Running Freebsd FreeBSD 9.0 and connecting to Time Warner for the first time. I have a private LAN behind my 9.0 box. I have made a real simple rule set and nat rule just to get log of what is happing.
ipfilter rules. dc0 faces lan, fxp0 faces public internet
Ipmon log
This is how it should look like.
10.0.10.1 is the laptop in the LAN.
10.2.0.1 is being sent by Time Warner.
177.99.209.140 is my dynamic routable IP address from Time Warner.
Error is only happening on DNS inquire.
I can not understand why I am getting the "IN bad NAT". The webpage loaded ok on the LAN laptop.
I have been using ipfilter since release 3.2 and this is the first ISP I ever have this kind of problem with.
Any help in explaining what is happening and how to code rule to pass this error packet is appreciated.
[ Put some effort into your posts, thanks -- Mod. ]
ipfilter rules. dc0 faces lan, fxp0 faces public internet
Code:
pass in log quick on dc0 all
pass out log quick on dc0 all
pass in log quick on fxp0 all
pass out log quick on fxp0 all
pass in quick on lo0 all
pass out quick on lo0 all
nat rule
map fxp0 10.0.10.0/29 -> 0/32Ipmon log
Code:
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
fxp0 p 10.2.0.1,67 -> 255.255.255.255,68 PR udp len 20 328 IN bad broadcast
dc0 p 10.0.10.1,55884 -> 209.18.47.61,53 PR udp len 20 61 IN
fxp0 p 177.99.209.140,55884 -> 209.18.47.61,53 PR udp len 20 61 OUT NAT
fxp0 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 IN bad NAT
dc0 p 209.18.47.61,53 -> 10.0.10.1,55884 PR udp len 20 95 OUT bad
dc0 p 10.0.10.1,55660 -> 209.18.47.61,53 PR udp len 20 64 IN
fxp0 p 177.99.209.140,55660 -> 209.18.47.61,53 PR udp len 20 64 OUT NAT
fxp0 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 IN bad NAT
dc0 p 209.18.47.61,53 -> 10.0.10.1,55660 PR udp len 20 80 OUT bad
dc0 p 10.0.10.1,51926 -> 209.18.47.61,53 PR udp len 20 62 IN
fxp0 p 177.99.209.140,51926 -> 209.18.47.61,53 PR udp len 20 62 OUT NAT
fxp0 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 IN bad NAT
dc0 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 OUT badThis is how it should look like.
Code:
dc0 p 10.0.10.1,51926 -> 209.18.47.61,53 PR udp len 20 62 IN
fxp0 p 177.99.209.140,51926 -> 209.18.47.61,53 PR udp len 20 62 OUT NAT
fxp0 p 209.18.47.61,53 -> 177.99.209.140,51926 PR udp len 20 100 IN NAT
dc0 p 209.18.47.61,53 -> 10.0.10.1,51926 PR udp len 20 100 OUT10.0.10.1 is the laptop in the LAN.
10.2.0.1 is being sent by Time Warner.
177.99.209.140 is my dynamic routable IP address from Time Warner.
Error is only happening on DNS inquire.
I can not understand why I am getting the "IN bad NAT". The webpage loaded ok on the LAN laptop.
I have been using ipfilter since release 3.2 and this is the first ISP I ever have this kind of problem with.
Any help in explaining what is happening and how to code rule to pass this error packet is appreciated.
[ Put some effort into your posts, thanks -- Mod. ]
