Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 forwarding in 2.5 RC unexpectedly broken

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 1 Posters 413 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      athompso
      last edited by

      After doing a clean install of 2.5 (and importing my 2.4 config) suddenly IPv6 forwarding, specifically, no longer works as expected.

      I've got

      • lagg0.31 ("GENERAL") with inet6 2620:42:c000::1 prefixlen 64,
      • lagg0.36 ("HEXTET0") with inet6 2620:132:3002:100d::2 prefixlen 124

      IPv6 routes

      • default 2620:132:3002:100d::1 UGS lagg0.36

      No NPt rules configured whatsoever.

      Rules on GENERAL consist only of

      • Enabled / IPv4+IPv6 / Source: GENERAL / Port * / Dest * / Gw * / Q none

      and on HEXTET0:

      • only the anti-lockout rule

      From a PC on VLAN 31, I can ping the firewall. Traffic shows up and looks 100% normal in tcpdump. I can ping any up interface on the firewall, not just the link-specific IP.

      From the firewall, I can ping my next-hop, and beyond. Traffic shows up and looks 100% normal in tcpdump.

      From that same PC on VLAN 31, when I ping anything beyond the firewall, I get... nothing. No ICMP unreachable, just timeouts.

      Also:

      • IPv4 appears to work correctly.
      • Unbound is broken when accessed over IPv6, so I switched from DNS Resolver to DNS Forwarder, which appears to work correectly.

      Basically, this worked in 2.4.<latest>, and now appears to be broken in 2.5 RC. Did something change that I haven't taken into account? Or is this a bug? Or something somewhere in between?

      -Adam

      A 1 Reply Last reply Reply Quote 0
      • A Offline
        athompso @athompso
        last edited by

        More information:

        • net.inet6.ip6.forwarding is (still) set to 1. Changing it to 0 and back to 1 has no effect.
        • pfctl -d / pfctl -e has no effect, in any order, so it's not a pf rule problem
        A 1 Reply Last reply Reply Quote 0
        • A Offline
          athompso @athompso
          last edited by

          Found it. I advertise my routes via BGP. There's no OpenBGPd package in 2.5 RC. So, I'm not advertising my routes anymore 😢. Never even occurred to me... *&^%$#@!

          Guess I'll install FRR and try that out now, whether I wanted to or not.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.