Hi,
I can't really find anything explaning these error except that some said
that you never want it to happen and Henning writing that it could be
ignore in some case. In my case, I think I should ignore it but would
like to understand it just to be sure.
pf: state key linking mismatch! dir=OUT, if=em1, stored af=2, a0:
0.0.0.0:53504, a1: 68.67.XXX.XXX:47406, proto=17, found af=2, a0:
68.67.XXX.XXX:47406, a1: 10.8.0.1:53504, proto=17
68.67.XXX.XXX is inside my network and the're not any nat rules for this
IP adress since it's a public one.
em1 is my internal if with ip 10.8.0.1. Proto 17 = udp
a0: 0.0.0.0:53504 ??? What could this IP address meen ? For sure, it's
not a broadcast.
Which of those are src and dst ip address ?
My nat rules :
match on $ext_if from 10.8.0.2 binat-to 64.119.XXX.XXX
match out on $ext_if inet from <ipnat> nat-to $ext_if
pfctl -t ipnat -Ts
10.0.0.0/8
96.XXX.XXX.0/20
216.XXX.XXX.0/24
216.XXX.XXX.0/24
216.XXX.XXX.0/24
216.XXX.XXX.0/24
216.XXX.XXX.0/24
Those public IP address are only in the NAT rules because the should
never goes out by this edge except in case big problem at our other edge
that have some fibers in redondancy. It will be replace by BGP eventually.
Thanks
Michel
