On Tue, Jan 24, 2023 at 12:53:53PM +0000, Polarian wrote:
> Hello,
>
> > I believe you mean what is usually called "NAT hairpinning" or "NAT
> > loopback" [1] or something like that. I _think_ (i.e. never tried it)
> > you can achieve the same with rdr-to and nat-to, as is explained on the
> > FAQ:
> >
> > https://www.openbsd.org/faq/pf/rdr.html#rdrnat
>
> I do not think so, this is for translating WAN packets to the LAN before
> passing them back as far as I am aware.
I really don't think so. The entire "Redirection and reflection", is
specifically about what happens (or doesn't happen, to be more accurate)
when you try to make packets from LAN clients behave as if they came
from the WAN interface.
"Still, it's often desirable for clients on the LAN to connect to
the same internal server as external clients and to do so
transparently. There are several solutions for this problem
(...)"
The last proposed solution is equivalent to "NAT <insert name that sounds
like something coming back>", and to your ISP's router behaviour.
> I believe its simply just OpenBSD checks its routing table and realises that
> the destination IP address is the WAN IP for itself, and thus keeps the
> packet, which makes sense, that is what is meant to happen but some routers
> don't seem to do this.
>
> > (As a side note, even with the "traditional" routers, the packets don't
> > actually go out to the ISP's and come back, they are internally routed.)
>
> What I observed was the packet hitting my ISP exchange in the area and being
> hopped back to the router, because the router lacked the knowledge to keep
> packets pointing to its WAN address, but this is a proprietary ISP router we
> are talking about, there is no true way to know how it is actually dealing
> with packets. Its just what I observed as it was bottlenecked by the
> broadband speed, thus must be pushing externally, as internally (if you did
> not use the WAN address of the router and you used the LAN) it would be
> internally routed like it should be, so I guess this is just a case of ISP
> bad routers.
> Thanks for the help,
> --
> Polarian
> GPG signature: 0770E5312238C760
> Website: https://polarian.dev
> JID/XMPP: polarian@polarian.dev
>
--
No comments:
Post a Comment