Strange NAT-behaviour on pF v2.0.1



  • I set up a port forwarding to a LAN-host, which worked fine for a while. But then i had to restart my router and my forwarding didnt work any more. After a while investigating i disabled the "use associated filter rule" and put the thing to "pass" and my port-forwarding worked again as expected.

    I tested with nat-reflection off, on, system-default, but no change…

    rules.debug:

    setting to "pass"

    # NAT Inbound Redirects
    rdr pass on pppoe0 proto { tcp udp } from any to xxx.xxx.xxx.xxx port yyyy -> $host
    

    setting to "use associated rule"

    # NAT Inbound Redirects
    rdr on pppoe0 proto { tcp udp } from any to xxx.xxx.xxx.xxx port yyyy -> $host
    # User-defined rules follow
    
    anchor "userrules/*"
    pass   in  quick  on $WAN reply-to ( pppoe0 zzz.zzz.zzz.zzz )  proto { tcp udp }  from any to   $host port yyyy  label "USER_RULE: NAT host"
    
    

    I set up the same thing again with an associated rule and it worked again for a while, restarted my router and it ceased to work again. Had to set the NAT-rule back to "pass"

    Difference at the NAT inbound redirects is the rdr pass on –> rdr on

    What is happening here?????

    By the way, a second NAT-entry never worked with "associated rule", only with "pass"...


Locked