On 31.10.2017 19:40, Viktor Dukhovni wrote: >> can you show your nat rules? > > Sure, igb0 is outside, igb1 is inside, the external IP > address is 100.2.39.101/24, the internal is 192.168.1.1/24. > The machine is the DNS server for the inside network and > does not NAT DNS traffic (makes thousands of DNS queries > per second when doing DANE scans, and would quickly exhaust > the state tables). I also don't NAT NTP, or TCP 22/88 to > the server. There's no IPv6 on the internal network, so > at present the IPv6 rules are rudimentary, just anti-spoof > the loopback interface and boilerplate ICMP6 rules. > # NAT the rest > ipfw nat 1 config if "$oif" unreg_only reset same_ports > ipfw add nat 1 ip from any to any via "$oif"
Just an theory, can you try change this rule to be like this: ipfw add nat 1 ip4 from any to any via "$oif" From first glance I don't see any restrictions in libalias/nat44 to not try to translate IPv6 packet assuming it as IPv4. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
