12.0 + pf NAT = sadness

Eric A. Borisch

Well-Known Member

Reaction score: 229
Messages: 387

Just looking for a sanity check: is anyone running 12.0 with pf providing NAT successfully?

My little router box has been working like a champ, but upon upgrade to 12.0, the PF NAT layer does pass any traffic. No change to the pf.conf in the process.

Thank goodness for boot environments!
 

Nicola Mingotti

Well-Known Member

Reaction score: 141
Messages: 371

Just looking for a sanity check: is anyone running 12.0 with pf providing NAT successfully?

My little router box has been working like a champ, but upon upgrade to 12.0, the PF NAT layer does pass any traffic. No change to the pf.conf in the process.

Thank goodness for boot environments!

hello Eric A. Borisch, i installed two BBB Wifi AP working as NAT pf, in Italy, a few days ago. It is working. I found the dchpd conf,is lightly changed in 12 ... i may check tomorrow, now on cell phone.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,278
Messages: 29,707

Just looking for a sanity check: is anyone running 12.0 with pf providing NAT successfully?
Code:
root@maelcum:~ # uname -a
FreeBSD maelcum.dicelan.home 12.0-STABLE FreeBSD 12.0-STABLE r342912 GENERIC  amd64
root@maelcum:~ # pfctl -sn
nat pass on em0 inet from 192.168.10.0/24 to any -> (em0) round-robin
nat pass on em0 inet from 10.0.1.0/24 to any -> (em0) round-robin
rdr pass on em0 inet proto udp from any to any port = 27016 -> 192.168.10.96 port 27016
rdr pass on em0 inet proto tcp from any to any port = 27016 -> 192.168.10.96 port 27016
rdr on em0 inet proto tcp from 185.10.51.26 to (em0) port = 9200 -> 192.168.10.197 port 9200
rdr pass on em0 inet proto tcp from 185.10.51.26 to any port = 10051 -> 192.168.10.200 port 10051
rdr-anchor "miniupnpd" all
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,278
Messages: 29,707

I've been tracking 12-STABLE since it got branched off, I did have a period with some odd random panics but this seems to have been resolved since my last update. I never had any issues with NAT not working or not passing traffic though.
 
OP
OP
Eric A. Borisch

Eric A. Borisch

Well-Known Member

Reaction score: 229
Messages: 387

I have other 12.0 machines that are doing great, but none are providing NAT... back to poking at this, then. I do have interfaces that are getting renamed before PF starts, but other than that it's not too exotic.
 

nslay

Active Member

Reaction score: 14
Messages: 105

I got a PF NAT also working in 12.0 over bridged LAN/WLAN. The only hiccup I had updating FreeBSD 11 --> 12 was the DHCP issue I posted. But that's somehow caused by mysterious 802.11n problems and turning off 802.11n fixed it (though Windows Wi-Fi machines could still work?). Only Adrian Chadd could understand how that's happening!
 

roccobaroccoSC

Well-Known Member

Reaction score: 93
Messages: 406

Just looking for a sanity check: is anyone running 12.0 with pf providing NAT successfully?

My little router box has been working like a champ, but upon upgrade to 12.0, the PF NAT layer does pass any traffic. No change to the pf.conf in the process.

Thank goodness for boot environments!
Check if all kernel modules are loaded. Sometimes after upgrade config files get messed up, for example I used graphics/drm-next-kmod for my graphics card and after the upgrade it became graphics/drm-fbsd12.0-kmod. Naturally, I had to uninstall the old port and install the new one.
 
OP
OP
Eric A. Borisch

Eric A. Borisch

Well-Known Member

Reaction score: 229
Messages: 387

Not sure this is a bug...
UE / AXE are drivers for USB NICs from ASIX
This kind of NICs have some limitations. You can't compare this very lightweight and cheaps "nic" to a professional Intel PCI card.

Most people in this forum use either high grade NICs in some servers, or usually the onboard wired NIC.

Limitations often occur on Wireless Nic and.... USB
For example, under Windows when I run Virtualbox, I can't use Bridge connexion on my wireless nic, it crashes.
I can only use it on onboard NIC

This was important for everyone to note that we are speaking here of USB NICs
You got me. I'm not using enterprise hardware for my home firewall box. ;)

As noted in the comments to the bug report, if_axe.c has hardly changed in this time, so while this is a USB chipset, the regression is (likely) somewhere else.

It's also not like this is something that I explicitly had enabled, either: the ifconfig_* line had default configurations previously (explicitly, it was SYNCDHCP) -- I had to add -txcsum to make it work in 12.0, but not in 11.2.

"It used to work, and now it doesn't" is a regression; USB device or otherwise...
 
Top