I have a Ethernet westmere-ep Supermicro server I use for a local dns
server which I have local devices vpn connected into.
I started with em0 and I finagled a Google router/modem to give me back the
same local reserved address for em3 for the new Intel i350-t2 card.
I was watching "tcpdump -aetvvipflog0" and I found a pf match rewrite a wg0
state with a never before seen address like 206.xxx.xxx.xxx
The rule was something like:
"pass out log quick on $ext_if inet modulate state nat-to ($ext_if) tagged
wireguard",
and ext_if=em3
running "pfctl -vvvvsrules"
Showed it as some kinda round-robin with god knows what but it was messing
with my internet!
I just changed it to:
pass out log quick on em3 inet modulate state tagged wireguard nat-to
<local address>
Am I missing something? I disabled resolvd and made the name server
127.0.0.1 in resolv.conf and other stuff.
Why would it do that?
--
-Luke
No comments:
Post a Comment