Hey all, hope your evening/day fares well.
I've a relatively simple problem, but since working on another issue (unrelated and will update that one when I have a concrete answer) my brain has fried and I feel like I am doing something completely stupid.
I have a /29 from my ISP. I'm waiting for another, but it hasn't gotten here. All five of usable the IPs have been originally assigned to FreeBSD1. I organized pf to free one IP (last one in the /29) to assign to FreeBSD2_Test. Both connect directly to the ISP Modem on independent cables.
I set up pf.conf very simply on FreeBSD2_Test as follows:
When all is said and done, I can RDP (3389) to Y.Y.Y.5 without problem, but doing so causes both the Y.Y.Y.5 and FreeBSD2_Test to drop packets. Sometimes my RDP session breaks for good until I can flush state tables.
I get the following behaviors:
Traffic to Y.Y.Y.5 is shakey, but happens.
When I monitor traffic on
I see traffic from other External/Internal LANs on both de0/de1. I will be triple checking for any accidental bridging or wireless between the two networks, but it's simple enough that it should have been obvious the first two times I'm looking.
It seems that some traffic tries to go through FreeBSD1's default route to get to Y.Y.Y.5 and that's the root of my problem, but I feel like I'm losing my mind. Why wouldn't I be able to go modem to two separate hosts' LAN ports. Is it the default route? I'm pulling my hair out here!
Hope I am getting better DutchDaemon. Hope you don't have to edit this much.
I've a relatively simple problem, but since working on another issue (unrelated and will update that one when I have a concrete answer) my brain has fried and I feel like I am doing something completely stupid.
I have a /29 from my ISP. I'm waiting for another, but it hasn't gotten here. All five of usable the IPs have been originally assigned to FreeBSD1. I organized pf to free one IP (last one in the /29) to assign to FreeBSD2_Test. Both connect directly to the ISP Modem on independent cables.
I set up pf.conf very simply on FreeBSD2_Test as follows:
Code:
#!/bin/sh
# Interfaces
ext_if="de0"
int_if="de1"
#
# Options
#
set block-policy drop
set debug urgent
set limit { frags 10000, states 30000 }
set loginterface $ext_if
set optimization normal
set ruleset-optimization none
set skip on lo
set state-policy if-bound
#
# Traffic normalization
#
scrub in all no-df min-ttl 100 max-mss 1440 fragment reassemble
#
# Translation
#
nat on $ext_if from $int_if to any -> X.X.X.X/32
rdr pass on $ext_if proto { tcp, udp } from any to port 3389 -> Y.Y.Y.5
# Incoming traffic on $ext_if
pass in log all
pass out log allWhen all is said and done, I can RDP (3389) to Y.Y.Y.5 without problem, but doing so causes both the Y.Y.Y.5 and FreeBSD2_Test to drop packets. Sometimes my RDP session breaks for good until I can flush state tables.
I get the following behaviors:
Traffic to Y.Y.Y.5 is shakey, but happens.
When I monitor traffic on
tcpdump, I get the following error on port 3389:
Code:
tcp 24 [bad hdr length 8 - too short, < 20]I see traffic from other External/Internal LANs on both de0/de1. I will be triple checking for any accidental bridging or wireless between the two networks, but it's simple enough that it should have been obvious the first two times I'm looking.
It seems that some traffic tries to go through FreeBSD1's default route to get to Y.Y.Y.5 and that's the root of my problem, but I feel like I'm losing my mind. Why wouldn't I be able to go modem to two separate hosts' LAN ports. Is it the default route? I'm pulling my hair out here!
Hope I am getting better DutchDaemon. Hope you don't have to edit this much.
