IPv4 NAT broken in 2.1-BETA1 (i386) built on Thu Apr 25 20:52:41 EDT 2013 ?



  • Hello,

    after updating to build Thu Apr 25 20:52:41 EDT 2013 I got following stange bahaviour:

    inbound interface:

    [2.1-BETA1][root@kerberos.cf.cfvpn]/root(9): tcpdump -ni em1_vlan2 icmp and host 192.168.26.2
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em1_vlan2, link-type EN10MB (Ethernet), capture size 96 bytes
    10:11:24.847826 IP 192.168.1.60 > 192.168.26.2: ICMP echo request, id 3594, seq 1, length 64
    10:11:25.847867 IP 192.168.1.60 > 192.168.26.2: ICMP echo request, id 3594, seq 2, length 64
    10:11:26.847783 IP 192.168.1.60 > 192.168.26.2: ICMP echo request, id 3594, seq 3, length 64
    ^C
    3 packets captured
    139 packets received by filter
    0 packets dropped by kernel

    outbound interface:

    [2.1-BETA1][root@kerberos.cf.cfvpn]/root(10): tcpdump -ni em1 icmp and host 192.168.26.2
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
    10:11:43.451374 IP 0.0.0.0 > 192.168.26.2: ICMP echo request, id 3596, seq 1, length 64
    10:11:44.450898 IP 0.0.0.0 > 192.168.26.2: ICMP echo request, id 3596, seq 2, length 64
    10:11:45.450814 IP 0.0.0.0 > 192.168.26.2: ICMP echo request, id 3596, seq 3, length 64
    10:13:49.094145 IP 0.0.0.0 > 192.168.26.2: ICMP echo request, id 3600, seq 1, length 64
    10:13:50.093642 IP 0.0.0.0 > 192.168.26.2: ICMP echo request, id 3600, seq 2, length 64
    ^C
    5 packets captured
    3931 packets received by filter
    0 packets dropped by kernel

    Matching rule should do something different:

    LAN  192.168.1.0/24 * * * LAN address * NO LAN_192_168_1 to LAN

    so I would expect 192.168.0.1 as src address on outbound interface.

    Maybe a problem while routing from vlan to native on same interface?
    Former pfSense versions from 2.1 did not had that behaviour.

    regards
    Christian


  • Rebel Alliance Developer Netgate

    Try a new snapshot (they just uploaded a few minutes ago)



  • Seems to be fixed.


Log in to reply