From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756138AbbHFSnu (ORCPT <rfc822;w@1wt.eu>);
	Thu, 6 Aug 2015 14:43:50 -0400
Received: from vps01.wiesinger.com ([46.36.37.179]:37639 "EHLO
	vps01.wiesinger.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753846AbbHFSnr (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 6 Aug 2015 14:43:47 -0400
To: linux-kernel@vger.kernel.org
From: Gerhard Wiesinger <lists@wiesinger.com>
Subject: IPv6 and private net with masquerading not working correctly
Message-ID: <55C3AAE1.3080003@wiesinger.com>
Date: Thu, 6 Aug 2015 20:43:45 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello,

I'm having the following problem with IPv6 and a private internal LAN 
which will be masqueraded to the public internet (I don't want to have 
public IPs in the LAN because of some static IPs and tracking) . Rules 
are generated by shorewall.

Problem is that ICMP6 packets source address is not translated by the 
kernel on the reply when MTU has to be discovered because of too big 
packets and limited MTU capabilities on the path (happens also on tcp6 
which works thereofore not correctly).

# From an internal host on net fd00:1234:5678::/64
ping6 -s 2000 2a02:1234:5678:7::2

/etc/shorewall6/masq
EXT_IF                   fc00::/7

ip6tables rule:
MASQUERADE  all      *      *       fc00::/7             ::/0

# Internal interface
IP6 fd00:1234:5678::9 > 2a02:1234:5678:7::2: frag (0|1432) ICMP6, echo 
request, seq 1, length 1432
IP6 fd00:1234:5678::9 > 2a02:1234:5678:7::2: frag (1432|576)
IP6 2a02:1234:5678:9abc::115 > fd00:1234:5678::9: ICMP6, packet too big, 
mtu 1440, length 1240

# External interface
IP6 2001:1234:5678:9abc::1 > 2a02:1234:5678:7::2: frag (0|1432) ICMP6, 
echo request, seq 1, length 1432
IP6 2001:1234:5678:9abc::1 > 2a02:1234:5678:7::2: frag (1432|576)
IP6 2a02:1234:5678:9abc::115 > 2001:1234:5678:9abc::1: ICMP6, packet too 
big, mtu 1440, length 1240

Looks to me like a a major kernel bug.
Kernel version is: 4.1.3-201.fc22.x86_64 from Fedora 22

Any ideas?

Thank you.

Ciao,
Gerhard