From: Gerhard Wiesinger <lists@wiesinger.com>
To: linux-kernel@vger.kernel.org
Subject: Re: IPv6 and private net with masquerading not working correctly
Date: Fri, 7 Aug 2015 15:00:38 +0200 [thread overview]
Message-ID: <55C4ABF6.3080407@wiesinger.com> (raw)
In-Reply-To: <55C3AAE1.3080003@wiesinger.com>
On 06.08.2015 20:43, Gerhard Wiesinger wrote:
> Hello,
>
> I'm having the following problem with IPv6 and a private internal LAN
> which will be masqueraded to the public internet (I don't want to have
> public IPs in the LAN because of some static IPs and tracking) . Rules
> are generated by shorewall.
>
> Problem is that ICMP6 packets source address is not translated by the
> kernel on the reply when MTU has to be discovered because of too big
> packets and limited MTU capabilities on the path (happens also on tcp6
> which works thereofore not correctly).
>
> # From an internal host on net fd00:1234:5678::/64
> ping6 -s 2000 2a02:1234:5678:7::2
>
> /etc/shorewall6/masq
> EXT_IF fc00::/7
>
> ip6tables rule:
> MASQUERADE all * * fc00::/7 ::/0
>
> # Internal interface
> IP6 fd00:1234:5678::9 > 2a02:1234:5678:7::2: frag (0|1432) ICMP6, echo
> request, seq 1, length 1432
> IP6 fd00:1234:5678::9 > 2a02:1234:5678:7::2: frag (1432|576)
> IP6 2a02:1234:5678:9abc::115 > fd00:1234:5678::9: ICMP6, packet too
> big, mtu 1440, length 1240
>
> # External interface
> IP6 2001:1234:5678:9abc::1 > 2a02:1234:5678:7::2: frag (0|1432) ICMP6,
> echo request, seq 1, length 1432
> IP6 2001:1234:5678:9abc::1 > 2a02:1234:5678:7::2: frag (1432|576)
> IP6 2a02:1234:5678:9abc::115 > 2001:1234:5678:9abc::1: ICMP6, packet
> too big, mtu 1440, length 1240
>
> Looks to me like a a major kernel bug.
> Kernel version is: 4.1.3-201.fc22.x86_64 from Fedora 22
>
> Any ideas?
>
Any comments?
Ciao,
Gerhard
--
http://www.wiesinger.com/
next prev parent reply other threads:[~2015-08-07 13:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-06 18:43 IPv6 and private net with masquerading not working correctly Gerhard Wiesinger
2015-08-07 13:00 ` Gerhard Wiesinger [this message]
2015-08-10 17:39 ` Cong Wang
2015-10-25 7:52 ` Gerhard Wiesinger
-- strict thread matches above, loose matches on Subject: below --
2015-08-06 16:22 Gerhard Wiesinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55C4ABF6.3080407@wiesinger.com \
--to=lists@wiesinger.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.