On 06.11.2017 17:53, Viktor Dukhovni wrote:
> Would this cause the packet to be denied, or passed through without
> nat? Presumably, I would then have to have "ip4" and not "ip" as
> "ip6" would then be denied by the "nat" rule. Right?
Yes, IPv6 packet will be dropped by nat rule.
>
> Any comm
> On Nov 6, 2017, at 6:28 AM, Andrey V. Elsukov wrote:
>
>> Reverting the rule on a running system back to "ip", still yields
>> no panics, but I am now running a different 11.1 kernel built from
>> SVN with my "stf" patch. So it is sadly not quite clear where the
>> problem was, my original c
On 06.11.2017 07:40, Viktor Dukhovni wrote:
>> From first glance I don't see any restrictions in libalias/nat44 to not
>> try to translate IPv6 packet assuming it as IPv4.
>
> I've changed the rule from "ip" to "ip4", but also made other
> changes to get 6to4 working, and no longer see panics.
>
On Wed, Nov 01, 2017 at 02:17:33PM +0300, Andrey V. Elsukov wrote:
> > # NAT the rest
> > ipfw nat 1 config if "$oif" unreg_only reset same_ports
> > ipfw add nat 1 ip from any to any via "$oif"
>
> Just an theory, can you try change this rule to be like this:
>
> ipfw add nat 1 ip4 from any to
On 31.10.2017 19:40, Viktor Dukhovni wrote:
>> can you show your nat rules?
>
> Sure, igb0 is outside, igb1 is inside, the external IP
> address is 100.2.39.101/24, the internal is 192.168.1.1/24.
> The machine is the DNS server for the inside network and
> does not NAT DNS traffic (makes thousand
> On Oct 31, 2017, at 7:34 AM, Andrey V. Elsukov wrote:
>
> can you show your nat rules?
Sure, igb0 is outside, igb1 is inside, the external IP
address is 100.2.39.101/24, the internal is 192.168.1.1/24.
The machine is the DNS server for the inside network and
does not NAT DNS traffic (makes t
On 31.10.2017 02:57, Viktor Dukhovni wrote:
> I am using FreeBSD 11.1 as the O/S for my DANE/SMTP adoption scanner.
> The system has an IPv4 static IPv4 and also a corresponding 6to4
> address on stf0.
>
> The system is stable when I run IPv4-only scans, but crashes quickly
> as soon as I start a
