From nobody Tue Jul 23 20:14:35 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WT7fM6wQXz5QL1r for ; Tue, 23 Jul 2024 20:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WT7fM5rR4z4FQ9 for ; Tue, 23 Jul 2024 20:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1721765675; a=rsa-sha256; cv=none; b=kNeZEdaRR1pxwNzwhfjoxu8XGByO4RFY5Tr5nUHxnQ8u7zTAXYaPQ0jLMUrlD/iD5xSXy6 9ir8iGrdKxZOgbnnhQyK7+FyG/4dQ2LxEC2BEPB9XP+bfssQfSHRi39slBLbA051sbKqON uklX84V22OEUAQaZZDubYLTe3ySJPlzN7Rwy8q6vYth66iB4HGPA9pKGHDQ1my8dxD1kdY /qOIfCc+AzfyLiqakXHq7IVo6qsK2OvnVTStuyNv8gtoJxOLddi3Ho0aNLPVh3DHkhqRHO Dw8QMI15O3u7spETS5AfEoAzhF8Dv7AoOjx2rVteE1D4UAs+OxzwBkW+1sJPVg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1721765675; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XUlTkNlUKmr2nbr0sB1SAJjhZNJsXK0SPZLynFqEgxM=; b=LzrVfwCqv/wmgrvXTjcswoWClMomcsjq3lyxfBA09m6vIGP50j9fu80H6gOHCh5ZP1T8L8 fnMzTfkrbZO+pys/wAWB4Ytwq5vsNIS6gxS+TH9HkM14VqOohT2q7jm9BVMYubum0E5ATe 4utNHDZsK3iuta3dltbxJ0Y2H2J5nHKx3epfsHwLl7ipuV1sN8ii+4OcaDj02SSA8dYZGz Q+sjC0GczGLrhOZXQxh5fQQTw/KRi42MhZh37363kdoYQBqkBNxHucogX8jp13zbsL0cty zwVqTxuVfMGu5Iyv8Qq3/ofKRuwOiU6FMjDoaCW1bBAXNVwtikCbgs1rUYpTEA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WT7fM5PrHzjDZ for ; Tue, 23 Jul 2024 20:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 46NKEZhC025634 for ; Tue, 23 Jul 2024 20:14:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 46NKEZDF025633 for net@FreeBSD.org; Tue, 23 Jul 2024 20:14:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280390] NPTv6 not working Date: Tue, 23 Jul 2024 20:14:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: cnbatch@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280390 --- Comment #11 from cnbatch@gmail.com --- (In reply to John Hay from comment #9) Then I turn on the firewall again, and run `tcpdump -i vtnet0 -n` on server when `ping6 freebsd.org` from wireguard client. With the folowing configuration: ipfw -q -f flush cmd=3D"ipfw -q add " ipfw disable one_pass ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixl= en 64 $cmd allow ip6 from any to any via vtnet0 $cmd nptv6 NPT ip6 from any to any ipfw -q nat 1 config if vtnet0 same_ports unreg_only reset $cmd nat 1 ip4 from any to any via vtnet0 $cmd allow all from any to any $cmd check-state Packes captured: 19:57:36.964105 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:37.489100 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICM= P6, echo request, id 1170, seq 0, length 16 19:57:37.989427 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:38.497729 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICM= P6, echo request, id 1170, seq 1, length 16 19:57:39.013522 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:39.417340 IP6 2a05:f480:1c00:2c:8ef7::2.55923 > 2a03:f80:XXXX:552b::1.57557: UDP, length 74 19:57:39.417352 IP6 2a05:f480:1c00:2c:8ef7::2.37967 > 2a03:f80:XXXX:552b::1.59532: UDP, length 74 19:57:39.418139 IP6 2a05:f480:1c00:2c:8ef7::2.22101 > 2a03:f80:XXXX:552b::1.58384: UDP, length 74 19:57:39.418147 IP6 2a05:f480:1c00:2c:8ef7::2.27653 > 2a03:f80:XXXX:552b::1.59241: UDP, length 74 19:57:39.418276 IP6 2a05:f480:1c00:2c:8ef7::2.42824 > 2a03:f80:XXXX:552b::1.59432: UDP, length 74 19:57:39.507683 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICM= P6, echo request, id 1170, seq 2, length 16 19:57:40.394101 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:40.574897 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICM= P6, echo request, id 1170, seq 3, length 16 19:57:41.445433 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:42.469438 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:43.929069 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:44.965499 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:45.989433 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:47.101635 IP6 2a05:f480:1c00:2c:8ef7::2.55923 > 2a03:f80:XXXX:552b::1.57557: UDP, length 74 19:57:47.101644 IP6 2a05:f480:1c00:2c:8ef7::2.37967 > 2a03:f80:XXXX:552b::1.59532: UDP, length 74 19:57:47.101646 IP6 2a05:f480:1c00:2c:8ef7::2.22101 > 2a03:f80:XXXX:552b::1.58384: UDP, length 74 19:57:47.101649 IP6 2a05:f480:1c00:2c:8ef7::2.27653 > 2a03:f80:XXXX:552b::1.59241: UDP, length 74 19:57:47.101821 IP6 2a05:f480:1c00:2c:8ef7::2.42824 > 2a03:f80:XXXX:552b::1.59432: UDP, length 74 19:57:47.123314 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:48.175339 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:49.189405 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 19:57:51.609310 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neigh= bor solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32 --=20 You are receiving this mail because: You are the assignee for the bug.=