Hello all,
I'm struggling with my pf configuration again. Problem is: pinging
to an IP is as fast as I suspect it to be; pinging to a FQDN is slow.
From a computer in the DMZ I try to ping to "heise.de" (which
resolves to 193.99.144.80)
When looking at pflog I see something like this on port 53 (somewhat
shortened to avoid line breaks).
r 419 pass in on bge0: <dmzip>.37749 > <srv>.53: 40380+[|domain] (DF)
r 380 match in on bge0: <dmzip>.37749 > <srv>.53: 40380+[|domain] (DF)
r 345 pass out on em0: <dmzip>.37749 > <srv>.53: 40380+[|domain]
r 329 match out on em0: <dmzip>.37749 > <srv>.53: 40380+[|domain] (DF)
with bge0 being the DMZ interface and em0 being the external interface
pfctl -vvsr shows the rules as:
@419 pass in log quick on bge0 inet all flags S/SA keep state tagged
dmz-ok route-to <gw>@em0
@380 match in log on bge0 inet proto udp from <dmzip> to <srv> port =
domain tag dmz-ok
@349 pass out log quick on em0 inet proto udp all keep state tagged dmz-ok
@329 match out log on em0 inet proto udp from <dmzip> to any nat-to <myip>
tcpdumping at the external interface I see:
<myip>.64578 > <srv>.53: [udp sum ok] 7399+ A? heise.de. (26) (ttl 64,
id 14713, len 54)
<srv>.53 > <myip>.64578: [udp sum ok] 7399 1/0/0 heise.de. A
193.99.144.80 (42) (DF) (ttl 56, id 0, len 70)
<myip>.54038 > <srv>.53: [udp sum ok] 21898+ PTR?
80.144.99.193.in-addr.arpa. (44) (ttl 64, id 25755, len 72)
<srv>.53 > <myip>.54038: 21898 1/0/0 80.144.99.193.in-addr.arpa.
PTR[|domain] (DF) (ttl 56, id 0, len 105)
I freely admit that I am at my wits end. Everything looks fine to
me, but still something is wrong.
Any pointer is highly appreciated.
Marcus M|lb|sch
