On 23/01/18 11:54, Kapetanakis Giannis wrote: > On 23/01/18 11:08, Kapetanakis Giannis wrote: >> Hi, >> >> I've discovered something that looks like a bug in nat translation with >> least-states or round-robin >> >> Instead of using the nat-pool is uses wrong IPs >> >> # pfctl -sr -R0 >> pass out log quick on vlan123 inet from xx.xx.xx.xx to 188.113.88.193 flags >> S/SA tagged from_internal nat-to xx.xx.yy.24/29 least-states >> >> Jan 23 10:59:06.602884 rule 0/(match) pass out on vlan123: 0.0.0.0.62722 > >> 188.113.88.193.80: S 3243156923:3243156923(0) win 29200 <mss >> 1460,sackOK,timestamp 3169583207 0,nop,wscale 9> (DF) >> Jan 23 10:59:21.836380 rule 0/(match) pass out on vlan123: 0.0.0.1.57696 > >> 188.113.88.193.80: S 1280038032:1280038032(0) win 29200 <mss >> 1460,sackOK,timestamp 3169598441 0,nop,wscale 9> (DF) >> >> See the 0.0.0.0 address? That's the first packet. The second packet (2nd >> wget) uses the next IP, 0.0.0.1 etc. >> >> The same problem is with round-robin >> 10:54:24.750786 0.0.0.2.50332 > 188.113.88.193.80: S >> 1923288633:1923288633(0) win 29200 <mss 1460,sackOK,timestamp 3169301350 >> 0,nop,wscale 9> (DF) >> 10:54:28.078831 0.0.0.3.50350 > 188.113.88.193.80: S 925801869:925801869(0) >> win 29200 <mss 1460,sackOK,timestamp 3169304678 0,nop,wscale 9> (DF) >> >> If I use random or source-hash I have no problem. >> >> Maybe this is fixed in current but I though I should report. >> # head -1 /var/run/dmesg.boot >> OpenBSD 6.2-beta (GENERIC.MP) #104: Mon Sep 18 23:31:27 MDT 2017 >> >> I'll try an upgrade later today... >> >> G >> > same problem with latest snapshot: > OpenBSD 6.2-current (GENERIC.MP) #382: Sun Jan 21 14:13:38 MST 2018 > > G >
Hi, any luck with the above? thanks, G
