IPv6 policy routing not working #39
Comments
|
It works when shared forwarding is disabled :o |
|
Looks like a shared forwarding regression in IPv6 code. I'll have a closer look but I'm not sure it will be easy to spot or debug. Shared forwarding offers a missing piece to the FreeBSD kernel's interaction between pf and ipfw firewall components. The current FreeBSD code "blackholes" policy routing and sends packets out the physical link without handing them off to ipfw which breaks certain combinations on policy routing + shaping or captive portal or transparent proxy use. |
|
same as #38 |
fichtner
added a commit
that referenced
this issue
Dec 13, 2019
lattera
pushed a commit
to BlackhawkNest/opnsense-src
that referenced
this issue
Oct 30, 2020
PR: opnsense#38 PR: opnsense#39 (cherry picked from commit 1bf392c) Signed-off-by: Shawn Webb <swebb@blackhawknest.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I created an IPv6 firewall rule using a gateway (GIF, WireGuard). The rule matches but traffic is sent to the default gateway (netstat -6rn)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Routing over the gateway which is specified in the rule
Environment
Software version used and hardware type if relevant.
e.g.:
OPNsense 19.1.6 (amd64, OpenSSL).
AMD APU, KVM VM, ..
Also see https://forum.opnsense.org/index.php?topic=10846.0, https://forum.opnsense.org/index.php?topic=11988.msg57209
The text was updated successfully, but these errors were encountered: