NAT64 return traffic vanishes after successful de-alias
John W. O'Brien
john at saltant.com
Sun Dec 15 16:15:37 UTC 2019
On 2019/12/15 05:44, Andrey V. Elsukov wrote:
> On 14.12.2019 22:54, John W. O'Brien wrote:
>> Hello FreeBSD Networking,
>>
>> As the subject summarizes, I have a mostly-working NAT64 rig, but return
>> traffic is disappearing, and I haven't been able to figure out why. I
>> observe the post-translation (4-to-6) packets via ipfwlog0, but a simple
>> ipfw counter rule ipfw matches nothing.
>
> I suspect you have disabled IPv6 on the interface, where IPv4 address is
> configured. Check that IFDISABLED flag is not set on the IPv4 side
> interface.
>
> When NAT64 does translation, by default it reschedules a packet again on
> the same interface, but from another address family, so if you have
> disabled IPv6, a packet will be just dropped by ip6_input.
> You can enable IPv6 by the following command:
>
> # ifconfig igb0 inet6 -ifdisabled
Yes, this is exactly the problem. Thank you very much!
The reason it was working in the EC2 case is because the FreeBSD AMIs
set ipv6_activate_all_interfaces="YES".
It helps me quite a lot to learn the concept of "reschedules a packet
again on the same interface". That fills in a gap that I am sure will
come in handy when trying to reason about behavior in the future.
Incidentally, where are those drops counted? I did start looking at
"netstat -i" and "netstat -s" for clues, and even now that I know what
to look for, I'm not sure I know what I'm seeing. Is it "ip6: output
packets discarded due to no route"?
--
John W. O'Brien
OpenPGP keys:
0x33C4D64B895DBF3B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20191215/e6463d0a/attachment.sig>
More information about the freebsd-net
mailing list