Stiil a regression with jails/IPv6/pf?
Tim Bishop
tim at bishnet.net
Sat Aug 31 19:49:54 UTC 2013
Hi all,
This is regarding kern/170070 and these two threads from last year:
http://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068987.html
http://lists.freebsd.org/pipermail/freebsd-stable/2012-August/069043.html
I'm running stable/9 r255017 and I'm seeing the same issue, even with
the fix Bjoern committed in r238876.
My setup is a dual stack one (IPv6 is done through an IPv4 tunnel) and
the problem is only with IPv6. I have jails with both IPv4 and IPv6
addresses, and I use pf to rdr certain ports to certain jails. With IPv6
I'm seeing failed checksums on the packets coming back out of my system,
both with UDP and TCP.
If I connect over IPv6 to the jail host it works fine. If I connect over
IPv6 to a jail directly (they have routable addresses, but I prefer them
to all be masked behind the single jail host normally), it works fine.
So the only failure case is when it goes through a rdr rule in pf.
This system replaces a previous one running stable/8 which worked fine
with the same pf config file.
Has anyone got any suggestions on what I can do to fix this or to debug
it further?
Thanks,
Tim.
--
Tim Bishop
http://www.bishnet.net/tim/
PGP Key: 0x6C226B37FDF38D55
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20130831/e80f17db/attachment.sig>
More information about the freebsd-pf
mailing list