Tuesday, January 24, 2023

Re: OpenBSD routing - detects WAN IP links back to firewall?

Hello,

> I believe you mean what is usually called "NAT hairpinning" or "NAT
> loopback" [1] or something like that. I _think_ (i.e. never tried it)
> you can achieve the same with rdr-to and nat-to, as is explained on the
> FAQ:
>
> https://www.openbsd.org/faq/pf/rdr.html#rdrnat

I do not think so, this is for translating WAN packets to the LAN before
passing them back as far as I am aware.

I believe its simply just OpenBSD checks its routing table and realises
that the destination IP address is the WAN IP for itself, and thus keeps
the packet, which makes sense, that is what is meant to happen but some
routers don't seem to do this.

> (As a side note, even with the "traditional" routers, the packets don't
> actually go out to the ISP's and come back, they are internally routed.)

What I observed was the packet hitting my ISP exchange in the area and
being hopped back to the router, because the router lacked the knowledge
to keep packets pointing to its WAN address, but this is a proprietary
ISP router we are talking about, there is no true way to know how it is
actually dealing with packets. Its just what I observed as it was
bottlenecked by the broadband speed, thus must be pushing externally, as
internally (if you did not use the WAN address of the router and you
used the LAN) it would be internally routed like it should be, so I
guess this is just a case of ISP bad routers.

Thanks for the help,
--
Polarian
GPG signature: 0770E5312238C760
Website: https://polarian.dev
JID/XMPP: polarian@polarian.dev

No comments:

Post a Comment