Letsencrypt expired, and dns errors


#92

now, on openWRT, we can provision TLS certificate
@box:~$ sudo /home/devnull/mailinabox/management/ssl_certificates.py

A TLS certificate was requested for: box.f2f10.com, f2f10.com, www.f2f10.com, voicestream.ca, www.voicestream.ca.
We have to wait 60 seconds for the certificate to be issued…
We have to wait 50 seconds for the certificate to be issued…
We have to wait 40 seconds for the certificate to be issued…
We have to wait 30 seconds for the certificate to be issued…
We have to wait 20 seconds for the certificate to be issued…
We have to wait 10 seconds for the certificate to be issued…

  • Stopping Postfix Mail Transport Agent postfix
    …done.
  • Starting Postfix Mail Transport Agent postfix
    …done.
    dovecot stop/waiting
    dovecot start/running, process 6127
  • Reloading nginx configuration nginx
    …done.
    A TLS certificate was successfully installed for box.f2f10.com, f2f10.com, www.f2f10.com, voicestream.ca, www.voicestream.ca.

#93

Correct tcpdump on openwrt while doing "mailinabox/management/status_checks.py "

root@TorWrt:/home/devnull# tcpdump -ni pppoe-wan port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe-wan, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
06:25:10.528668 IP 76.10.176.225.32986 > 192.5.5.241.53: 56486% [1au] A? aspmx.l.google.com. (47)
06:25:10.528785 IP 76.10.176.225.51844 > 192.5.5.241.53: 54716% [1au] NS? . (28)
06:25:10.529057 IP 76.10.176.225.26728 > 192.5.5.241.53: 551% [1au] AAAA? aspmx.l.google.com. (47)
06:25:10.535619 IP 192.5.5.241.53 > 76.10.176.225.32986: 56486- 0/15/27 (1178)
06:25:10.536046 IP 192.5.5.241.53 > 76.10.176.225.51844: 54716*- 14/0/27 NS i.root-servers.net., NS k.root-servers.net., NS f.root-servers.net., NS h.root-servers.net., NS b.root-servers.net., NS j.root-servers.net., NS l.root-servers.net., NS a.root-servers.net., NS m.root-servers.net., NS d.root-servers.net., NS g.root-servers.net., NS e.root-servers.net., NS c.root-servers.net., RRSIG (1097)
06:25:10.536295 IP 192.5.5.241.53 > 76.10.176.225.26728: 551- 0/15/27 (1178)
06:25:10.536689 IP 76.10.176.225.29624 > 192.48.79.30.53: 63279% [1au] A? aspmx.l.google.com. (47)
06:25:10.536975 IP 76.10.176.225.45377 > 192.228.79.201.53: 9344% [1au] DNSKEY? . (28)
06:25:10.537108 IP 76.10.176.225.36272 > 192.48.79.30.53: 31089% [1au] AAAA? aspmx.l.google.com. (47)
06:25:10.558855 IP 76.10.176.225.9062 > 8.8.8.8.53: 54307+ A? safebrowsing.googleapis.com. (45)
06:25:10.558986 IP 76.10.176.225.9062 > 8.8.4.4.53: 54307+ A? safebrowsing.googleapis.com. (45)
06:25:10.581800 IP 192.48.79.30.53 > 76.10.176.225.36272: 31089- 0/8/5 (668)
06:25:10.582579 IP 76.10.176.225.35440 > 216.239.36.10.53: 34492% [1au] AAAA? aspmx.l.google.com. (47)
06:25:10.589517 IP 8.8.4.4.53 > 76.10.176.225.9062: 54307 1/0/0 A 172.217.1.10 (61)
06:25:10.591534 IP 8.8.8.8.53 > 76.10.176.225.9062: 54307 1/0/0 A 172.217.0.234 (61)
06:25:10.600778 IP 192.48.79.30.53 > 76.10.176.225.29624: 63279- 0/8/5 (668)
06:25:10.601581 IP 76.10.176.225.59053 > 216.239.36.10.53: 52833% [1au] A? aspmx.l.google.com. (47)
06:25:10.609064 IP 192.228.79.201.53 > 76.10.176.225.45377: 9344*- 5/0/1 DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG (1414)
06:25:10.615525 IP 216.239.36.10.53 > 76.10.176.225.35440: 34492*- 1/0/0 AAAA 2607:f8b0:4001:c19::1b (64)
06:25:10.616061 IP 76.10.176.225.57397 > 192.33.4.12.53: 9078% [1au] DS? com. (32)
06:25:10.634783 IP 216.239.36.10.53 > 76.10.176.225.59053: 52833*- 1/0/0 A 74.125.70.26 (52)
06:25:10.636267 IP 192.33.4.12.53 > 76.10.176.225.57397: 9078*- 2/0/1 DS, RRSIG (367)
06:25:10.637254 IP 76.10.176.225.59060 > 192.36.148.17.53: 39823% [1au] DS? google.com. (39)
06:25:10.664060 IP 192.36.148.17.53 > 76.10.176.225.59060: 39823- 0/15/27 (1170)
06:25:10.664861 IP 76.10.176.225.38459 > 192.12.94.30.53: 41959% [1au] DS? google.com. (39)
06:25:10.690057 IP 192.12.94.30.53 > 76.10.176.225.38459: 41959*- 0/6/1 (760)
06:25:10.690756 IP 76.10.176.225.12082 > 192.54.112.30.53: 60969% [1au] DNSKEY? com. (32)
06:25:10.754035 IP 192.54.112.30.53 > 76.10.176.225.12082: 60969*- 3/0/1 DNSKEY, DNSKEY, RRSIG (743)
06:25:10.788373 IP 76.10.176.225.23024 > 199.7.83.42.53: 17716% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.813738 IP 199.7.83.42.53 > 76.10.176.225.23024: 17716- 0/9/13 (832)
06:25:10.814772 IP 76.10.176.225.8601 > 199.19.54.1.53: 4714% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.889292 IP 199.19.54.1.53 > 76.10.176.225.8601: 4714- 0/8/7 (773)
06:25:10.890129 IP 76.10.176.225.62993 > 162.159.24.35.53: 54181% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.890246 IP 76.10.176.225.53450 > 198.41.0.4.53: 29562% [1au] A? ns20.ja.net. (40)
06:25:10.912624 IP 198.41.0.4.53 > 76.10.176.225.53450: 29562- 0/15/27 (1168)
06:25:10.913493 IP 76.10.176.225.11097 > 192.43.172.30.53: 41752% [1au] A? ns20.ja.net. (40)
06:25:10.916520 IP 162.159.24.35.53 > 76.10.176.225.62993: 54181- 0/20/1 (382)
06:25:10.917222 IP 76.10.176.225.62392 > 162.159.25.27.53: 41836% [1au] A? 0.ns.spamhaus.org. (46)
06:25:10.917338 IP 76.10.176.225.57818 > 162.159.25.27.53: 58890% [1au] A? 2.ns.spamhaus.org. (46)
06:25:10.917426 IP 76.10.176.225.60024 > 162.159.25.27.53: 61437% [1au] A? 3.ns.spamhaus.org. (46)
06:25:10.917510 IP 76.10.176.225.35973 > 162.159.25.27.53: 14129% [1au] A? 4.ns.spamhaus.org. (46)
06:25:10.917594 IP 76.10.176.225.34190 > 162.159.25.27.53: 8858% [1au] A? 5.ns.spamhaus.org. (46)
06:25:10.917678 IP 76.10.176.225.5144 > 162.159.25.27.53: 17555% [1au] A? 7.ns.spamhaus.org. (46)
06:25:10.917763 IP 76.10.176.225.6328 > 162.159.25.27.53: 41997% [1au] A? 8.ns.spamhaus.org. (46)
06:25:10.917848 IP 76.10.176.225.2076 > 162.159.25.27.53: 43137% [1au] A? b.ns.spamhaus.org. (46)
06:25:10.917931 IP 76.10.176.225.28666 > 162.159.25.27.53: 37072% [1au] A? c.ns.spamhaus.org. (46)
06:25:10.918015 IP 76.10.176.225.29398 > 162.159.25.27.53: 51486% [1au] A? d.ns.spamhaus.org. (46)
06:25:10.918100 IP 76.10.176.225.49129 > 162.159.25.27.53: 11537% [1au] A? f.ns.spamhaus.org. (46)
06:25:10.918187 IP 76.10.176.225.4060 > 162.159.25.27.53: 48855% [1au] A? k.ns.spamhaus.org. (46)
06:25:10.918271 IP 76.10.176.225.30346 > 162.159.25.27.53: 29011% [1au] A? g.ns.spamhaus.org. (46)
06:25:10.918354 IP 76.10.176.225.54260 > 162.159.25.27.53: 46687% [1au] A? h.ns.spamhaus.org. (46)
06:25:10.918437 IP 76.10.176.225.59936 > 162.159.25.27.53: 53778% [1au] A? o.ns.spamhaus.org. (46)
06:25:10.918519 IP 76.10.176.225.26159 > 162.159.25.27.53: 20900% [1au] A? i.ns.spamhaus.org. (46)
06:25:10.918604 IP 76.10.176.225.39034 > 162.159.25.27.53: 11559% [1au] A? q.ns.spamhaus.org. (46)
06:25:10.918688 IP 76.10.176.225.39823 > 162.159.25.27.53: 23203% [1au] A? r.ns.spamhaus.org. (46)
06:25:10.918781 IP 76.10.176.225.41576 > 162.159.25.27.53: 36994% [1au] A? t.ns.spamhaus.org. (46)
06:25:10.918867 IP 76.10.176.225.35144 > 162.159.25.27.53: 50105% [1au] A? x.ns.spamhaus.org. (46)
06:25:10.923783 IP 162.159.25.27.53 > 76.10.176.225.57818: 58890*- 6/0/1 A 61.152.158.148, A 123.125.50.94, A 220.181.15.89, A 52.79.110.70, A 45.32.36.96, A 52.193.25.66 (142)
06:25:10.924004 IP 162.159.25.27.53 > 76.10.176.225.62392: 41836*- 15/0/1 A 68.71.33.14, A 43.245.61.150, A 186.202.136.35, A 193.190.148.15, A 193.74.22.152, A 209.222.201.140, A 209.6.82.10, A 143.215.143.4, A 185.5.138.232, A 194.104.0.140, A 85.94.194.12, A 213.81.185.73, A 129.143.4.184, A 85.25.14.252, A 193.190.148.145 (286)
06:25:10.924101 IP 162.159.25.27.53 > 76.10.176.225.60024: 61437*- 3/0/1 A 43.245.61.150, A 202.157.163.236, A 52.74.79.56 (94)
06:25:10.924157 IP 162.159.25.27.53 > 76.10.176.225.35973: 14129*- 2/0/1 A 35.154.147.207, A 139.59.48.139 (78)
06:25:10.924253 IP 162.159.25.27.53 > 76.10.176.225.5144: 17555*- 2/0/1 A 196.37.250.59, A 169.239.182.57 (78)
06:25:10.924494 IP 162.159.25.27.53 > 76.10.176.225.34190: 8858*- 3/0/1 A 41.215.240.213, A 193.182.144.157, A 213.236.56.133 (94)
06:25:10.924586 IP 162.159.25.27.53 > 76.10.176.225.6328: 41997*- 2/0/1 A 52.62.94.197, A 45.32.245.97 (78)
06:25:10.924755 IP 76.10.176.225.35510 > 123.125.50.94.53: 8810% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.924781 IP 162.159.25.27.53 > 76.10.176.225.2076: 43137*- 4/0/1 A 194.104.0.140, A 193.190.148.15, A 193.74.22.152, A 193.190.148.145 (110)
06:25:10.924841 IP 162.159.25.27.53 > 76.10.176.225.29398: 51486*- 7/0/1 A 213.81.185.73, A 217.160.177.94, A 212.77.104.11, A 129.143.4.184, A 145.239.25.182, A 89.188.72.138, A 37.235.56.240 (158)
06:25:10.924916 IP 162.159.25.27.53 > 76.10.176.225.28666: 37072*- 6/0/1 A 89.45.233.104, A 46.246.28.116, A 45.32.182.8, A 138.68.119.104, A 193.10.252.13, A 78.153.204.30 (142)
06:25:10.924971 IP 162.159.25.27.53 > 76.10.176.225.4060: 48855*- 3/0/1 A 54.233.122.54, A 143.106.2.74, A 186.202.136.35 (94)
06:25:10.925014 IP 162.159.25.27.53 > 76.10.176.225.49129: 11537*- 5/0/1 A 164.132.90.161, A 217.70.178.43, A 151.236.23.137, A 104.238.191.78, A 85.25.14.252 (126)
06:25:10.925075 IP 162.159.25.27.53 > 76.10.176.225.59936: 53778*- 3/0/1 A 209.239.113.84, A 45.77.193.2, A 143.215.143.4 (94)
06:25:10.925128 IP 162.159.25.27.53 > 76.10.176.225.54260: 46687*- 6/0/1 A 185.5.138.232, A 193.219.81.138, A 213.183.54.108, A 195.80.109.86, A 148.81.197.185, A 185.110.56.130 (142)
06:25:10.925252 IP 162.159.25.27.53 > 76.10.176.225.30346: 29011*- 4/0/1 A 85.217.170.32, A 147.102.226.131, A 194.68.44.148, A 185.65.206.162 (110)
06:25:10.925343 IP 162.159.25.27.53 > 76.10.176.225.26159: 20900*- 4/0/1 A 178.209.52.139, A 193.2.1.39, A 147.123.241.117, A 85.94.194.12 (110)
06:25:10.925487 IP 162.159.25.27.53 > 76.10.176.225.39034: 11559*- 3/0/1 A 171.66.2.21, A 209.148.113.38, A 50.22.152.254 (94)
06:25:10.925579 IP 162.159.25.27.53 > 76.10.176.225.41576: 36994*- 7/0/1 A 45.76.8.81, A 192.95.56.15, A 209.222.201.140, A 209.6.82.10, A 207.172.85.190, A 74.91.116.184, A 68.71.33.14 (158)
06:25:10.925652 IP 162.159.25.27.53 > 76.10.176.225.39823: 23203*- 1/0/1 A 66.33.204.14 (62)
06:25:10.925744 IP 162.159.25.27.53 > 76.10.176.225.35144: 50105*- 3/0/1 A 207.178.119.13, A 67.22.190.5, A 108.168.155.183 (94)
06:25:10.958058 IP 192.43.172.30.53 > 76.10.176.225.11097: 41752- 0/9/11 (845)
06:25:10.958989 IP 76.10.176.225.11762 > 192.58.128.30.53: 22771% [1au] A? ns1.surfnet.nl. (43)
06:25:10.959111 IP 76.10.176.225.56092 > 128.86.1.20.53: 37979% [1au] A? ns20.ja.net. (40)
06:25:11.047836 IP 128.86.1.20.53 > 76.10.176.225.56092: 37979*- 1/5/15 A 194.82.174.6 (760)
06:25:11.224617 IP 192.58.128.30.53 > 76.10.176.225.11762: 22771- 0/10/17 (907)
06:25:11.225414 IP 76.10.176.225.61577 > 213.154.241.85.53: 19120% [1au] A? ns1.surfnet.nl. (43)
06:25:11.235026 IP 123.125.50.94.53 > 76.10.176.225.35510: 8810 NXDomain*- 0/1/0 (112)
06:25:11.235771 IP 76.10.176.225.61668 > 128.63.2.53.53: 53538% [1au] DS? org. (32)
06:25:11.235885 IP 76.10.176.225.33650 > 128.63.2.53.53: 57172% [1au] NS? . (28)
06:25:11.270051 IP 128.63.2.53.53 > 76.10.176.225.33650: 57172*- 14/0/27 NS a.root-servers.net., NS b.root-servers.net., NS c.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS h.root-servers.net., NS i.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS l.root-servers.net., NS m.root-servers.net., RRSIG (1097)
06:25:11.270261 IP 128.63.2.53.53 > 76.10.176.225.61668: 53538*- 3/0/1 DS, DS, RRSIG (403)
06:25:11.271130 IP 76.10.176.225.24584 > 193.0.14.129.53: 15034% [1au] DS? spamhaus.org. (41)
06:25:11.315295 IP 193.0.14.129.53 > 76.10.176.225.24584: 15034- 0/9/13 (856)
06:25:11.316065 IP 76.10.176.225.20931 > 199.249.112.1.53: 24195% [1au] DS? spamhaus.org. (41)
06:25:11.322523 IP 199.249.112.1.53 > 76.10.176.225.20931: 24195*- 0/6/1 (760)
06:25:11.323199 IP 76.10.176.225.13783 > 199.19.57.1.53: 16098% [1au] DNSKEY? org. (32)
06:25:11.330767 IP 213.154.241.85.53 > 76.10.176.225.61577: 19120- 0/7/7 (503)
06:25:11.331514 IP 76.10.176.225.47672 > 192.41.162.30.53: 18200% [1au] A? ns1.zurich.surf.net. (48)
06:25:11.331631 IP 76.10.176.225.40933 > 193.63.94.20.53: 37352% [1au] A? ns1.surfnet.nl. (43)
06:25:11.351284 IP 192.41.162.30.53 > 76.10.176.225.47672: 18200- 0/9/7 (764)
06:25:11.352117 IP 76.10.176.225.16220 > 193.63.94.20.53: 12102% [1au] A? ns1.zurich.surf.net. (48)
06:25:11.419032 IP 193.63.94.20.53 > 76.10.176.225.40933: 37352|$ 0/0/0 (43)
06:25:11.419460 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [S], seq 1418782059, win 29200, options [mss 1452,sackOK,TS val 1121912513 ecr 0,nop,wscale 7], length 0
06:25:11.503301 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [S.], seq 3102829770, ack 1418782060, win 50400, options [nop,nop,TS val 97751156 ecr 1121912513,mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
06:25:11.503555 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [.], ack 1, win 229, options [nop,nop,TS val 1121912534 ecr 97751156], length 0
06:25:11.503671 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [P.], seq 1:46, ack 1, win 229, options [nop,nop,TS val 1121912534 ecr 97751156], length 4536184% [1au] A? ns1.surfnet.nl. (43)
06:25:11.587216 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [.], ack 46, win 50400, options [nop,nop,TS val 97751164 ecr 1121912534], length 0
06:25:11.588500 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [.], seq 1:1441, ack 46, win 50400, options [nop,nop,TS val 97751164 ecr 1121912534], length 144036184*- 2/6/17 A 192.87.106.101, RRSIG (1438)
06:25:11.588558 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [P.], seq 1441:1604, ack 46, win 50400, options [nop,nop,TS val 97751164 ecr 1121912534], length 16323109 inv_q+% [b2&3=0xf77] [23089q] [62121a] [36919n] [1907au][|domain]
06:25:11.588873 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [.], ack 1604, win 254, options [nop,nop,TS val 1121912555 ecr 97751164], length 0
06:25:11.589126 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [F.], seq 46, ack 1604, win 254, options [nop,nop,TS val 1121912555 ecr 97751164], length 0
06:25:11.589788 IP 193.63.94.20.53 > 76.10.176.225.16220: 12102*- 1/5/18 A 195.176.255.9 (1431)
06:25:11.672727 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [.], ack 47, win 50400, options [nop,nop,TS val 97751173 ecr 1121912555], length 0
06:25:11.672821 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [F.], seq 1604, ack 47, win 50400, options [nop,nop,TS val 97751173 ecr 1121912555], length 0
06:25:11.672970 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [.], ack 1605, win 254, options [nop,nop,TS val 1121912576 ecr 97751173], length 0
06:25:12.123481 IP 76.10.176.225.21737 > 199.19.56.1.53: 53123% [1au] DNSKEY? org. (32)
06:25:12.168315 IP 199.19.56.1.53 > 76.10.176.225.21737: 53123*- 7/0/1 DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, RRSIG, RRSIG[|domain]
06:25:12.437873 IP 76.10.176.225.44713 > 192.203.230.10.53: 31497% [1au] NS? . (28)
06:25:12.437993 IP 76.10.176.225.3324 > 192.203.230.10.53: 33729% [1au] DS? f2f10.com. (38)
06:25:12.445051 IP 192.203.230.10.53 > 76.10.176.225.44713: 31497*- 14/0/27 NS a.root-servers.net., NS b.root-servers.net., NS c.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS h.root-servers.net., NS i.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS l.root-servers.net., NS m.root-servers.net., RRSIG (1097)
06:25:12.445292 IP 192.203.230.10.53 > 76.10.176.225.3324: 33729- 0/15/27 (1169)
06:25:12.446925 IP 76.10.176.225.30117 > 192.52.178.30.53: 59416% [1au] DS? f2f10.com. (38)
06:25:12.492095 IP 76.10.176.225.11100 > 192.52.178.30.53: 33051% [1au] A? www.f2f10.com. (42)
06:25:12.496477 IP 76.10.176.225.29928 > 199.7.91.13.53: 49963% [1au] A? www.voicestream.ca. (47)
06:25:12.502165 IP 76.10.176.225.14985 > 199.7.91.13.53: 59117% [1au] DS? voicestream.ca. (43)
06:25:12.510290 IP 199.7.91.13.53 > 76.10.176.225.29928: 49963- 0/6/9 (635)
06:25:12.511079 IP 76.10.176.225.63335 > 199.4.144.2.53: 39357% [1au] A? www.voicestream.ca. (47)
06:25:12.516021 IP 199.7.91.13.53 > 76.10.176.225.14985: 59117- 0/6/9 (631)
06:25:12.516769 IP 76.10.176.225.58317 > 199.4.144.2.53: 47923% [1au] DS? voicestream.ca. (43)
06:25:12.518015 IP 199.4.144.2.53 > 76.10.176.225.63335: 39357- 0/6/1 (579)
06:25:12.518804 IP 76.10.176.225.2923 > 192.52.178.30.53: 35815% [1au] A? ns2.box.f2f10.com. (46)
06:25:12.518917 IP 76.10.176.225.36706 > 192.52.178.30.53: 36779% [1au] A? ns1.box.f2f10.com. (46)
06:25:12.523782 IP 199.4.144.2.53 > 76.10.176.225.58317: 47923*- 0/6/1 (752)
06:25:12.524503 IP 76.10.176.225.1330 > 185.159.196.2.53: 13578% [1au] DNSKEY? ca. (31)
06:25:12.559035 IP 185.159.196.2.53 > 76.10.176.225.1330: 13578*- 4/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG (893)
06:25:12.559953 IP 76.10.176.225.5673 > 192.112.36.4.53: 46232% [1au] DS? ca. (31)
06:25:12.565523 IP 192.52.178.30.53 > 76.10.176.225.36706: 36779- 0/6/3 (595)
06:25:12.601791 IP 192.52.178.30.53 > 76.10.176.225.30117: 59416*- 0/6/1 (759)
06:25:12.602515 IP 192.112.36.4.53 > 76.10.176.225.5673: 46232*- 2/0/1 DS, RRSIG (366)
06:25:12.623976 IP 76.10.176.225.60879 > 202.12.27.33.53: 33056% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.626984 IP 76.10.176.225.64421 > 192.16.188.181.53: 48316% [1au] A? voicestream.ca.dbl.spamhaus.org. (60)
06:25:12.630954 IP 76.10.176.225.42950 > 192.16.188.181.53: 20858% [1au] A? f2f10.com.dbl.spamhaus.org. (55)
06:25:12.647575 IP 192.52.178.30.53 > 76.10.176.225.11100: 33051- 0/6/3 (599)
06:25:12.674287 IP 192.52.178.30.53 > 76.10.176.225.2923: 35815- 0/6/3 (595)
06:25:12.690031 IP 202.12.27.33.53 > 76.10.176.225.60879: 33056- 0/10/13 (739)
06:25:12.690835 IP 76.10.176.225.42212 > 199.180.182.53.53: 59549% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.736754 IP 192.16.188.181.53 > 76.10.176.225.64421: 48316- 0/19/71 (1464)
06:25:12.737695 IP 76.10.176.225.14409 > 151.236.23.137.53: 42924% [1au] A? voicestream.ca.dbl.spamhaus.org. (60)
06:25:12.740998 IP 192.16.188.181.53 > 76.10.176.225.42950: 20858- 0/19/71 (1464)
06:25:12.742214 IP 76.10.176.225.27330 > 151.236.23.137.53: 41872% [1au] A? f2f10.com.dbl.spamhaus.org. (55)
06:25:12.748001 IP 199.180.182.53.53 > 76.10.176.225.42212: 59549- 0/8/1 (383)
06:25:12.749212 IP 76.10.176.225.32623 > 192.5.6.30.53: 9161% [1au] A? r.arin.net. (39)
06:25:12.749326 IP 76.10.176.225.22424 > 192.5.6.30.53: 42213% [1au] A? u.arin.net. (39)
06:25:12.749412 IP 76.10.176.225.38925 > 192.5.6.30.53: 64246% [1au] A? x.arin.net. (39)
06:25:12.749496 IP 76.10.176.225.14696 > 192.5.6.30.53: 18560% [1au] A? y.arin.net. (39)
06:25:12.749579 IP 76.10.176.225.3265 > 192.5.6.30.53: 26220% [1au] A? z.arin.net. (39)
06:25:12.749663 IP 76.10.176.225.41575 > 192.5.6.30.53: 8974% [1au] A? arin.authdns.ripe.net. (50)
06:25:12.766029 IP 192.5.6.30.53 > 76.10.176.225.38925: 64246- 0/7/9 (532)
06:25:12.766259 IP 192.5.6.30.53 > 76.10.176.225.14696: 18560- 0/7/9 (532)
06:25:12.766503 IP 192.5.6.30.53 > 76.10.176.225.41575: 8974- 0/9/13 (690)
06:25:12.766966 IP 76.10.176.225.20484 > 199.5.26.108.53: 35144% [1au] A? y.arin.net. (39)
06:25:12.767087 IP 76.10.176.225.29466 > 199.5.26.108.53: 64767% [1au] A? x.arin.net. (39)
06:25:12.767175 IP 76.10.176.225.43209 > 192.26.92.30.53: 14379% [1au] A? a1.verisigndns.com. (47)
06:25:12.767259 IP 76.10.176.225.47117 > 193.0.9.7.53: 47324% [1au] A? arin.authdns.ripe.net. (50)
06:25:12.767341 IP 76.10.176.225.37949 > 192.26.92.30.53: 29428% [1au] A? a3.verisigndns.com. (47)
06:25:12.767425 IP 76.10.176.225.44494 > 192.26.92.30.53: 21087% [1au] A? a2.verisigndns.com. (47)
06:25:12.767763 IP 192.5.6.30.53 > 76.10.176.225.32623: 9161- 0/7/9 (532)
06:25:12.767871 IP 192.5.6.30.53 > 76.10.176.225.22424: 42213- 0/7/9 (530)
06:25:12.768254 IP 192.5.6.30.53 > 76.10.176.225.3265: 26220- 0/7/9 (532)
06:25:12.768654 IP 76.10.176.225.36623 > 199.5.26.108.53: 64733% [1au] A? u.arin.net. (39)
06:25:12.768766 IP 76.10.176.225.4096 > 199.5.26.108.53: 4867% [1au] A? r.arin.net. (39)
06:25:12.768850 IP 76.10.176.225.60827 > 199.5.26.108.53: 11873% [1au] A? z.arin.net. (39)
06:25:12.784268 IP 192.26.92.30.53 > 76.10.176.225.44494: 21087- 0/8/10 (537)
06:25:12.784497 IP 192.26.92.30.53 > 76.10.176.225.37949: 29428- 0/8/10 (537)
06:25:12.785211 IP 76.10.176.225.36544 > 209.112.113.33.53: 40864% [1au] A? a2.verisigndns.com. (47)
06:25:12.785325 IP 76.10.176.225.14145 > 209.112.113.33.53: 60647% [1au] A? a3.verisigndns.com. (47)
06:25:12.787265 IP 192.26.92.30.53 > 76.10.176.225.43209: 14379- 0/8/10 (537)
06:25:12.787844 IP 76.10.176.225.42970 > 209.112.113.33.53: 19864% [1au] A? a1.verisigndns.com. (47)
06:25:12.805025 IP 209.112.113.33.53 > 76.10.176.225.36544: 40864*- 2/7/12 A 209.112.114.33, RRSIG (760)
06:25:12.805260 IP 209.112.113.33.53 > 76.10.176.225.14145: 60647*- 2/7/12 A 69.36.145.33, RRSIG (760)
06:25:12.808011 IP 209.112.113.33.53 > 76.10.176.225.42970: 19864*- 2/7/12 A 209.112.113.33, RRSIG (760)
06:25:12.824048 IP 199.5.26.108.53 > 76.10.176.225.20484: 35144*- 2/5/17 A 192.82.134.30, RRSIG (1464)
06:25:12.824777 IP 199.5.26.108.53 > 76.10.176.225.29466: 64767*- 2/5/17 A 199.71.0.63, RRSIG (1464)
06:25:12.825165 IP 76.10.176.225.41688 > 192.82.134.30.53: 60226% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.826027 IP 199.5.26.108.53 > 76.10.176.225.36623: 64733*- 2/5/15 A 204.61.216.50, RRSIG (1464)
06:25:12.826515 IP 199.5.26.108.53 > 76.10.176.225.4096: 4867*- 2/5/17 A 199.180.180.63, RRSIG (1464)
06:25:12.827262 IP 199.5.26.108.53 > 76.10.176.225.60827: 11873*- 2/5/17 A 199.212.0.63, RRSIG (1464)
06:25:12.844257 IP 151.236.23.137.53 > 76.10.176.225.14409: 42924 NXDomain*- 0/1/0 (113)
06:25:12.845500 IP 192.82.134.30.53 > 76.10.176.225.41688: 60226- 0/4/1 (321)
06:25:12.845740 IP 151.236.23.137.53 > 76.10.176.225.27330: 41872 NXDomain*- 0/1/0 (108)
06:25:12.846159 IP 76.10.176.225.24089 > 192.31.80.30.53: 28361% [1au] A? ns2.teksavvy.com. (45)
06:25:12.846275 IP 76.10.176.225.10733 > 192.31.80.30.53: 54840% [1au] A? ns.teksavvy.com. (44)
06:25:12.852749 IP 193.0.9.7.53 > 76.10.176.225.47117: 47324*- 2/0/1 A 193.0.9.10, RRSIG (234)
06:25:12.863008 IP 192.31.80.30.53 > 76.10.176.225.24089: 28361- 0/8/7 (719)
06:25:12.863248 IP 192.31.80.30.53 > 76.10.176.225.10733: 54840- 0/8/7 (719)
06:25:12.863699 IP 76.10.176.225.37363 > 107.179.179.1.53: 6502% [1au] A? ns2.teksavvy.com. (45)
06:25:12.863813 IP 76.10.176.225.42969 > 107.179.179.1.53: 47957% [1au] A? ns.teksavvy.com. (44)
06:25:12.869999 IP 107.179.179.1.53 > 76.10.176.225.37363: 6502*- 1/0/1 A 206.248.182.4 (61)
06:25:12.870233 IP 107.179.179.1.53 > 76.10.176.225.42969: 47957*- 1/0/1 A 206.248.182.3 (60)
06:25:12.870619 IP 76.10.176.225.46187 > 206.248.182.3.53: 61397% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.877746 IP 206.248.182.3.53 > 76.10.176.225.46187: 61397*- 1/0/1 PTR box.f2f10.com. (82)
06:25:12.878551 IP 76.10.176.225.7683 > 192.5.5.241.53: 18238% [1au] DS? arpa. (33)
06:25:12.885258 IP 192.5.5.241.53 > 76.10.176.225.7683: 18238*- 3/0/1 DS, DS, RRSIG (404)
06:25:12.886168 IP 76.10.176.225.27888 > 192.203.230.10.53: 25651% [1au] DS? in-addr.arpa. (41)
06:25:12.892997 IP 192.203.230.10.53 > 76.10.176.225.27888: 25651*- 4/0/1 DS, DS, DS, RRSIG (349)
06:25:12.893771 IP 76.10.176.225.61052 > 192.33.4.12.53: 7281% [1au] DNSKEY? arpa. (33)
06:25:12.914777 IP 192.33.4.12.53 > 76.10.176.225.61052: 7281*- 4/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG (897)
06:25:12.916056 IP 76.10.176.225.19809 > 192.5.5.241.53: 51150% [1au] DS? 76.in-addr.arpa. (44)
06:25:12.922751 IP 192.5.5.241.53 > 76.10.176.225.19809: 51150- 0/10/13 (728)
06:25:12.923565 IP 76.10.176.225.27992 > 199.253.183.183.53: 60730% [1au] DS? 76.in-addr.arpa. (44)
06:25:13.049322 IP 199.253.183.183.53 > 76.10.176.225.27992: 60730*- 2/0/1 DS, RRSIG (252)
06:25:13.050066 IP 76.10.176.225.38523 > 203.119.86.101.53: 61343% [1au] DNSKEY? in-addr.arpa. (41)
06:25:13.287824 IP 203.119.86.101.53 > 76.10.176.225.38523: 61343*- 5/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG, RRSIG (1341)
06:25:13.289193 IP 76.10.176.225.39803 > 200.10.60.53.53: 41001% [1au] DS? 10.76.in-addr.arpa. (47)
06:25:13.636862 IP 76.10.176.225.28954 > 8.8.4.4.53: 17905+ AAAA? safebrowsing.googleapis.com. (45)
06:25:13.669265 IP 8.8.4.4.53 > 76.10.176.225.28954: 17905 1/0/0 AAAA 2607:f8b0:400b:808::200a (73)
06:25:14.089452 IP 76.10.176.225.62358 > 196.216.169.10.53: 52511% [1au] DS? 10.76.in-addr.arpa. (47)
06:25:14.211529 IP 196.216.169.10.53 > 76.10.176.225.62358: 52511- 0/8/1 (375)
06:25:14.212300 IP 76.10.176.225.49983 > 193.0.9.10.53: 57313% [1au] DS? 10.76.in-addr.arpa. (47)
06:25:14.298284 IP 193.0.9.10.53 > 76.10.176.225.49983: 57313*- 0/4/1 (495)
06:25:14.299370 IP 76.10.176.225.8608 > 204.61.216.50.53: 49795% [1au] DNSKEY? 76.in-addr.arpa. (44)
06:25:14.306522 IP 204.61.216.50.53 > 76.10.176.225.8608: 49795*- 5/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG, RRSIG (1098)
06:25:14.309121 IP 76.10.176.225.15129 > 199.71.0.63.53: 51339% [1au] DS? 176.10.76.in-addr.arpa. (51)
06:25:14.374769 IP 199.71.0.63.53 > 76.10.176.225.15129: 51339*- 0/4/1 (499)
06:25:14.392326 IP 76.10.176.225.21572 > 193.74.22.152.53: 14194% [1au] A? box.f2f10.com.dbl.spamhaus.org. (59)
06:25:14.499028 IP 193.74.22.152.53 > 76.10.176.225.21572: 14194 NXDomain*- 0/1/0 (112)
06:25:20.810711 IP 76.10.176.225.19360 > 8.8.4.4.53: 52497+ A? detectportal.firefox.com. (42)
06:25:20.854232 IP 8.8.4.4.53 > 76.10.176.225.19360: 52497 4/0/0 CNAME detectportal.firefox.com.edgesuite.net., CNAME a1089.d.akamai.net., A 206.248.168.137, A 206.248.168.144 (155)
^C


#94

now, question is, what difference between openWRT and openSense (pfSense) that make MAIB works fine in DMZ with openwrt, but not with opnSense???


#95

it looks like that my openWRT Port Forwarding all have “nat loop back” enabled, which is NAT Reflection…


#96

now, i probably , need proper NAT reflection to work on opensense…


#97

after enabling NAT Reflectin in openSense…
@box:~$ sudo /home/devnull/mailinabox/management/status_checks.py

System

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at 76.10.176.225:22.
:heavy_multiplication_x: Public DNS (nsd4) is not running (port 53).
:heavy_multiplication_x: Incoming Mail (SMTP/postfix) is running but is not publicly accessible at 76.10.176.225:25.
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at 76.10.176.225:587.
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at 76.10.176.225:993.
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at 76.10.176.225:4190.
:heavy_multiplication_x: HTTP Web (nginx) is running but is not publicly accessible at 76.10.176.225:80.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
:heavy_multiplication_x: HTTPS Web (nginx) is running but is not publicly accessible at 76.10.176.225:443.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
✓ SSH disallows password-based login.
✓ System software is up to date.
? Mail-in-a-Box version check disabled by privacy setting.
✓ System administrator address exists as a mail alias. [administrator@box.f2f10.com ↦ co-traveler@f2f10.com]
✓ The disk has 164.30 GB space remaining.
✓ System memory is 97% free.

Network

✓ Firewall is active.
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.

box.f2f10.com

:heavy_multiplication_x: Nameserver glue records are incorrect. The ns1.box.f2f10.com and ns2.box.f2f10.com nameservers must be configured
at your domain name registrar as having the IP address 76.10.176.225. They currently report addresses of [Not **
** Set]/[Not Set].
It may take several hours for public DNS to update after a change.
:heavy_multiplication_x: This domain must resolve to your box’s IP address (76.10.176.225) in public DNS but it currently resolves to [Not
Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues
listed above.
✓ Reverse DNS is set correctly at ISP. [76.10.176.225 ↦ box.f2f10.com]
✓ Hostmaster contact address exists as a mail alias. [hostmaster@box.f2f10.com ↦ administrator@box.f2f10.com]
✓ Domain’s email is directed to this domain. [box.f2f10.com has no MX record, which is ok]
✓ Postmaster contact address exists as a mail alias. [postmaster@box.f2f10.com ↦ administrator@box.f2f10.com]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ TLS (SSL) certificate is signed & valid. The certificate expires in 89 days on 03/23/18.

f2f10.com

:heavy_multiplication_x: The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s
control panel to set the nameservers to ns1.box.f2f10.com; ns2.box.f2f10.com.
:heavy_multiplication_x: This domain’s DNS MX record is not set. It should be ‘10 box.f2f10.com’. Mail will not be delivered to this box.
It may take several hours for public DNS to update after a change. This problem may result from other issues
listed here.
✓ Domain is not blacklisted by dbl.spamhaus.org.
:heavy_multiplication_x: This domain should resolve to your box’s IP address (A 76.10.176.225) if you would like the box to serve webmail
or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours
for public DNS to update after a change. This problem may result from other issues listed here.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS
record, you must follow the instructions provided by your domain name registrar and provide to them this
information:

Key Tag: 60585
Key Flags: KSK
Algorithm: 7 / RSASHA1-NSEC3-SHA1
Digest Type: 2 / SHA-256
Digest: 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3
Public Key:

AwEAAdMypof8r0AsRFZBRWDmW6/DFdDAr5uyYYslbb3x2c5PWST8nrZQU3+Pr8q/KafBTrlrLFOiE2LLHkXqmdwYmM/ChEjblutn4n9lUVua2ni90RRif+/qdzJpk5d1zJXsNuTvYv7O41Ikk9kVhvRgKW+2surM8Q6IEiKdvtAdBKinZVDwRJvpXvebRBnZ5GYV58e+Khf6YCTUC1PGXck5ULsTHy0MBUtAvyZ/qFRo2B7d17lfoNw9cK10at8AGSvr2WZNEUkWiaaf2yF+zNoHgmB41P8pUfGxPGCS/4G/zDWvUMX8RrBwJj63XGUVHR/AAnrhedh7q/1h2ayD1blM5+k=

Bulk/Record Format:
f2f10.com. 3600 IN DS 60585 7 2 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3


Status Checks Incorrect
#98

It looks like that it’s not resolved issue yet even with NAT Reflection enabled on OpnSense, while NAT Loopback works fine with OpenWRT…???////

Anyone with OpnSense + MAIB setting that works? Thanks in advance…


#99

with NAT Reflectin enabled, it seems that my email client from internal network can access MAIB with no issues. Therefore I don’t need to enable Split DNS for that for now. However, MAIB status check still doesn’t work…


#100

Ok, on openwrt, I have the following configuration in Firewall and with NAT Loopback enabled for incoming port forwarding…

config redirect
option target 'DNAT’
option src 'wan’
option dest 'dmz’
option proto 'tcp udp’
option src_dport '53’
option dest_port '53’
option name 'dns’
option dest_ip ‘192.168.140.253’

@TorWrt# iptables-save | grep NAT
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 25 -m comment –comment “mx (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 443 -m comment --comment “web-email (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 80 -m comment --comment “webmail80-let’sencrypt (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 53 -m comment –comment “dns (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p udp -m udp --dport 53 -m comment –comment “dns (reflection)” -j SNAT --to-source 192.168.140.1

-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 25 -m comment --comment “mx (reflection)” -j DNAT --to-destination 192.168.140.253:25
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 443 -m comment –comment “web-email (reflection)” -j DNAT --to-destination 192.168.140.253:443
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 80 -m comment –comment “webmail80-let’sencrypt (reflection)” -j DNAT --to-destination 192.168.140.253:80
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 53 -m comment –comment “dns (reflection)” -j DNAT --to-destination 192.168.140.253:53
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p udp -m udp --dport 53 -m comment –comment “dns (reflection)” -j DNAT --to-destination 192.168.140.253:53

-A zone_wan_prerouting -p tcp -m tcp --dport 25 -m comment --comment mx -j DNAT --to-destination 192.168.140.253:25
-A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment web-email -j DNAT --to-destination 192.168.140.253:443
-A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment “webmail80-let’sencrypt” -j DNAT --to-destination 192.168.140.253:80
-A zone_wan_prerouting -p tcp -m tcp --dport 53 -m comment --comment dns -j DNAT --to-destination 192.168.140.253:53
-A zone_wan_prerouting -p udp -m udp --dport 53 -m comment --comment dns -j DNAT --to-destination 192.168.140.253:53

-A zone_dmz_forward -m conntrack --ctstate DNAT -m comment --comment “Accept port forwards” -j ACCEPT
-A zone_dmz_input -m conntrack --ctstate DNAT -m comment --comment “Accept port redirections” -j ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment “Accept port forwards” -j ACCEPT
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment “Accept port redirections” -j ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment “Accept port forwards” -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment “Accept port redirections” -j ACCEPTstrong text


#101

in Freebsd , MAIB, how to I check the above info???


#102

@cwilkins

I was wondering whether you have above info? Can you kindly share where exactly you have enabled all NAT Reflection in pfSense? I have since enabled on opnSense at Firewall advanced setting all three options for Nat Reflection…


#103

with OpenWRT, I can see clearly , as you mentioned, NAT Reflection plays a role to make it work… here are tcpdump snip from openWRT DMZ and WAN and MAIB interface…

@TorWrt:# tcpdump -ni eth0.140 port 53 and host 192.168.140.253

07:07:15.853367 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [S], seq 1829535474, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.853624 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [S],seq 1829535474 win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0

07:07:15.853826 IP 192.168.140.253.53 > 192.168.140.1.43210: Flags [S.], seq 2131716951, ack 1829535475, win 28960, options [mss 1460,sackOK,TS val 1144143621 ecr 1144143621,nop,wscale 7], length 0
07:07:15.853881 IP 76.10.176.225.53 > 192.168.140.253.43210: Flags [S.], seq 2131716951, ack 1829535475, win 28960, options [mss 1460,sackOK,TS val 1144143621 ecr 1144143621,nop,wscale 7], length 0
07:07:15.853952 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [.], ack 1, win 229, options [nop,nop,TS val 1144143621 ecr 1144143621], length 0
07:07:15.854002 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [.], ack 1, win 229, options [nop,nop,TS val 1144143621 ecr 1144143621], length 0

07:07:15.857449 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 1144143622 ecr 1144143621], length 0
07:07:15.857487 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 1144143622 ecr 1144143621], length 0

07:07:15.857690 IP 192.168.140.253.53 > 192.168.140.1.43210: Flags [F.], seq 1, ack 2, win 227, options [nop,nop,TS val 1144143622 ecr 1144143622], length 0
07:07:15.857742 IP 76.10.176.225.53 > 192.168.140.253.43210: Flags [F.], seq 1, ack 2, win 227, options [nop,nop,TS val 1144143622 ecr 1144143622], length 0

07:07:15.857824 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [.], ack 2, win 229, options [nop,nop,TS val 1144143622 ecr 1144143622], length 0
07:07:15.857874 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [.], ack 2, win 229, options [nop,nop,TS val 1144143622 ecr 1144143622], length 0

07:07:17.555888 IP 192.168.140.253.27726 > 192.203.230.10.53: 40886% [1au] NS? . (28)
07:07:17.556064 IP 192.168.140.253.53311 > 192.203.230.10.53: 20231% [1au] A? aspmx.l.google.com. (47)
07:07:17.556170 IP 192.168.140.253.10260 > 192.203.230.10.53: 57585% [1au] AAAA? aspmx.l.google.com. (47)


#104

@TorWrt:# tcpdump -ni pppoe-wan port 53

07:07:17.556020 IP 76.10.176.225.27726 > 192.203.230.10.53: 40886% [1au] NS? . (28)
07:07:17.556147 IP 76.10.176.225.53311 > 192.203.230.10.53: 20231% [1au] A? aspmx.l.google.com. (47)
07:07:17.556244 IP 76.10.176.225.10260 > 192.203.230.10.53: 57585% [1au] AAAA? aspmx.l.google.com. (47)


#105

@box:~# tcpdump -ni eth0 not host 192.168.110.153

07:07:15.855389 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [S], seq 1829535474, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.855439 IP 192.168.140.253.35998 > 76.10.176.225.25: Flags [S], seq 2153696641, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.855654 IP 192.168.140.253.42748 > 76.10.176.225.22: Flags [S], seq 3530740831, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0

07:07:15.855724 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [S], seq 1829535474, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.855758 IP 192.168.140.253.53 > 192.168.140.1.43210: Flags [S.], seq 2131716951, ack 1829535475, win 28960, options [mss 1460,sackOK,TS val 1144143621 ecr 1144143621,nop,wscale 7], length 0
07:07:15.855834 IP 192.168.140.1.35998 > 192.168.140.253.25: Flags [S], seq 2153696641, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0

07:07:15.855859 IP 192.168.140.253.25 > 192.168.140.1.35998: Flags [S.], seq 626321212, ack 2153696642, win 28960, options [mss 1460,sackOK,TS val 1144143621 ecr 1144143621,nop,wscale 7], length 0
07:07:15.857242 IP 192.168.140.253.48994 > 76.10.176.225.4190: Flags [S], seq 1838901197, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.857653 IP 192.168.140.1.36120 > 192.168.140.253.80: Flags [S], seq 257899850, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.857874 IP 192.168.140.253.36120 > 76.10.176.225.80: Flags [F.], seq 257899851, ack 3771511862, win 229, options [nop,nop,TS val 1144143621 ecr 1144143621], length 0
07:07:15.858206 IP 192.168.140.253.35998 > 76.10.176.225.25: Flags [F.], seq 2153696642, ack 626321213, win 229, options [nop,nop,TS val 1144143622 ecr 1144143621], length 0
07:07:15.859446 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [F.], seq 1829535475, ack 2131716952, win 229, options [nop,nop,TS val 1144143622 ecr 1144143621], length 0
07:07:15.859575 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 1144143622 ecr 1144143621], length 0
07:07:15.859855 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [.], ack 2, win 229, options [nop,nop,TS val 1144143622 ecr 1144143622], length 0
07:07:15.862070 IP 192.168.140.253.25 > 192.168.140.1.35998: Flags [.], ack 2, win 227, options [nop,nop,TS val 1144143623 ecr 1144143622], length 0
07:07:15.862171 IP 76.10.176.225.25 > 192.168.140.253.35998: Flags [.], ack 1, win 227, options [nop,nop,TS val 1144143623 ecr 1144143622], length 0
07:07:15.862619 IP 192.168.140.253.37286 > 76.10.176.225.443: Flags [S], seq 3530240289, win 29200, options [mss 1460,sackOK,TS val 1144143623 ecr 0,nop,wscale 7], length 0
07:07:15.862773 IP 192.168.140.1.37286 > 192.168.140.253.443: Flags [S], seq 3530240289, win 29200, options [mss 1460,sackOK,TS val 1144143623 ecr 0,nop,wscale 7], length 0
07:07:15.862822 IP 192.168.140.253.443 > 192.168.140.1.37286: Flags [S.], seq 1890689828, ack 3530240290, win 28960, options [mss 1460,sackOK,TS val 1144143623 ecr 1144143623,nop,wscale 7], length 0
07:07:15.862923 IP 76.10.176.225.443 > 192.168.140.253.37286: Flags [S.], seq 1890689828, ack 3530240290, win 28960, options [mss 1460,sackOK,TS val 1144143623 ecr 1144143623,nop,wscale 7], length 0
07:07:15.862950 IP 192.168.140.253.37286 > 76.10.176.225.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.863047 IP 192.168.140.1.37286 > 192.168.140.253.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.864184 IP 192.168.140.253.37286 > 76.10.176.225.443: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.864262 IP 192.168.140.1.37286 > 192.168.140.253.443: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.864316 IP 192.168.140.253.443 > 192.168.140.1.37286: Flags [F.], seq 1, ack 2, win 227, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.864415 IP 76.10.176.225.443 > 192.168.140.253.37286: Flags [F.], seq 1, ack 2, win 227, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.864436 IP 192.168.140.253.37286 > 76.10.176.225.443: Flags [.], ack 2, win 229, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.864530 IP 192.168.140.1.37286 > 192.168.140.253.443: Flags [.], ack 2, win 229, options [nop,nop,TS val 1144143623 ecr 1144143623], length 0
07:07:15.878892 IP 192.168.140.253.25 > 192.168.140.1.35998: Flags [P.], seq 1:98, ack 2, win 227, options [nop,nop,TS val 1144143627 ecr 1144143622], length 97: SMTP: 220 box.f2f10.com ESMTP Hi, I’m a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)
07:07:15.879127 IP 76.10.176.225.25 > 192.168.140.253.35998: Flags [P.], seq 1:98, ack 1, win 227, options [nop,nop,TS val 1144143627 ecr 1144143622], length 97: SMTP: 220 box.f2f10.com ESMTP Hi, I’m a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)
07:07:15.879159 IP 192.168.140.253.35998 > 76.10.176.225.25: Flags [R], seq 2153696643, win 0, length 0
07:07:15.879222 IP 192.168.140.253.25 > 192.168.140.1.35998: Flags [F.], seq 98, ack 2, win 227, options [nop,nop,TS val 1144143627 ecr 1144143622], length 0
07:07:15.879240 IP 192.168.140.1.35998 > 192.168.140.253.25: Flags [R], seq 2153696643, win 0, length 0
07:07:15.879302 IP 76.10.176.225.25 > 192.168.140.253.35998: Flags [F.], seq 98, ack 1, win 227, options [nop,nop,TS val 1144143627 ecr 1144143622], length 0
07:07:15.879321 IP 192.168.140.253.35998 > 76.10.176.225.25: Flags [R], seq 2153696643, win 0, length 0
07:07:15.879430 IP 192.168.140.1.35998 > 192.168.140.253.25: Flags [R], seq 2153696643, win 0, length 0
07:07:16.854160 IP 192.168.140.253.42748 > 76.10.176.225.22: Flags [S], seq 3530740831, win 29200, options [mss 1460,sackOK,TS val 1144143871 ecr 0,nop,wscale 7], length 0

07:07:17.557926 IP 192.168.140.253.53311 > 192.203.230.10.53: 20231% [1au] A? aspmx.l.google.com. (47)
07:07:17.557926 IP 192.168.140.253.27726 > 192.203.230.10.53: 40886% [1au] NS? . (28)
07:07:17.558017 IP 192.168.140.253.10260 > 192.203.230.10.53: 57585% [1au] AAAA? aspmx.l.google.com. (47)


#106

here are same capture at DMZ and WAN on opnSense and MAIB… which doesn’t get NAT Reflection working in order to get a flow back like this 192.168.140.1 (DMZ interface ip as reflection ip–>192.168.140.253


#107

This should get something like this (from openWRT) back, it didn’t…
07:07:15.853624 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [S], seq 1829535474, win 29200

@trumpwall:~ # tcpdump -ni em0_vlan140 port 53 and host 192.168.140.253
07:39:13.173819 IP 192.168.140.253.43408 > 76.10.176.225.53: Flags [S], seq 333284484, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:14.173989 IP 192.168.140.253.43408 > 76.10.176.225.53: Flags [S], seq 333284484, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0

07:39:14.202192 IP 192.168.140.253.50594 > 193.108.91.16.53: 55407% [1au] AAAA? ocsp.int-x3.letsencrypt.org. (56)
07:39:14.202235 IP 192.168.140.253.62307 > 193.108.91.16.53: 56438% [1au] A? ocsp.int-x3.letsencrypt.org. (56)
07:39:14.208366 IP 193.108.91.16.53 > 192.168.140.253.50594: 55407*- 1/0/1 CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net. (111)
07:39:14.208499 IP 193.108.91.16.53 > 192.168.140.253.62307: 56438*- 1/0/1 CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net. (111)
07:39:14.209260 IP 192.168.140.253.19694 > 206.248.168.151.53: 17199% [1au] AAAA? a771.dscq.akamai.net. (49)
07:39:14.209404 IP 192.168.140.253.37320 > 206.248.168.151.53: 36630% [1au] A? a771.dscq.akamai.net. (49)
07:39:14.215275 IP 206.248.168.151.53 > 192.168.140.253.19694: 17199*- 2/0/1 AAAA 2001:4958:300:480::b896:9d4a, AAAA 2001:4958:300:480::b896:9d4b (105)
07:39:14.215489 IP 206.248.168.151.53 > 192.168.140.253.37320: 36630*- 2/0/1 A 206.248.168.137, A 206.248.168.139 (81)
07:39:14.904317 IP 192.168.140.253.8373 > 192.5.5.241.53: 35912% [1au] AAAA? aspmx.l.google.com. (47)
07:39:14.904358 IP 192.168.140.253.13161 > 192.5.5.241.53: 62096% [1au] NS? . (28)
07:39:14.904373 IP 192.168.140.253.11197 > 192.5.5.241.53: 26943% [1au] A? aspmx.l.google.com. (47)


#108

@trumpwall:~ # tcpdump -ni pppoe0 port 53

07:39:13.173835 IP 76.10.176.225.56965 > 192.168.140.253.53: Flags [S], seq 333284484, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:14.173994 IP 76.10.176.225.56965 > 192.168.140.253.53: Flags [S], seq 333284484, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0

07:39:14.202221 IP 76.10.176.225.57189 > 193.108.91.16.53: 55407% [1au] AAAA? ocsp.int-x3.letsencrypt.org. (56)
07:39:14.202249 IP 76.10.176.225.19919 > 193.108.91.16.53: 56438% [1au] A? ocsp.int-x3.letsencrypt.org. (56)
07:39:14.208349 IP 193.108.91.16.53 > 76.10.176.225.57189: 55407*- 1/0/1 CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net. (111)
07:39:14.208484 IP 193.108.91.16.53 > 76.10.176.225.19919: 56438*- 1/0/1 CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net. (111)
07:39:14.209284 IP 76.10.176.225.55974 > 206.248.168.151.53: 17199% [1au] AAAA? a771.dscq.akamai.net. (49)
07:39:14.209419 IP 76.10.176.225.52244 > 206.248.168.151.53: 36630% [1au] A? a771.dscq.akamai.net. (49)
07:39:14.215243 IP 206.248.168.151.53 > 76.10.176.225.55974: 17199*- 2/0/1 AAAA 2001:4958:300:480::b896:9d4a, AAAA 2001:4958:300:480::b896:9d4b (105)
07:39:14.215486 IP 206.248.168.151.53 > 76.10.176.225.52244: 36630*- 2/0/1 A 206.248.168.137, A 206.248.168.139 (81)
07:39:14.904345 IP 76.10.176.225.15523 > 192.5.5.241.53: 35912% [1au] AAAA? aspmx.l.google.com. (47)
07:39:14.904369 IP 76.10.176.225.12810 > 192.5.5.241.53: 62096% [1au] NS? . (28)
07:39:14.904386 IP 76.10.176.225.38776 > 192.5.5.241.53: 26943% [1au] A? aspmx.l.google.com. (47)


#109

This should get something like this (like on OpenWRT) back, however, it doesn’t get.
07:07:15.855724 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [S], seq 1829535474, win 29200,

@box:~# tcpdump -ni eth0 not host 192.168.110.153

07:39:13.173939 IP 192.168.140.253.42940 > 76.10.176.225.22: Flags [S], seq 1442085650, win 29200, options [mss 1460,sackOK,TS val 1144622950 ecr 0,nop,wscale 7], length 0
07:39:13.174087 IP 192.168.140.253.43408 > 76.10.176.225.53: Flags [S], seq 333284484, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:13.174898 IP 192.168.140.253.36200 > 76.10.176.225.25: Flags [S], seq 1430162419, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:13.175082 IP 192.168.140.253.34332 > 76.10.176.225.993: Flags [S], seq 117790337, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:13.175340 IP 192.168.140.253.49190 > 76.10.176.225.4190: Flags [S], seq 3326247109, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:13.175397 IP 192.168.140.253.49452 > 76.10.176.225.587: Flags [S], seq 3641682949, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:13.175929 IP 192.168.140.253.36314 > 76.10.176.225.80: Flags [S], seq 2546834857, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:13.176225 IP 192.168.140.253.37478 > 76.10.176.225.443: Flags [S], seq 3315619753, win 29200, options [mss 1460,sackOK,TS val 1144622951 ecr 0,nop,wscale 7], length 0
07:39:14.170150 IP 192.168.140.253.42940 > 76.10.176.225.22: Flags [S], seq 1442085650, win 29200, options [mss 1460,sackOK,TS val 1144623200 ecr 0,nop,wscale 7], length 0
07:39:14.174087 IP 192.168.140.253.37478 > 76.10.176.225.443: Flags [S], seq 3315619753, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0
07:39:14.174087 IP 192.168.140.253.36200 > 76.10.176.225.25: Flags [S], seq 1430162419, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0
07:39:14.174117 IP 192.168.140.253.49452 > 76.10.176.225.587: Flags [S], seq 3641682949, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0
07:39:14.174117 IP 192.168.140.253.49190 > 76.10.176.225.4190: Flags [S], seq 3326247109, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0
07:39:14.174118 IP 192.168.140.253.36314 > 76.10.176.225.80: Flags [S], seq 2546834857, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0
07:39:14.174132 IP 192.168.140.253.34332 > 76.10.176.225.993: Flags [S], seq 117790337, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0
07:39:14.174132 IP 192.168.140.253.43408 > 76.10.176.225.53: Flags [S], seq 333284484, win 29200, options [mss 1460,sackOK,TS val 1144623201 ecr 0,nop,wscale 7], length 0

07:39:14.202352 IP 192.168.140.253.50594 > 193.108.91.16.53: 55407% [1au] AAAA? ocsp.int-x3.letsencrypt.org. (56)
07:39:14.202492 IP 192.168.140.253.62307 > 193.108.91.16.53: 56438% [1au] A? ocsp.int-x3.letsencrypt.org. (56)
07:39:14.208951 IP 193.108.91.16.53 > 192.168.140.253.50594: 55407*- 1/0/1 CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net. (111)
07:39:14.208953 IP 193.108.91.16.53 > 192.168.140.253.62307: 56438*- 1/0/1 CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net. (111)
07:39:14.209531 IP 192.168.140.253.19694 > 206.248.168.151.53: 17199% [1au] AAAA? a771.dscq.akamai.net. (49)
07:39:14.209625 IP 192.168.140.253.37320 > 206.248.168.151.53: 36630% [1au] A? a771.dscq.akamai.net. (49)
07:39:14.215854 IP 206.248.168.151.53 > 192.168.140.253.19694: 17199*- 2/0/1 AAAA 2001:4958:300:480::b896:9d4a, AAAA 2001:4958:300:480::b896:9d4b (105)
07:39:14.215856 IP 206.248.168.151.53 > 192.168.140.253.37320: 36630*- 2/0/1 A 206.248.168.137, A 206.248.168.139 (81)
07:39:14.904479 IP 192.168.140.253.13161 > 192.5.5.241.53: 62096% [1au] NS? . (28)
07:39:14.904483 IP 192.168.140.253.8373 > 192.5.5.241.53: 35912% [1au] AAAA? aspmx.l.google.com. (47)
07:39:14.904568 IP 192.168.140.253.11197 > 192.5.5.241.53: 26943% [1au] A? aspmx.l.google.com. (47)


#110

Does this Rule Set from FreeBSD (MAIB) mean the Reflection NAT is on or not? Should 192.168.140.253 here be 76.10.176.225 to catch the packet???

@trumpwall:~ # pfctl -sn

nat on pppoe0 inet from 192.168.140.0/24 to any -> 76.10.176.225 port 1024:65535
nat on pppoe0 inet from to any -> 76.10.176.225 port 1024:65535

no nat on em0_vlan140 inet proto tcp from 192.168.140.1 to 192.168.140.253 port = http
nat on em0_vlan140 inet proto tcp from 192.168.140.0/24 to 192.168.140.253 port = http -> 192.168.140.1 port 1024:65535

no nat on em0_vlan140 inet proto tcp from 192.168.140.1 to 192.168.140.253 port = smtp
nat on em0_vlan140 inet proto tcp from 192.168.140.0/24 to 192.168.140.253 port = smtp -> 192.168.140.1 port 1024:65535

no nat on em0_vlan140 inet proto tcp from 192.168.140.1 to 192.168.140.253 port = https
nat on em0_vlan140 inet proto tcp from 192.168.140.0/24 to 192.168.140.253 port = https -> 192.168.140.1 port 1024:65535

no nat on em0_vlan140 inet proto tcp from 192.168.140.1 to 192.168.140.253 port = domain
no nat on em0_vlan140 inet proto udp from 192.168.140.1 to 192.168.140.253 port = domain
nat on em0_vlan140 inet proto tcp from 192.168.140.0/24 to 192.168.140.253 port = domain -> 192.168.140.1 port 1024:65535
nat on em0_vlan140 inet proto udp from 192.168.140.0/24 to 192.168.140.253 port = domain -> 192.168.140.1 port 1024:65535

no nat on em0_vlan140 inet proto tcp from 192.168.140.1 to 192.168.140.253 port = imaps
nat on em0_vlan140 inet proto tcp from 192.168.140.0/24 to 192.168.140.253 port = imaps -> 192.168.140.1 port 1024:65535

no nat on em0_vlan140 inet proto tcp from 192.168.140.1 to 192.168.140.253 port = submission
nat on em0_vlan140 inet proto tcp from 192.168.140.0/24 to 192.168.140.253 port = submission -> 192.168.140.1 port 1024:65535

rdr on pppoe0 inet proto tcp from any to (pppoe0) port = http -> 192.168.140.253
rrdr on em0_vlan140 inet proto tcp from any to (pppoe0) port = http -> 192.168.140.253

rdr on pppoe0 inet proto tcp from any to (pppoe0) port = smtp -> 192.168.140.253
rdr on em0_vlan140 inet proto tcp from any to (pppoe0) port = smtp -> 192.168.140.253

rdr on pppoe0 inet proto tcp from any to (pppoe0) port = https -> 192.168.140.253
rdr on em0_vlan140 inet proto tcp from any to (pppoe0) port = https -> 192.168.140.253

rdr on pppoe0 inet proto tcp from any to (pppoe0) port = domain -> 192.168.140.253
rdr on pppoe0 inet proto udp from any to (pppoe0) port = domain -> 192.168.140.253
rdr on em0_vlan140 inet proto tcp from any to (pppoe0) port = domain -> 192.168.140.253
rdr on em0_vlan140 inet proto udp from any to (pppoe0) port = domain -> 192.168.140.253

rdr on pppoe0 inet proto tcp from any to (pppoe0) port = imaps -> 192.168.140.253
rdr on em0_vlan140 inet proto tcp from any to (pppoe0) port = imaps -> 192.168.140.253

rdr on pppoe0 inet proto tcp from any to (pppoe0) port = submission -> 192.168.140.253
rdr on em0_vlan140 inet proto tcp from any to (pppoe0) port = submission -> 192.168.140.253


#111

so, OpenSense clearly didn’t get the same results as OpenWRT did, such as this…missing second portion of changing Source IP and Dest IP and putting packet back… Is it a configuration issue or bug?

@TorWrt:# tcpdump -ni eth0.140 port 53 and host 192.168.140.253
07:07:15.853367 IP 192.168.140.253.43210 > 76.10.176.225.53: Flags [S], seq 1829535474, win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0
07:07:15.853624 IP 192.168.140.1.43210 > 192.168.140.253.53: Flags [S],seq 1829535474 win 29200, options [mss 1460,sackOK,TS val 1144143621 ecr 0,nop,wscale 7], length 0