Revision 9d140dd5 - expected changes in behavior?

  • I was running a build from 23.04.2013 and I updated to:
    2.1-BETA1 (amd64)
    built on Thu Apr 25 21:20:47 EDT 2013

    After the reboot I immediately noticed something was different - the LAN interface was not replying to ICMP any more, even though routing towards the Internet worked normally. I took a good look at the rules and noticed that the first match for the ICMP packets towards the LAN interface was a rule that has a gateway group specified. This setup had worked like this for almost 2 years. I then added an explicit "from LAN net to LAN net" rule with no gateway group specified and placed it before the other rule in order to force a route table lookup for local LAN traffic. This resulted in ICMPs being replied to on the LAN interface once again. Then I noticed that traceroutes from LAN hosts towards the Internet started showing the LAN IP as the 1st hop, even though policy routing is being performed to forward the packets via a gateway group. This has never happened for as long as I've used gateway groups to route my traffic, the 1st hop always being the GW on the ISP side.

    I think this patch is most likely responsible for this change in behavior: Revision 9d140dd5. Taking a look at the code change, there seems to be a massive rewrite of the forwarding code.

    Are there any other expected behaviour changes emerging from this change?

  • Read my thread "pfSense Crashed" - it might be related. Thursday night's builds seem to be broken in a very severe, fundamental way.

  • Rebel Alliance Developer Netgate

    New snapshots are up now, give on a try, it should be back to the behavior before those patches.

  • Thanks, with the newer build everything is back to normal.

Log in to reply