On 12/28/2012 05:59 AM, Michael Grimm wrote: > Hi -- > > I do run both my primary and secondary nameservers (distinct servers) in > FreeBSD jails1 and jail2 as outlined below: <snip> > I do see using tcpdump at server1: > > | 00:00:02.066251 xx:xx:xx:xx:xx > yy:yy:yy:yy:yy, ethertype IPv6 (0x86dd), > length 94: (flowlabel 0xa3c71, hlim 63, next-header TCP (6) payload length: > 40) b:b:b:b::1.64158 > a:a:a:a:1::1.53: Flags [S], > cksum 0x959b (incorrect -> 0x58f9), seq 3833155181, win 65535, options [mss > 1440,nop,wscale 6,sackOK,TS val 495939599 ecr 0], length 0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 9.1's PF appears to be either corrupting or not updating the packet checksum when it touches IPv6 packets. I was not able to figure out how or why in my brief perusal of the source, but it seems to affect more than just NAT66.
http://freebsd.1045724.n5.nabble.com/PF-IPv6-NAT-and-The-Curse-of-The-Invalid-Checksum-td5769669.html -- Fuzzy love, -CyberLeo Furry Peace! - http://www.fur.com/peace/ _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
