PfSense stops rewriting outbound UDP packet source IP



  • Hi there,

    I have a panamax "bluebolt" power controller that communicates with their system via UDP.  It dropped offline from their system so I went digging.

    PfSense is 2.1-Release on an Alix board.

    I connected up wireshark on the wan port (on a hub, e.g. outside the firewall) and here's what I saw:

    No.     Time           Source                Destination           Protocol Info
          1 0.000000000    192.168.0.210         76.191.255.221        UDP      Source port: 57008  Destination port: sunwebadmins
    
    Frame 1 (170 bytes on wire, 170 bytes captured)
    Ethernet II, Src: UptimeDe_XX:YY:XX (00:08:67:XX:YY:XX), Dst: Cadant_62:88:46 (00:01:5c:62:88:46)
    Internet Protocol, Src: 192.168.0.210 (192.168.0.210), Dst: 76.191.255.221 (76.191.255.221)
    User Datagram Protocol, Src Port: 57008 (57008), Dst Port: sunwebadmins (8989)
    Data (128 bytes)
    
    0000  cf 02 15 7d c4 d1 be f7 46 f6 b0 28 f5 27 93 c4   ...}....F..(.'..
    0010  a1 c1 b8 c7 6f e1 8a 74 0c f2 62 b9 6f c6 56 28   ....o..t..b.o.V(
    0020  36 74 ed 87 dc 8a 43 32 0c d3 09 d0 82 36 9c c9   6t....C2.....6..
    0030  2f 15 13 d9 47 12 38 c0 5d 50 10 bf ac 50 ea c4   /...G.8.]P...P..
    0040  93 b8 0d f0 00 89 6e 36 62 42 c8 40 39 46 fc 2c   ......n6bB.@9F.,
    0050  6f 98 03 39 aa 39 96 be ab 5a ce a7 d1 c1 59 82   o..9.9...Z....Y.
    0060  6e e5 c5 c2 c1 1a 7b 37 9d ad cd 0f 65 f5 5d 4e   n.....{7....e.]N
    0070  08 c6 36 8d 51 a8 8e 57 76 5e 94 30 a0 03 6b 9b   ..6.Q..Wv^.0..k.
    
    

    I also had a look at the state table,  first image below.

    Seems like pfSense wasn't rewriting the source IP address?

    I rebooted pfSense and it started working.  Here's what wireshark saw at that point; a rewritten source IP address and a different source port:

    No.     Time           Source                Destination           Protocol Info
        172 822.814543000  67.180.xxx.xxx         76.191.255.221        UDP      Source port: 22333  Destination port: sunwebadmins
    
    Frame 172 (186 bytes on wire, 186 bytes captured)
    Ethernet II, Src: UptimeDe_XX:YY:XX (00:08:67:XX:YY:XX), Dst: Cadant_62:88:46 (00:01:5c:62:88:46)
    Internet Protocol, Src: 67.180.xxx.xxx (67.180.xxx.xxx), Dst: 76.191.255.221 (76.191.255.221)
    User Datagram Protocol, Src Port: 22333 (22333), Dst Port: sunwebadmins (8989)
    Data (144 bytes)
    
    0000  cf 02 15 7d c4 d1 be f7 46 f6 b0 28 f5 27 93 c4   ...}....F..(.'..
    0010  a1 c1 b8 c7 6f e1 8a 74 0c f2 62 b9 6f c6 56 28   ....o..t..b.o.V(
    0020  36 74 ed 87 dc 8a 43 32 0c d3 09 d0 82 36 9c c9   6t....C2.....6..
    0030  2f 15 13 d9 47 12 38 c0 5d 50 10 bf ac 50 ea c4   /...G.8.]P...P..
    0040  82 b9 9a 02 7b 67 76 b0 7f 2f 5a 01 e8 10 32 a4   ....{gv../Z...2.
    0050  a5 d1 f9 5e 29 4b 5a 09 03 01 e1 dc 1f a8 d7 cd   ...^)KZ.........
    0060  82 e8 47 26 14 14 63 bd 0d 73 46 1f b6 85 8a b6   ..G&..c..sF.....
    0070  e6 24 51 92 83 9f 24 ad ac 11 75 f6 42 22 b5 59   .$Q...$...u.B".Y
    0080  53 79 b3 44 1a 5c 3b ec c5 43 3d 53 0c 28 20 04   Sy.D.\;..C=S.( .
    
    

    And I've attached the state table as well.

    I've seen this before with this setup – its going to work for a while and then stop working again.  I had thought it was a problem with the product but it appears that something is up with pfsense.

    Any thoughts/ideas/advice?  thanks!






  • Hey,
    Just giving this a bump – any thoughts from anyone on what to do next in terms of debugging/diagnosing this?

    thanks!


Log in to reply