Yes this is now fixed. Thanks everyone! Stuart's suggestion of "received-on" is indeed excellent and is what I've used.
On Thu, May 11, 2023 at 04:13:34PM +0200, Florian Obser wrote: > On 2023-05-11 08:08 +10, David Diggles <da...@elven.com.au> wrote: > > On Thu, May 11, 2023 at 07:27:22AM +1000, Jonathan Matthew wrote: > >> > >> This looks like the thing I ran into a while ago where I had an overly > >> broad nat-to rule for outgoing traffic that applied to traffic from the > >> host as well as the networks behind it. This meant dhcpleased's unicast > >> packets appeared to come from a high port, so my provider's dhcp server > >> rejected them. It looks like David is actually using the same provider > >> as me. > >> > >> If there's a pf rule like 'match out on $iface nat-to ($iface)', making > >> that only apply to traffic received on another interface will probably > >> help. > > > > The nat rule I have > > > > match out on egress nat-to (egress) > > > > Yes, pretty sure this is causing your issue, like Jonathan was > describing. > > -- > In my defence, I have been left unsupervised. >
