PF weirdness
mail+lists at m.jwh.me.uk
mail+lists at m.jwh.me.uk
Wed Aug 17 10:31:44 UTC 2016
Hi all,
Ok so, I have an ERL that just does PPPoE and NAT via PF, however it seems
to be modifying the packets passing through the nat filter such that
traceroutes end up like this:
C:\Users\jwh>tracert -d -w 1 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 5 ms 1 ms 1 ms 172.21.88.254
2 47 ms 40 ms 39 ms 8.8.8.8
3 40 ms * 39 ms 8.8.8.8
4 37 ms 25 ms 67 ms 8.8.8.8
[root at lxc1 ~]# traceroute -In 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 172.21.88.254 0.485 ms 0.387 ms 0.483 ms
2 8.8.8.8 24.288 ms 24.301 ms 24.244 ms
3 8.8.8.8 24.870 ms 24.821 ms 25.036 ms
4 8.8.8.8 25.282 ms 25.646 ms 25.777 ms
It also affects any packets originating from the router itself, and the same
appears on UDP traceroutes.
Nothing looks out of the ordinary on the wire, but as soon as I run pfctl -d
it behaves normally, any ideas?
root at r1:~ # uname -a
FreeBSD r1.internethq 10.3-STABLE FreeBSD 10.3-STABLE #13 r303656M: Fri Aug
12 11:22:59 BST 2016 root at warez:/usr/obj/mips.mips64/usr/src/sys/ERL
mips
root at r1:~ # cat /etc/pf.conf
set skip on lo
nat on ng0 from any to any -> (ng0)
root at r1:~ # cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1
net.inet6.ip6.forwarding=1
net.inet.icmp.reply_from_interface=1
More information about the freebsd-net
mailing list