0uJkG9WEU1fzTjo= Received: from [10.0.10.1] ([71.66.119.144]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 13 Apr 2012 07:14:33 -0700 Message-ID: <4F8834CB.5090203@a1poweruser.com> Date: Fri, 13 Apr 2012 10:14:35 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: FreeBSD Questions References: <4F7F522C.4040309@a1poweruser.com> In-Reply-To: <4F7F522C.4040309@a1poweruser.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 13 Apr 2012 14:14:33.0851 (UTC) FILETIME=[C02084B0:01CD197F] X-Sender: fbsd8@a1poweruser.com X-Envelope-From: fbsd8*a1poweruser.com Subject: Re: ipfilter mystery X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2012 14:14:42 -0000 Fbsd8 wrote: > Running 9.0 and connecting to Time Warner for the first time. > I have private lan behind my 9.0 box. > I have made a real simple rule set and nat rule just to get log > of what is happing. > > ipfilter rules. dc0 faces lan, fxp0 faces public internet > > pass in log quick on dc0 all > pass out log quick on dc0 all > > #pass in quick on fxp0 from 10.2.0.1 > pass in log quick on fxp0 all > pass out log quick on fxp0 all > > pass in quick on lo0 all > pass out quick on lo0 all > > nat rule > map fxp0 10.0.10.0/29 -> 0/32 > > Ipmon log > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad > broadcast > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad > broadcast > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad > broadcast > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad > broadcast > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 384 IN bad > broadcast > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 384 IN bad > broadcast > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad > broadcast > dc0 @0:1 p 10.0.10.1,55884 -> 209.18.47.61,53 PR udp len 20 61 IN > fxp0 @0:2 p 177.99.209.140,55884 -> 209.18.47.61,53 PR udp len 20 61 OUT > NAT > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 OUT bad > dc0 @0:1 p 10.0.10.1,55660 -> 209.18.47.61,53 PR udp len 20 64 IN > fxp0 @0:2 p 177.99.209.140,55660 -> 209.18.47.61,53 PR udp len 20 64 OUT > NAT > dc0 @0:1 p 10.0.10.1,51926 -> 209.18.47.61,53 PR udp len 20 62 IN > fxp0 @0:2 p 177.99.209.140,51926 -> 209.18.47.61,53 PR udp len 20 62 OUT > NAT > dc0 @0:1 p 10.0.10.1,58697 -> 209.18.47.61,53 PR udp len 20 61 IN > fxp0 @0:2 p 177.99.209.140,58697 -> 209.18.47.61,53 PR udp len 20 61 OUT > NAT > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 OUT bad > dc0 @0:1 p 10.0.10.1,49947 -> 209.18.47.61,53 PR udp len 20 64 IN > fxp0 @0:2 p 177.99.209.140,49947 -> 209.18.47.61,53 PR udp len 20 64 OUT > NAT > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,58697 PR udp len 20 77 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,58697 PR udp len 20 77 OUT bad > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 OUT bad > dc0 @0:1 p 10.0.10.1,49901 -> 209.18.47.61,53 PR udp len 20 63 IN > fxp0 @0:2 p 177.99.209.140,49901 -> 209.18.47.61,53 PR udp len 20 63 OUT > NAT > dc0 @0:1 p 10.0.10.1,59865 -> 209.18.47.61,53 PR udp len 20 66 IN > fxp0 @0:2 p 177.99.209.140,59865 -> 209.18.47.61,53 PR udp len 20 66 OUT > NAT > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,59865 PR udp len 20 82 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,59865 PR udp len 20 82 OUT bad > dc0 @0:1 p 10.0.10.1,53742 -> 209.18.47.61,53 PR udp len 20 71 IN > fxp0 @0:2 p 177.99.209.140,53742 -> 209.18.47.61,53 PR udp len 20 71 OUT > NAT > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,49947 PR udp len 20 116 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,49947 PR udp len 20 116 OUT bad > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,49901 PR udp len 20 99 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,49901 PR udp len 20 99 OUT bad > fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,53742 PR udp len 20 120 IN bad NAT > dc0 @0:1 p 209.18.47.61,53 -> 10.0.10.1,53742 PR udp len 20 120 OUT bad > fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad > broadcast > dc0 @0:1 p 10.0.10.1,1320 -> 69.147.83.34,80 PR tcp len 20 48 -S IN > fxp0 @0:2 p 177.99.209.140,1320 -> 69.147.83.34,80 PR tcp len 20 48 -S > OUT NAT > > 10.0.10.1 is the laptop in the lan. > 10.2.0.1 is being sent by time warner > I can not understand why I am getting the "IN bad NAT" > > The webpage loaded ok on the lan laptop. > > I have been using ipfilter since release 3.2 and this is the first isp > i ever got this kind of problem with. > > > > This turns out to be a bug in ipfilter. It’s now been reported as a bug to Darren Reed the maintainer of ipfilter.