Regression with jails/IPv6/pf
martin i
ilavsky.martin at gmail.com
Mon Mar 18 20:33:45 UTC 2013
> On 01/08/2012 18:13, Bjoern A. Zeeb wrote:
>
>> Any of you who are expereincing problems with packets dropped due to
>> invalid checksums with IPv6 and pf after the recent merges, can you
>> report back if you also see this without "modulate state" in your
>> pf.conf (if you have 'modulate' in there, can you try changing it to
>> 'keep' and see if that fixes the problem)?
>
> Alas, I was already using 'keep state'. I did just try 'modulate
> state,' just on the off-chance but it makes no difference.
Hi,
I think I've the similar problem described in this thread, though I don't
see any discards (no issues with tcpdump at least).
My setup is amd64 9.1-RELEASE r245315.
I posted my problem on FreeBSD forums too:
http://forums.freebsd.org/showthread.php?t=38448
I've webserver in jail with private IPv4 and public IPv6 address. Jail
IPs are assigned to custom loopback interfaces and ports 80,443 are
redirected by PF to proper destination. My configuration was posted in
thread mentioned above.
Webserver is not reachable from outside, though PF shows traffic being
correctly redirected to jail's IPs.
This setup was working on 9.0-RELEASE. I verified this on home-lab setup.
Martin
--
..life is hard, and then you die..
More information about the freebsd-pf
mailing list