FreeBSD 11.1-RELEASE: Kernel panic in ipv6_output() via tcp6_usr_connect()
Andrey V. Elsukov
bu7cher at yandex.ru
Wed Nov 1 11:18:43 UTC 2017
On 31.10.2017 19:40, Viktor Dukhovni wrote:
>> can you show your nat rules?
>
> Sure, igb0 is outside, igb1 is inside, the external IP
> address is 100.2.39.101/24, the internal is 192.168.1.1/24.
> The machine is the DNS server for the inside network and
> does not NAT DNS traffic (makes thousands of DNS queries
> per second when doing DANE scans, and would quickly exhaust
> the state tables). I also don't NAT NTP, or TCP 22/88 to
> the server. There's no IPv6 on the internal network, so
> at present the IPv6 rules are rudimentary, just anti-spoof
> the loopback interface and boilerplate ICMP6 rules.
> # NAT the rest
> ipfw nat 1 config if "$oif" unreg_only reset same_ports
> ipfw add nat 1 ip from any to any via "$oif"
Just an theory, can you try change this rule to be like this:
ipfw add nat 1 ip4 from any to any via "$oif"
From first glance I don't see any restrictions in libalias/nat44 to not
try to translate IPv6 packet assuming it as IPv4.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20171101/40aec5b7/attachment.sig>
More information about the freebsd-net
mailing list