Project

General

Profile

Actions

Bug #3760

closed

reply-to with TCP and IPv6 generates broken checksums

Added by Jim Pingle over 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
High
Assignee:
Ermal Luçi
Category:
Rules / NAT
Target version:
Start date:
07/15/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

With two WANs, reply-to will normally ensure connections that enter via alternate WANs return back via the expected path. This does not appear to work on 2.2 where the same configuration worked properly on 2.1.x and before.

The ruleset looks correct, containing the reply-to keyword and the proper gateway, but the packets never exit the firewall. TCP syn from a client on WAN2 enters and it is passed as there is a state table entry, but no reply packet exits any interface, not even via the default gateway.

Tested on amd64, may happen on i386 but needs confirmation.

Actions

Also available in: Atom PDF