Hi, On 31 Aug 2013, at 21:49, Tim Bishop <t...@bishnet.net> wrote:
> Hi all, > > This is regarding kern/170070 and these two threads from last year: > > http://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068987.html > http://lists.freebsd.org/pipermail/freebsd-stable/2012-August/069043.html > > I'm running stable/9 r255017 and I'm seeing the same issue, even with > the fix Bjoern committed in r238876. This is still with "modulate state" in some rules that also hit ipv6 traffic ? It almost looks like doing this kind of traffic alteration is considered harmful for IPv6 http://forums.freebsd.org/showthread.php?t=36595 If that is the case, then this should be applicable only to ipv4 traffic, without requiring specific knowledge from the user > > My setup is a dual stack one (IPv6 is done through an IPv4 tunnel) and > the problem is only with IPv6. I have jails with both IPv4 and IPv6 > addresses, and I use pf to rdr certain ports to certain jails. With IPv6 > I'm seeing failed checksums on the packets coming back out of my system, > both with UDP and TCP. > > If I connect over IPv6 to the jail host it works fine. If I connect over > IPv6 to a jail directly (they have routable addresses, but I prefer them > to all be masked behind the single jail host normally), it works fine. > So the only failure case is when it goes through a rdr rule in pf. > > This system replaces a previous one running stable/8 which worked fine > with the same pf config file. > > Has anyone got any suggestions on what I can do to fix this or to debug > it further? > > Thanks, > > Tim. > > -- > Tim Bishop > http://www.bishnet.net/tim/ > PGP Key: 0x6C226B37FDF38D55 >
signature.asc
Description: Message signed with OpenPGP using GPGMail
