On 26.06.2019 11:05, Patrick M. Hausen wrote: > Hi all, > > we have a bit of a problem with some new servers that > use NAT64 to access certain services that offer only > legacy IP - like github. > > As far as I found the respective NAT64 gateways (in jails > with VNET) are configured identically except for the > particular addresses, of course. > > Yet, 11.2 works, 11.3-RC1 doesn’t> Any hints welcome.
Check the output of the following commands on both translators: # sysctl net.inet.ip.fw | grep nat64 # ipfw nat64lsn all list # ipfw nat64lsn NAT64 stats # ipfw nat64lsn NAT64 config log # ifconfig ipfwlog0 create # tcpdump -nvi ipfwlog0 Check the counters of rules with nat64lsn action, probably you use netisr output (default mode) and have traffic loops, i.e. a packet captured by NAT64 instance several times. Your rules looks like direct output is preferable for you (try to set net.inet.ip.fw.nat64_direct_output=1). -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
