PfSense stops rewriting outbound UDP packet source IP
-
Hi there,
I have a panamax "bluebolt" power controller that communicates with their system via UDP. It dropped offline from their system so I went digging.
PfSense is 2.1-Release on an Alix board.
I connected up wireshark on the wan port (on a hub, e.g. outside the firewall) and here's what I saw:
No. Time Source Destination Protocol Info 1 0.000000000 192.168.0.210 76.191.255.221 UDP Source port: 57008 Destination port: sunwebadmins Frame 1 (170 bytes on wire, 170 bytes captured) Ethernet II, Src: UptimeDe_XX:YY:XX (00:08:67:XX:YY:XX), Dst: Cadant_62:88:46 (00:01:5c:62:88:46) Internet Protocol, Src: 192.168.0.210 (192.168.0.210), Dst: 76.191.255.221 (76.191.255.221) User Datagram Protocol, Src Port: 57008 (57008), Dst Port: sunwebadmins (8989) Data (128 bytes) 0000 cf 02 15 7d c4 d1 be f7 46 f6 b0 28 f5 27 93 c4 ...}....F..(.'.. 0010 a1 c1 b8 c7 6f e1 8a 74 0c f2 62 b9 6f c6 56 28 ....o..t..b.o.V( 0020 36 74 ed 87 dc 8a 43 32 0c d3 09 d0 82 36 9c c9 6t....C2.....6.. 0030 2f 15 13 d9 47 12 38 c0 5d 50 10 bf ac 50 ea c4 /...G.8.]P...P.. 0040 93 b8 0d f0 00 89 6e 36 62 42 c8 40 39 46 fc 2c ......n6bB.@9F., 0050 6f 98 03 39 aa 39 96 be ab 5a ce a7 d1 c1 59 82 o..9.9...Z....Y. 0060 6e e5 c5 c2 c1 1a 7b 37 9d ad cd 0f 65 f5 5d 4e n.....{7....e.]N 0070 08 c6 36 8d 51 a8 8e 57 76 5e 94 30 a0 03 6b 9b ..6.Q..Wv^.0..k.
I also had a look at the state table, first image below.
Seems like pfSense wasn't rewriting the source IP address?
I rebooted pfSense and it started working. Here's what wireshark saw at that point; a rewritten source IP address and a different source port:
No. Time Source Destination Protocol Info 172 822.814543000 67.180.xxx.xxx 76.191.255.221 UDP Source port: 22333 Destination port: sunwebadmins Frame 172 (186 bytes on wire, 186 bytes captured) Ethernet II, Src: UptimeDe_XX:YY:XX (00:08:67:XX:YY:XX), Dst: Cadant_62:88:46 (00:01:5c:62:88:46) Internet Protocol, Src: 67.180.xxx.xxx (67.180.xxx.xxx), Dst: 76.191.255.221 (76.191.255.221) User Datagram Protocol, Src Port: 22333 (22333), Dst Port: sunwebadmins (8989) Data (144 bytes) 0000 cf 02 15 7d c4 d1 be f7 46 f6 b0 28 f5 27 93 c4 ...}....F..(.'.. 0010 a1 c1 b8 c7 6f e1 8a 74 0c f2 62 b9 6f c6 56 28 ....o..t..b.o.V( 0020 36 74 ed 87 dc 8a 43 32 0c d3 09 d0 82 36 9c c9 6t....C2.....6.. 0030 2f 15 13 d9 47 12 38 c0 5d 50 10 bf ac 50 ea c4 /...G.8.]P...P.. 0040 82 b9 9a 02 7b 67 76 b0 7f 2f 5a 01 e8 10 32 a4 ....{gv../Z...2. 0050 a5 d1 f9 5e 29 4b 5a 09 03 01 e1 dc 1f a8 d7 cd ...^)KZ......... 0060 82 e8 47 26 14 14 63 bd 0d 73 46 1f b6 85 8a b6 ..G&..c..sF..... 0070 e6 24 51 92 83 9f 24 ad ac 11 75 f6 42 22 b5 59 .$Q...$...u.B".Y 0080 53 79 b3 44 1a 5c 3b ec c5 43 3d 53 0c 28 20 04 Sy.D.\;..C=S.( .
And I've attached the state table as well.
I've seen this before with this setup – its going to work for a while and then stop working again. I had thought it was a problem with the product but it appears that something is up with pfsense.
Any thoughts/ideas/advice? thanks!
-
Hey,
Just giving this a bump – any thoughts from anyone on what to do next in terms of debugging/diagnosing this?thanks!