ipfilter mystery

Fbsd8 fbsd8 at a1poweruser.com
Fri Apr 13 14:14:42 UTC 2012 

Fbsd8 wrote:
> Running 9.0 and connecting to Time Warner for the first time.
> I have private lan behind my 9.0 box.
> I have made a real simple rule set and nat rule just to get log
> of what is happing.
> 
> ipfilter rules.  dc0 faces lan, fxp0 faces public internet
> 
> pass in  log quick on dc0 all
> pass out log quick on dc0 all
>     
> #pass in quick on fxp0 from 10.2.0.1
> pass in  log quick on fxp0 all
> pass out log quick on fxp0 all
>     
> pass in  quick on lo0 all
> pass out quick on lo0 all
> 
> nat rule
> map fxp0 10.0.10.0/29 -> 0/32
> 
> Ipmon log
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad 
> broadcast
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad 
> broadcast
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad 
> broadcast
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad 
> broadcast
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 384 IN bad 
> broadcast
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 384 IN bad 
> broadcast
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad 
> broadcast
> dc0  @0:1 p 10.0.10.1,55884 -> 209.18.47.61,53 PR udp len 20 61 IN
> fxp0 @0:2 p 177.99.209.140,55884 -> 209.18.47.61,53 PR udp len 20 61 OUT 
> NAT
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 OUT bad
> dc0  @0:1 p 10.0.10.1,55660 -> 209.18.47.61,53 PR udp len 20 64 IN
> fxp0 @0:2 p 177.99.209.140,55660 -> 209.18.47.61,53 PR udp len 20 64 OUT 
> NAT
> dc0  @0:1 p 10.0.10.1,51926 -> 209.18.47.61,53 PR udp len 20 62 IN
> fxp0 @0:2 p 177.99.209.140,51926 -> 209.18.47.61,53 PR udp len 20 62 OUT 
> NAT
> dc0  @0:1 p 10.0.10.1,58697 -> 209.18.47.61,53 PR udp len 20 61 IN
> fxp0 @0:2 p 177.99.209.140,58697 -> 209.18.47.61,53 PR udp len 20 61 OUT 
> NAT
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 OUT bad
> dc0  @0:1 p 10.0.10.1,49947 -> 209.18.47.61,53 PR udp len 20 64 IN
> fxp0 @0:2 p 177.99.209.140,49947 -> 209.18.47.61,53 PR udp len 20 64 OUT 
> NAT
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,58697 PR udp len 20 77 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,58697 PR udp len 20 77 OUT bad
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 OUT bad
> dc0  @0:1 p 10.0.10.1,49901 -> 209.18.47.61,53 PR udp len 20 63 IN
> fxp0 @0:2 p 177.99.209.140,49901 -> 209.18.47.61,53 PR udp len 20 63 OUT 
> NAT
> dc0  @0:1 p 10.0.10.1,59865 -> 209.18.47.61,53 PR udp len 20 66 IN
> fxp0 @0:2 p 177.99.209.140,59865 -> 209.18.47.61,53 PR udp len 20 66 OUT 
> NAT
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,59865 PR udp len 20 82 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,59865 PR udp len 20 82 OUT bad
> dc0  @0:1 p 10.0.10.1,53742 -> 209.18.47.61,53 PR udp len 20 71 IN
> fxp0 @0:2 p 177.99.209.140,53742 -> 209.18.47.61,53 PR udp len 20 71 OUT 
> NAT
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,49947 PR udp len 20 116 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,49947 PR udp len 20 116 OUT bad
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,49901 PR udp len 20 99 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,49901 PR udp len 20 99 OUT bad
> fxp0 @0:2 p 209.18.47.61,53 -> 10.0.10.1,53742 PR udp len 20 120 IN bad NAT
> dc0  @0:1 p 209.18.47.61,53 -> 10.0.10.1,53742 PR udp len 20 120 OUT bad
> fxp0 @0:2 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad 
> broadcast
> dc0  @0:1 p 10.0.10.1,1320 -> 69.147.83.34,80 PR tcp len 20 48 -S IN
> fxp0 @0:2 p 177.99.209.140,1320 -> 69.147.83.34,80 PR tcp len 20 48 -S 
> OUT NAT
> 
> 10.0.10.1 is the laptop in the lan.
> 10.2.0.1 is being sent by time warner
> I can not understand why I am getting the "IN bad NAT"
> 
> The webpage loaded ok on the lan laptop.
> 
> I have been using ipfilter since release 3.2 and this is the first isp
> i ever got this kind of problem with.
> 
> 
> 
> 
This turns out to be a bug in ipfilter. It’s now been reported as a bug 
to Darren Reed the maintainer of ipfilter.

More information about the freebsd-questions mailing list