Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Kernel cannot forward src

    IPv6
    2
    3
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dragoangelD
      dragoangel
      last edited by dragoangel

      pfSense 2.4.4 and previous versions on ESXi home lab.
      Configured DualstackWAN IPv4+IPv6 via Tunnelbroker with MultiWAN in failover mode (no balancing).
      In general system log I see many errors:
      Kernel - cannot forward src fe80:3::1111:2222:3333:, dst 2a02:1111:2222::3333:4444, nxt 6, rcvif vmx2, outif gif1

      VMX2 is LAN and GIF1 is tunnel brocker interface.
      Point in that src and destination from one error to another are changing and Main problem:
      I don't have IPs fe80:3::1111:2222:3333 in LAN for every case, but I have IPs fe80::1111:2222:3333 for each of them, how it can bee? pfSense add :3:: after fe80 don't get why.

      Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
      Unifi AP-AC-LR with EAP RADIUS, US-24

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Some client is incorrectly attempting to send traffic from a link-local address to a remote destination. You can't do that, so it gets dropped and logged.

        fe80::/10 link local traffic can't leave its segment.

        pfSense may not list that address since it's only on the local segment. It's an address that a device would assign to itself. The :3: would not come from pfSense, that may be a different interface on the client.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • dragoangelD
          dragoangel
          last edited by dragoangel

          Ok, thank you, sorry for duplicated theme.
          About :3:: - it really not existing IP at all, but real if remove this part. I sure, because have ntopng installed and have configured monitoring for long time storing. For me this strange situation.
          P.S. This clients is Win10.

          Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
          Unifi AP-AC-LR with EAP RADIUS, US-24

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.