Date: Sat, 14 Dec 2019 14:54:26 -0500 From: "John W. O'Brien" <john@saltant.com> To: FreeBSD Networking <freebsd-net@freebsd.org> Subject: NAT64 return traffic vanishes after successful de-alias Message-ID: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ixsIqOhOcFNBiAgDzVdOO5k1eN6b0wqF0
Content-Type: multipart/mixed; boundary="07s5fTw6F1s33hZB5CDOM160yvzi0NO5q"
--07s5fTw6F1s33hZB5CDOM160yvzi0NO5q
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Hello FreeBSD Networking,
As the subject summarizes, I have a mostly-working NAT64 rig, but return
traffic is disappearing, and I haven't been able to figure out why. I
observe the post-translation (4-to-6) packets via ipfwlog0, but a simple
ipfw counter rule ipfw matches nothing.
My attempt to develop a minimum reproducible example failed in the sense
that I did not reproduce the problem. Of course, this implies that one
of the many differences between the simplified test (EC2 instance, two
jails) and the problem rig (physical server, lagg, vlans, other things
going on) is the cause.
What I am hoping this list can help me with is being smart about what I
try next. Otherwise, I would probably just try to brute force a solution
by thinking of ways to permute the config that would rule each possible
difference in or out.
So far my main troubleshooting tools have been ipfw for its rule
counters and nat64lsn stats output, netstat to look at fibs, and tcpdump
pointed at real and diagnostic interfaces. What debugging tools and
techniques should I employ to do better than brute force?
If it would help, I would gladly share the working, EC2/jail demo
configs on the list. Sharing the non-working configs I would prefer to
do privately or not at all.
This is on 12.1-RELEASE.
Thank you,
--=20
John W. O'Brien
OpenPGP keys:
0x33C4D64B895DBF3B
--07s5fTw6F1s33hZB5CDOM160yvzi0NO5q--
--ixsIqOhOcFNBiAgDzVdOO5k1eN6b0wqF0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEKpEHkkRoSDiIJkQOWPtK56pP/m4FAl31PfIACgkQWPtK56pP
/m6TIQf+P7s0gQ1s3lYX1gMki0f1ebjJWe/21DdTCa+MEJuga+oqYiV0EJHWHwor
xNtf8/uXvIPOyEO5l/hJ1KwKDXo8A8y/tpEhwDN2Pw00aTvL4SlHfZz+QorgAcWI
hSe2YQOwjGN6Y3Udik57YDXs9dsdftD8xCRYiG7IZ/O9wBqSAv7L6B7/TJLpttXt
oHu3YdPkKpFUBVQYH7ADvIuDXA3wzuPxMQAbbzXXPxh6DSH+Iz1rXJEPnmM1k0r4
ZNpm13gmvIZHvou9tge03/rSy93BfvcNtdQe6OZNbwz+8Da1iJ4RBxxLV6VinbBa
7A72vcyrch//l19xqToHJLFzPIl5BQ==
=aDhU
-----END PGP SIGNATURE-----
--ixsIqOhOcFNBiAgDzVdOO5k1eN6b0wqF0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9f3ee846-1357-0b73-cc0f-e001ea74b15c>