[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
L2 broadcast and NAT state
I'm having an issue with pf's translation that I can't figure out.
For reasons I won't go into, I have a dedicated ethernet link to a
device that does not do ARP for some IP addresses. As a result, when
it sends packets toward my machine, they get tagged with a destination
MAC address of ff:ff:ff:ff:ff:ff. Changing the behavior of this
device isn't possible for my purposes.
With one of these non-ARPed addresses attached to my outside
interface, and a pf rule such as
pass out log-all on $ext_if from $problem_addr to any keep state
communications from the local machine work exactly as expected.
nat on $ext_if from $int_test to any -> $problem_addr
$int_if: mac mac: $int_test > $remote: icmp echo request
pfsync0: insert state: icmp $int_test -> $problem_addr -> $remote
pflog0: pass out on $ext_if: $problem_addr > $remote: icmp echo request
$ext_if: mac mac: $problem_addr > $remote: icmp echo request
$ext_if: mac broadcast: $remote > $problem_addr: icmp echo reply
pflog0: pass in on $ext_if: $remote > $problem_addr: icmp echo reply
..and that's the last I see of it. This is from a -current snapshot,
Where did my packet go?