NAT state expires too quickly

Started by ajr, November 13, 2023, 04:59:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 13, 2023, 04:59:15 PM
Hi,

I'm new to the forum and I started with OPNsense a week ago, but had experience with PF on OpenBSD.
By the way the PF GUI of OPNsense is very nice and seems to cover everything, I can do per CLI.

My problem: I'm seeing :
Quote15:18:49.578790 00:0d:b9:48:5c:1d > cc:ce:1e:b3:75:7f, ethertype IPv4 (0x0800), length 93: (tos 0x0, ttl 63, id 10937, offset 0, flags [none], proto UDP (17), length 79)
    192.168.178.11.12183 > 216.239.36.102.53: 28605+ [1au] A? python.org. (51)
15:18:49.616477 cc:ce:1e:b3:75:7f > 00:0d:b9:48:5c:1d, ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 60, id 41050, offset 0, flags [none], proto UDP (17), length 100)
    216.239.36.102.53 > 192.168.178.11.12183: 28605 Refused- 0/0/1 (72)
The dns query comes in from a vlan with a private net and is being NATed on the WAN interface.
However the answer gets "refused".
So why is the state gone?
Shouldn't all packets in the NATed flow allow to pass w/o any rule?
This is the WAN interface (igb1 on my pcengines APU)

I did not change settings and automatic rules.

ping to the remote host flows as expected. However, I have a floating rule to allow ICMP queries from any to any.

Please advice.
Print
Go Up Pages1
User actions