• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Kernel cannot forward src

Scheduled Pinned Locked Moved IPv6
3 Posts 2 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dragoangel
    last edited by dragoangel Dec 1, 2018, 10:57 AM Dec 1, 2018, 10:53 AM

    pfSense 2.4.4 and previous versions on ESXi home lab.
    Configured DualstackWAN IPv4+IPv6 via Tunnelbroker with MultiWAN in failover mode (no balancing).
    In general system log I see many errors:
    Kernel - cannot forward src fe80:3::1111:2222:3333:, dst 2a02:1111:2222::3333:4444, nxt 6, rcvif vmx2, outif gif1

    VMX2 is LAN and GIF1 is tunnel brocker interface.
    Point in that src and destination from one error to another are changing and Main problem:
    I don't have IPs fe80:3::1111:2222:3333 in LAN for every case, but I have IPs fe80::1111:2222:3333 for each of them, how it can bee? pfSense add :3:: after fe80 don't get why.

    Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
    Unifi AP-AC-LR with EAP RADIUS, US-24

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 4, 2018, 3:32 PM

      Some client is incorrectly attempting to send traffic from a link-local address to a remote destination. You can't do that, so it gets dropped and logged.

      fe80::/10 link local traffic can't leave its segment.

      pfSense may not list that address since it's only on the local segment. It's an address that a device would assign to itself. The :3: would not come from pfSense, that may be a different interface on the client.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • D
        dragoangel
        last edited by dragoangel Dec 13, 2018, 8:43 PM Dec 13, 2018, 8:36 PM

        Ok, thank you, sorry for duplicated theme.
        About :3:: - it really not existing IP at all, but real if remove this part. I sure, because have ntopng installed and have configured monitoring for long time storing. For me this strange situation.
        P.S. This clients is Win10.

        Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
        Unifi AP-AC-LR with EAP RADIUS, US-24

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received