Hi Giannis, Sorry Just going through old mails, saw this and no response, Im not sure about least state but you could try,
Relayd would be would be a good place to start... it has L4 level ( Port forwarding with health checks that would be useful ) (the above is uesful if you are doing Destination Nat) if you are doing Source- Nat, you could use ECMP equal Cost multi path routing) and just simply nat traffic on egress interface, Hope This Helps On 26 January 2018 at 13:01, Kapetanakis Giannis <[email protected]> wrote: > On 23/01/18 11:54, Kapetanakis Giannis wrote: >> On 23/01/18 11:08, Kapetanakis Giannis wrote: >>> Hi, >>> >>> I've discovered something that looks like a bug in nat translation with >>> least-states or round-robin >>> >>> Instead of using the nat-pool is uses wrong IPs >>> >>> # pfctl -sr -R0 >>> pass out log quick on vlan123 inet from xx.xx.xx.xx to 188.113.88.193 flags >>> S/SA tagged from_internal nat-to xx.xx.yy.24/29 least-states >>> >>> Jan 23 10:59:06.602884 rule 0/(match) pass out on vlan123: 0.0.0.0.62722 > >>> 188.113.88.193.80: S 3243156923:3243156923(0) win 29200 <mss >>> 1460,sackOK,timestamp 3169583207 0,nop,wscale 9> (DF) >>> Jan 23 10:59:21.836380 rule 0/(match) pass out on vlan123: 0.0.0.1.57696 > >>> 188.113.88.193.80: S 1280038032:1280038032(0) win 29200 <mss >>> 1460,sackOK,timestamp 3169598441 0,nop,wscale 9> (DF) >>> >>> See the 0.0.0.0 address? That's the first packet. The second packet (2nd >>> wget) uses the next IP, 0.0.0.1 etc. >>> >>> The same problem is with round-robin >>> 10:54:24.750786 0.0.0.2.50332 > 188.113.88.193.80: S >>> 1923288633:1923288633(0) win 29200 <mss 1460,sackOK,timestamp 3169301350 >>> 0,nop,wscale 9> (DF) >>> 10:54:28.078831 0.0.0.3.50350 > 188.113.88.193.80: S 925801869:925801869(0) >>> win 29200 <mss 1460,sackOK,timestamp 3169304678 0,nop,wscale 9> (DF) >>> >>> If I use random or source-hash I have no problem. >>> >>> Maybe this is fixed in current but I though I should report. >>> # head -1 /var/run/dmesg.boot >>> OpenBSD 6.2-beta (GENERIC.MP) #104: Mon Sep 18 23:31:27 MDT 2017 >>> >>> I'll try an upgrade later today... >>> >>> G >>> >> same problem with latest snapshot: >> OpenBSD 6.2-current (GENERIC.MP) #382: Sun Jan 21 14:13:38 MST 2018 >> >> G >> > > Hi, any luck with the above? > > thanks, > > G > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
