[Bug 280390] NPTv6 not working

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 23 Jul 2024 20:14:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #11 from cnbatch@gmail.com ---
(In reply to John Hay from comment #9)

Then I turn on the firewall again, and run `tcpdump -i vtnet0 -n` on server
when `ping6 freebsd.org` from wireguard client.

With the folowing configuration:

ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd allow ip6 from any to any via vtnet0
$cmd nptv6 NPT ip6 from any to any
ipfw -q nat 1 config if vtnet0 same_ports unreg_only reset
$cmd nat 1 ip4 from any to any via vtnet0
$cmd allow all from any to any
$cmd check-state

Packes captured:

19:57:36.964105 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:37.489100 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 0, length 16
19:57:37.989427 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:38.497729 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 1, length 16
19:57:39.013522 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:39.417340 IP6 2a05:f480:1c00:2c:8ef7::2.55923 >
2a03:f80:XXXX:552b::1.57557: UDP, length 74
19:57:39.417352 IP6 2a05:f480:1c00:2c:8ef7::2.37967 >
2a03:f80:XXXX:552b::1.59532: UDP, length 74
19:57:39.418139 IP6 2a05:f480:1c00:2c:8ef7::2.22101 >
2a03:f80:XXXX:552b::1.58384: UDP, length 74
19:57:39.418147 IP6 2a05:f480:1c00:2c:8ef7::2.27653 >
2a03:f80:XXXX:552b::1.59241: UDP, length 74
19:57:39.418276 IP6 2a05:f480:1c00:2c:8ef7::2.42824 >
2a03:f80:XXXX:552b::1.59432: UDP, length 74
19:57:39.507683 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 2, length 16
19:57:40.394101 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:40.574897 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 3, length 16
19:57:41.445433 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:42.469438 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:43.929069 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:44.965499 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:45.989433 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:47.101635 IP6 2a05:f480:1c00:2c:8ef7::2.55923 >
2a03:f80:XXXX:552b::1.57557: UDP, length 74
19:57:47.101644 IP6 2a05:f480:1c00:2c:8ef7::2.37967 >
2a03:f80:XXXX:552b::1.59532: UDP, length 74
19:57:47.101646 IP6 2a05:f480:1c00:2c:8ef7::2.22101 >
2a03:f80:XXXX:552b::1.58384: UDP, length 74
19:57:47.101649 IP6 2a05:f480:1c00:2c:8ef7::2.27653 >
2a03:f80:XXXX:552b::1.59241: UDP, length 74
19:57:47.101821 IP6 2a05:f480:1c00:2c:8ef7::2.42824 >
2a03:f80:XXXX:552b::1.59432: UDP, length 74
19:57:47.123314 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:48.175339 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:49.189405 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:51.609310 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32

-- 
You are receiving this mail because:
You are the assignee for the bug.