IPF & Time Warner Cable ISP NAT Error?

fbsd1 · #1 April 8th, 2012, 16:19

Running ~~Freebsd~~ FreeBSD 9.0 and connecting to Time Warner for the first time. I have a private LAN behind my 9.0 box. I have made a real simple rule set and nat rule just to get log of what is happing.

ipfilter rules. dc0 faces lan, fxp0 faces public internet

Code:

pass in  log quick on dc0 all 
pass out log quick on dc0 all 
     
pass in  log quick on fxp0 all 
pass out log quick on fxp0 all 
     
pass in  quick on lo0 all 
pass out quick on lo0 all 

nat rule 
map fxp0 10.0.10.0/29 -> 0/32

Ipmon log

Code:

fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast

dc0  p 10.0.10.1,55884 -> 209.18.47.61,53 PR udp len 20 61 IN
fxp0 p 177.99.209.140,55884 -> 209.18.47.61,53 PR udp len 20 61 OUT NAT
fxp0 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 IN bad NAT
dc0  p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 OUT bad

dc0  p 10.0.10.1,55660 -> 209.18.47.61,53 PR udp len 20 64 IN
fxp0 p 177.99.209.140,55660 -> 209.18.47.61,53 PR udp len 20 64 OUT NAT
fxp0 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 IN bad NAT
dc0  p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 OUT bad

dc0  p 10.0.10.1,51926 -> 209.18.47.61,53 PR udp len 20 62 IN
fxp0 p 177.99.209.140,51926 -> 209.18.47.61,53 PR udp len 20 62 OUT NAT
fxp0 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 IN bad NAT
dc0  p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 OUT bad

This is how it should look like.

Code:

dc0  p 10.0.10.1,51926 -> 209.18.47.61,53 PR udp len 20 62 IN
fxp0 p 177.99.209.140,51926 -> 209.18.47.61,53 PR udp len 20 62 OUT NAT
fxp0 p 209.18.47.61,53 -> 177.99.209.140,51926 PR udp len 20 100 IN NAT
dc0  p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 OUT

10.0.10.1 is the laptop in the LAN.
10.2.0.1 is being sent by Time Warner.
177.99.209.140 is my dynamic routable IP address from Time Warner.
Error is only happening on DNS inquire.

I can not understand why I am getting the "IN bad NAT". The webpage loaded ok on the LAN laptop.

I have been using ipfilter since release 3.2 and this is the first ISP I ever have this kind of problem with.

Any help in explaining what is happening and how to code rule to pass this error packet is appreciated.

[ Put some effort into your posts, thanks -- Mod. ]

fbsd1 · #2 April 13th, 2012, 15:09

This turns out to be a bug in ipfilter. It’s now been reported as a bug to Darren Reed the maintainer of ipfilter.

**SirDice** · #3 April 13th, 2012, 15:12

I would suggest switching to PF. The syntax is mostly the same. IPFilter hasn't seen a lot of development the past few years.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Is it possible to connect 2 FreeBSD machines via USB cable?	G_Nerc	Peripheral Hardware	5	March 23rd, 2012 21:13
[Solved] Root on ZFS & rc.conf error => problem at boot time.	Martillo1	General	2	October 3rd, 2011 22:20
Benq Scanner 5000 works from time to time	omelnikov	Peripheral Hardware	3	June 5th, 2011 19:45
[Solved] Collection of error messages from boot time	Beeblebrox	Installing & Upgrading	4	December 7th, 2010 09:57
USB Cable Modem Error	opc0des	Peripheral Hardware	4	August 10th, 2009 18:39