Date: Mon, 18 Mar 2013 21:33:44 +0100 From: martin i <ilavsky.martin@gmail.com> To: freebsd-pf@freebsd.org Subject: Regression with jails/IPv6/pf Message-ID: <CAN5QJX_iH8-JNopLr8E3ki040eKvE0rVSoMOFWgFPbBhKEcXiw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> On 01/08/2012 18:13, Bjoern A. Zeeb wrote: > >> Any of you who are expereincing problems with packets dropped due to >> invalid checksums with IPv6 and pf after the recent merges, can you >> report back if you also see this without "modulate state" in your >> pf.conf (if you have 'modulate' in there, can you try changing it to >> 'keep' and see if that fixes the problem)? > > Alas, I was already using 'keep state'. I did just try 'modulate > state,' just on the off-chance but it makes no difference. Hi, I think I've the similar problem described in this thread, though I don't see any discards (no issues with tcpdump at least). My setup is amd64 9.1-RELEASE r245315. I posted my problem on FreeBSD forums too: http://forums.freebsd.org/showthread.php?t=38448 I've webserver in jail with private IPv4 and public IPv6 address. Jail IPs are assigned to custom loopback interfaces and ports 80,443 are redirected by PF to proper destination. My configuration was posted in thread mentioned above. Webserver is not reachable from outside, though PF shows traffic being correctly redirected to jail's IPs. This setup was working on 9.0-RELEASE. I verified this on home-lab setup. Martin -- ..life is hard, and then you die..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN5QJX_iH8-JNopLr8E3ki040eKvE0rVSoMOFWgFPbBhKEcXiw>