Re: IP6 redirects through relayd no longer working reliably

[Markus Wernig]

Just for the record: The problem was caused by a malfunctioning upstream 
gateway, which did no longer respond properly to neighbor solicitation 
requests.

The SYN ACK from the server was dropped because the firewall had already 
removed the state created by the SYN.

On 6/23/23 22:51, Markus Wernig wrote:

pflog shows that the IPv6 SYN-ACK replies from the backend servers are 
being dropped by pf. But weirdly the blocks are logged over 30 seconds 
after the SYN is allowed through: