'Port Forward' and the underlying result
-
Seeing an interesting trend for port redirection rules.
From rules.debug:
rdr on em0 inet proto { tcp udp } from $OPT3__NETWORK to $Public_Resolvers port 53 -> <OBSCURED>
rdr on { em1 bce1 bce0 em6 em2 em5 em3 em4 openvpn } inet proto { tcp udp } from $OPT3__NETWORK to $Public_Resolvers port 53 -> <OBSCURED>The first line is the rule from what's in the GUI. The second line..... Not sure what to make of this and why there would be redirection rules across all the other interfaces where it should not ("CAN NOT") happen. The redirection rule is applied on the specific interface using "<interface> subnets" for source (had it not been done this way, it would have certainly made an "exciting" evening).
May be missing it, but anyone know why that redirection rule would be placed across all the other interfaces as well? If the source network weren't considered, it would seem that this would result in application of the redirection to unintended interfaces and thus maligning traffic where it should not. Testing with the removal of the "<interface> subnets" results in the source being "any" - should suitably gum up the works, no?
Checking "pfctl -s all", it it quite apparent that all of the "multi-interface" (line 2) entries are present in the redirection stanza.
-
@justme2
Seems to be NAT reflection.
Either you have enabled it in a certain port forwarding rule for port 53 or globally in System > Advanced > Firewall & NAT. -
Interesting, apparently will need to remove the keyboard from one of the administrators....
Tnx!