Re: Sometime NAT, sometimes NOT?

[Brian A. Seklecki]

pfctl -x loud  && tail -f /var/log/messages

~BAS

On Mon, 11 Jun 2007, Geraerts Andy wrote:

We have an OpenBSD firewall running for a while now. Since a few days we
encounter some sort of selective natting. I try to ping a host, I get reply,
and 2 minutes later I try to ping the same host and I dont get replies.

So despite the state being created in both instances, you see a packet
egress your external interface with the source address of the internal
host instead of the external interface of the NAT box?

We indeed see the state being created. The packet egresses on the external 
interface without NAT. So the ip packet contains the source ip address of my 
laptop and therefor further on the path gets blocked because it isn't natted. A 
few seconds/minutes later I try again and everything works again.

Is there a way to see why it isn't doing the NAT?

(There are around 80 interfaces (vlan + carp) on the box.)

Regards,

Andy.



No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.13/843 - Release Date: 10/06/2007 13:39


______________________________________________________________________

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager at : 
[EMAIL PROTECTED] or call +32-(0)11-240234.
This footnote also confirms that this email message has been swept by Sophos 
for the presence of computer viruses.
______________________________________________________________________

l8*
        -lava (Brian A. Seklecki - Pittsburgh, PA, USA)
               http://www.spiritual-machines.org/

    "Guilty? Yeah. But he knows it. I mean, you're guilty.
    You just don't know it. So who's really in jail?"
    ~Maynard James Keenan