On Thu, 26 Jul 2012, Matthew Seaman wrote: Hi,
as there have been more people having problems with pf and IPv6 after the changes I am replying to stable@ cc: pf@. ...
[...] nat on $ext_if_plus from $xenophobe_int to any -> $xenophobe_ext rdr inet6 proto tcp from <localnets> to $xenophobe_ext \ port { 22, 80, 443, 548, 4700 } -> $xenophobe_int When trying to ssh into the jail with a kernel exhibiting this problem, tcpdump showed that traffic was reaching the sshd in the jail and responses were being generated, but they didn't make it out onto the net.
Any of you who are expereincing problems with packets dropped due to invalid checksums with IPv6 and pf after the recent merges, can you report back if you also see this without "modulate state" in your pf.conf (if you have 'modulate' in there, can you try changing it to 'keep' and see if that fixes the problem)? /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"