Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird static NAT issue.

    Scheduled Pinned Locked Moved IPv6
    2 Posts 1 Posters 333 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zermus
      last edited by

      So I have a static NAT setup for an internal ULA address going to an outside address because webhosts haven't caught on to how to properly route a /64 to an outside WAN /128 properly because NAT is so engrained into their methodology.... Anyway so I have a flat /64 on my pfSense WAN.

      So I'm getting weird intermittent packet loss only on my internal LAN.

      Here I am pinging Cloudflare

      64 bytes from 2606:4700:4700::1111: icmp_seq=42 ttl=54 time=1.53 ms
      64 bytes from 2606:4700:4700::1111: icmp_seq=43 ttl=54 time=1.74 ms
      64 bytes from 2606:4700:4700::1111: icmp_seq=44 ttl=54 time=1.59 ms
      64 bytes from 2606:4700:4700::1111: icmp_seq=45 ttl=54 time=1.65 ms
      64 bytes from 2606:4700:4700::1111: icmp_seq=46 ttl=54 time=1.57 ms
      ^C
      --- 2606:4700:4700::1111 ping statistics ---
      61 packets transmitted, 46 received, 24.5902% packet loss, time 60407ms
      rtt min/avg/max/mdev = 1.374/1.648/2.269/0.153 ms

      It just goes dead there for a few good minutes. Now when this happens I can ping from my pfSense steadily with no packetloss. When this happens it starts spamming this in the syslog:

      Feb 21 21:26:40 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:26:41 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:26:42 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:26:56 kernel cannot forward from fe80:1::4aa9:8aff:fe18:7bf9 to fda8:8b53:9026::4 nxt 58 received on vtnet0
      Feb 21 21:26:57 kernel cannot forward from fe80:1::4aa9:8aff:fe18:7bf9 to fda8:8b53:9026::4 nxt 58 received on vtnet0
      Feb 21 21:26:58 kernel cannot forward from fe80:1::4aa9:8aff:fe18:7bf9 to fda8:8b53:9026::4 nxt 58 received on vtnet0
      Feb 21 21:28:08 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:28:09 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:28:10 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:28:17 kernel cannot forward from fe80:1::4aa9:8aff:fe18:7bf9 to fda8:8b53:9026::4 nxt 58 received on vtnet0
      Feb 21 21:28:18 kernel cannot forward from fe80:1::4aa9:8aff:fe18:7bf9 to fda8:8b53:9026::4 nxt 58 received on vtnet0
      Feb 21 21:28:19 kernel cannot forward from fe80:1::4aa9:8aff:fe18:7bf9 to fda8:8b53:9026::4 nxt 58 received on vtnet0
      Feb 21 21:33:20 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:33:21 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 21:33:22 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::4, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 22:16:35 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::5, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 22:16:36 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::5, nxt 58, rcvif vtnet0, outif vtnet1.55
      Feb 21 22:16:37 kernel cannot forward src fe80:1::4aa9:8aff:fe18:7bf9, dst fda8:8b53:9026::5, nxt 58, rcvif vtnet0, outif vtnet1.55

      Now I have no idea who has that link local address. It doesn't match any of my stuff. I'd guess maybe the switch that my Colo is connected to? But if that's the case my pfSense WAN works perfectly fine.... Is this a pfSense bug? Did my webhost do something funky with their IPv6 routing? Any ideas?

      1 Reply Last reply Reply Quote 0
      • Z
        Zermus
        last edited by

        I opened a ticket with my host on this. Since that fe80:1::4aa9:8aff:fe18:7bf9 isn't mine and appears to be coming from my host I'm guessing there is a routing issue for my /64. IMHO it looks like something is stealing my route like it's double routed or something. They've been "researching" for the past 2 days.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.