Date: Mon, 2 Sep 2013 12:22:11 +0200 From: Ruben van Staveren <ruben@verweg.com> To: Tim Bishop <tim@bishnet.net> Cc: bz@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-pf@FreeBSD.org Subject: Re: Stiil a regression with jails/IPv6/pf? Message-ID: <8A6CE540-7AF3-4472-B0CC-A222036557C0@verweg.com> In-Reply-To: <20130831194951.GC44979@carrick-users.bishnet.net> References: <20130831194951.GC44979@carrick-users.bishnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi, On 31 Aug 2013, at 21:49, Tim Bishop <tim@bishnet.net> wrote: > Hi all, >=20 > This is regarding kern/170070 and these two threads from last year: >=20 > = http://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068987.html > = http://lists.freebsd.org/pipermail/freebsd-stable/2012-August/069043.html >=20 > I'm running stable/9 r255017 and I'm seeing the same issue, even with > the fix Bjoern committed in r238876. This is still with "modulate state" in some rules that also hit ipv6 = traffic ? It almost looks like doing this kind of traffic alteration is considered = harmful for IPv6 http://forums.freebsd.org/showthread.php?t=3D36595 If that is the case, then this should be applicable only to ipv4 = traffic, without requiring specific knowledge from the user >=20 > My setup is a dual stack one (IPv6 is done through an IPv4 tunnel) and > the problem is only with IPv6. I have jails with both IPv4 and IPv6 > addresses, and I use pf to rdr certain ports to certain jails. With = IPv6 > I'm seeing failed checksums on the packets coming back out of my = system, > both with UDP and TCP. >=20 > If I connect over IPv6 to the jail host it works fine. If I connect = over > IPv6 to a jail directly (they have routable addresses, but I prefer = them > to all be masked behind the single jail host normally), it works fine. > So the only failure case is when it goes through a rdr rule in pf. >=20 > This system replaces a previous one running stable/8 which worked fine > with the same pf config file. >=20 > Has anyone got any suggestions on what I can do to fix this or to = debug > it further? >=20 > Thanks, >=20 > Tim. >=20 > --=20 > Tim Bishop > http://www.bishnet.net/tim/ > PGP Key: 0x6C226B37FDF38D55 >=20 --Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlIkZtMACgkQZ88+mcQxRw2kTgCeOvKE4byQ2ACgcKOSpiWvrjbE 7sAAnihUaLcLBzVXVqOPLzS8I++i0Mp6 =gZJp -----END PGP SIGNATURE----- --Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8A6CE540-7AF3-4472-B0CC-A222036557C0>