Strange NAT-behaviour on pF v2.0.1
-
I set up a port forwarding to a LAN-host, which worked fine for a while. But then i had to restart my router and my forwarding didnt work any more. After a while investigating i disabled the "use associated filter rule" and put the thing to "pass" and my port-forwarding worked again as expected.
I tested with nat-reflection off, on, system-default, but no change…
rules.debug:
setting to "pass"
# NAT Inbound Redirects rdr pass on pppoe0 proto { tcp udp } from any to xxx.xxx.xxx.xxx port yyyy -> $host
setting to "use associated rule"
# NAT Inbound Redirects rdr on pppoe0 proto { tcp udp } from any to xxx.xxx.xxx.xxx port yyyy -> $host # User-defined rules follow anchor "userrules/*" pass in quick on $WAN reply-to ( pppoe0 zzz.zzz.zzz.zzz ) proto { tcp udp } from any to $host port yyyy label "USER_RULE: NAT host"
I set up the same thing again with an associated rule and it worked again for a while, restarted my router and it ceased to work again. Had to set the NAT-rule back to "pass"
Difference at the NAT inbound redirects is the rdr pass on –> rdr on
What is happening here?????
By the way, a second NAT-entry never worked with "associated rule", only with "pass"...