On 2023-05-11 08:08 +10, David Diggles <da...@elven.com.au> wrote: > On Thu, May 11, 2023 at 07:27:22AM +1000, Jonathan Matthew wrote: >> >> This looks like the thing I ran into a while ago where I had an overly >> broad nat-to rule for outgoing traffic that applied to traffic from the >> host as well as the networks behind it. This meant dhcpleased's unicast >> packets appeared to come from a high port, so my provider's dhcp server >> rejected them. It looks like David is actually using the same provider >> as me. >> >> If there's a pf rule like 'match out on $iface nat-to ($iface)', making >> that only apply to traffic received on another interface will probably >> help. > > The nat rule I have > > match out on egress nat-to (egress) >
Yes, pretty sure this is causing your issue, like Jonathan was describing. -- In my defence, I have been left unsupervised.
