From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751775AbbJYHw6 (ORCPT ); Sun, 25 Oct 2015 03:52:58 -0400 Received: from vps01.wiesinger.com ([46.36.37.179]:45732 "EHLO vps01.wiesinger.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750952AbbJYHw5 (ORCPT ); Sun, 25 Oct 2015 03:52:57 -0400 Subject: Re: IPv6 and private net with masquerading not working correctly To: LKML , Linux Kernel Network Developers , netfilter-devel@vger.kernel.org References: <55C3AAE1.3080003@wiesinger.com> <55C4ABF6.3080407@wiesinger.com> Cc: Cong Wang From: Gerhard Wiesinger Message-ID: <562C8A4F.1030302@wiesinger.com> Date: Sun, 25 Oct 2015 08:52:47 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner-Information-wiesinger-com: Please contact the ISP for more information X-yoursite-MailScanner-ID: t9P7qlVv021774 X-MailScanner-wiesinger-com: Found to be clean X-MailScanner-SpamCheck-wiesinger-com: not spam, SpamAssassin (not cached, score=-0.999, required 4.5, autolearn=not spam, ALL_TRUSTED -1.00, URIBL_BLOCKED 0.00) X-yoursite-MailScanner-From: lists@wiesinger.com Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Any update on this issue? Thank you. Ciao, Gerhard On 10.08.2015 19:39, Cong Wang wrote: > (Cc'ing netdev and netfilter-devel) > > On Fri, Aug 7, 2015 at 6:00 AM, Gerhard Wiesinger wrote: >> On 06.08.2015 20:43, Gerhard Wiesinger wrote: >>> Hello, >>> >>> I'm having the following problem with IPv6 and a private internal LAN >>> which will be masqueraded to the public internet (I don't want to have >>> public IPs in the LAN because of some static IPs and tracking) . Rules are >>> generated by shorewall. >>> >>> Problem is that ICMP6 packets source address is not translated by the >>> kernel on the reply when MTU has to be discovered because of too big packets >>> and limited MTU capabilities on the path (happens also on tcp6 which works >>> thereofore not correctly). >>> >>> # From an internal host on net fd00:1234:5678::/64 >>> ping6 -s 2000 2a02:1234:5678:7::2 >>> >>> /etc/shorewall6/masq >>> EXT_IF fc00::/7 >>> >>> ip6tables rule: >>> MASQUERADE all * * fc00::/7 ::/0 >>> >>> # Internal interface >>> IP6 fd00:1234:5678::9 > 2a02:1234:5678:7::2: frag (0|1432) ICMP6, echo >>> request, seq 1, length 1432 >>> IP6 fd00:1234:5678::9 > 2a02:1234:5678:7::2: frag (1432|576) >>> IP6 2a02:1234:5678:9abc::115 > fd00:1234:5678::9: ICMP6, packet too big, >>> mtu 1440, length 1240 >>> >>> # External interface >>> IP6 2001:1234:5678:9abc::1 > 2a02:1234:5678:7::2: frag (0|1432) ICMP6, >>> echo request, seq 1, length 1432 >>> IP6 2001:1234:5678:9abc::1 > 2a02:1234:5678:7::2: frag (1432|576) >>> IP6 2a02:1234:5678:9abc::115 > 2001:1234:5678:9abc::1: ICMP6, packet too >>> big, mtu 1440, length 1240 >>> >>> Looks to me like a a major kernel bug. >>> Kernel version is: 4.1.3-201.fc22.x86_64 from Fedora 22 >>> >>> Any ideas? >>> >> Any comments? >> >> Ciao, >> Gerhard >> >> -- >> http://www.wiesinger.com/ >> >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> Please read the FAQ at http://www.tux.org/lkml/ > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/