Hello,
I have just been testing 13.0-RELEASE and have come across a problem with my NAT64 configuration (which did work on 12.2-RELEASE) not now working.
On 13.0-RELEASE:
The same NAT64 configuration works fine on 12.2-RELEASE:
The problem seems to be that 13.0 generates an ICMP redirect for the NAT64 traffic which doesn't happen on 12.2 (the NAT64 seems to be working ok otherwise - you can see the ping6 translated into a ping4 and the reply making it back to the server but it doesn't get translated back into an icmp6 reply)
On 13.0-RELEASE (note ipfw is logging in/out):
On 12.2-RELEASE:
The configurations between the systems are identical:
For 13.0-RELEASE:
For 12.2-RELEASE:
Any ideas (and more generally does anyone have NAT64 working on 13.0-RELEASE)
Regards, Paul
I have just been testing 13.0-RELEASE and have come across a problem with my NAT64 configuration (which did work on 12.2-RELEASE) not now working.
On 13.0-RELEASE:
Code:
# ping6 -c 1 64:ff9b::1.1.1.1
PING6(56=40+8+8 bytes) 2001:470:1d41:1::55 --> 64:ff9b::101:101
--- 64:ff9b::1.1.1.1 ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet lossThe same NAT64 configuration works fine on 12.2-RELEASE:
Code:
# ping6 -c 1 64:ff9b::1.1.1.1
PING6(56=40+8+8 bytes) 2001:470:1d41:1::50 --> 64:ff9b::101:101
16 bytes from 64:ff9b::101:101, icmp_seq=0 hlim=57 time=20.635 ms
--- 64:ff9b::1.1.1.1 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 20.635/20.635/20.635/0.000 msThe problem seems to be that 13.0 generates an ICMP redirect for the NAT64 traffic which doesn't happen on 12.2 (the NAT64 seems to be working ok otherwise - you can see the ping6 translated into a ping4 and the reply making it back to the server but it doesn't get translated back into an icmp6 reply)
On 13.0-RELEASE (note ipfw is logging in/out):
Code:
# tcpdump -nqi ipfw0 icmp or icmp6
21:58:01.787493 IP6 2001:470:1d41:1::55 > 64:ff9b::101:101: ICMP6, echo request, seq 0, length 16
21:58:01.787509 IP6 2001:470:1d41:1::55 > 64:ff9b::101:101: ICMP6, echo request, seq 0, length 16
21:58:01.787524 IP 192.168.1.55 > 1.1.1.1: ICMP echo request, id 1025, seq 0, length 16
21:58:01.787527 IP 192.168.1.55 > 1.1.1.1: ICMP echo request, id 1025, seq 0, length 16
21:58:01.787567 IP 127.0.0.1 > 192.168.1.55: ICMP redirect 1.1.1.1 to host 0.0.0.0, length 44
21:58:01.787569 IP 127.0.0.1 > 192.168.1.55: ICMP redirect 1.1.1.1 to host 0.0.0.0, length 44
21:58:01.806376 IP 1.1.1.1 > 192.168.1.55: ICMP echo reply, id 1025, seq 0, length 16On 12.2-RELEASE:
Code:
# tcpdump -nqi ipfw0 icmp or icmp6
21:58:21.308304 IP6 2001:470:1d41:1::50 > 64:ff9b::101:101: ICMP6, echo request, seq 0, length 16
21:58:21.308357 IP6 2001:470:1d41:1::50 > 64:ff9b::101:101: ICMP6, echo request, seq 0, length 16
21:58:21.328708 IP 1.1.1.1 > 192.168.1.50: ICMP echo reply, id 1027, seq 0, length 16
21:58:21.328790 IP6 64:ff9b::101:101 > 2001:470:1d41:1::50: ICMP6, echo reply, seq 0, length 16The configurations between the systems are identical:
For 13.0-RELEASE:
Code:
# ifconfig -a
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 58:9c:fc:08:4f:d0
inet 192.168.1.55 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::5a9c:fcff:fe08:4fd0%vtnet0 prefixlen 64 scopeid 0x1
inet6 2001:470:1d41:1::55 prefixlen 64
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 58:9c:fc:10:ff:96
inet6 fe80::5a9c:fcff:fe10:ff96%bridge0 prefixlen 64 scopeid 0x3
inet6 2001:470:1d41:55::1 prefixlen 64
inet6 fe80::1%bridge0 prefixlen 64 scopeid 0x3
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
groups: bridge
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
groups: ipfw
Code:
# ipfw show
00100 0 0 check-state :default
00200 178 12104 allow log ipv6-icmp from any to any icmp6types 135,136
00300 0 0 allow log icmp from any to 192.168.1.55 icmptypes 8 keep-state :default
00400 0 0 allow log ip4 from any to 192.168.1.55 22
00500 0 0 allow log ip4 from any to 192.168.1.55 53
00600 0 0 nat64lsn NAT64 log ip6 from ::1 to 64:ff9b::/96 in
00700 13 728 nat64lsn NAT64 log ip6 from 2001:470:1d41:1::55 to 64:ff9b::/96 in
00800 0 0 nat64lsn NAT64 log ip6 from 2001:470:1d41:55::/64 to 64:ff9b::/96 in
00900 13 832 nat64lsn NAT64 log ip4 from any to 192.168.1.55 in
01000 41 1544 allow log ip4 from 192.168.1.55 to any keep-state :default
01100 2365 307419 allow log ip from any to any
65535 44913 12728705 allow ip from any to anyFor 12.2-RELEASE:
Code:
# ifconfig -a
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 58:9c:fc:01:71:9d
inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::5a9c:fcff:fe01:719d%vtnet0 prefixlen 64 scopeid 0x1
inet6 2001:470:1d41:1::50 prefixlen 64
media: Ethernet 10Gbase-T <full-duplex>
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:dd:a6:3d:7b:00
inet6 fe80::dd:a6ff:fe3d:7b00%bridge0 prefixlen 64 scopeid 0x3
inet6 2001:470:1d41:50::1 prefixlen 64
inet6 fe80::1%bridge0 prefixlen 64 scopeid 0x3
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
groups: bridge
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
groups: ipfw
Code:
# ipfw show
00100 0 0 check-state :default
00200 214 14552 allow log ipv6-icmp from any to any icmp6types 135,136
00300 0 0 allow log icmp from any to 192.168.1.50 icmptypes 8 keep-state :default
00400 0 0 allow log ip4 from any to 192.168.1.50 22
00500 0 0 allow log ip4 from any to 192.168.1.50 53
00600 0 0 nat64lsn NAT64 log ip6 from ::1 to 64:ff9b::/96 in
00700 8 448 nat64lsn NAT64 log ip6 from 2001:470:1d41:1::50 to 64:ff9b::/96 in
00800 0 0 nat64lsn NAT64 log ip6 from 2001:470:1d41:50::/64 to 64:ff9b::/96 in
00900 8 288 nat64lsn NAT64 log ip4 from any to 192.168.1.50 in
01000 0 0 allow log ip4 from 192.168.1.50 to any keep-state :default
01100 1148 170393 allow log ip from any to any
65535 50033 28662388 allow ip from any to anyAny ideas (and more generally does anyone have NAT64 working on 13.0-RELEASE)
Regards, Paul