Fortinet Community

Netkerfi · ‎10-31-2022

Hi,

I'm trying out NAT64 on the FG. I have followed the guide completely but it's strange that the return packet is dropped, i can see the return packet is recived on the wan interface but then no more, i'm little stuck where i should look, it's like there is missing route towards the naf.root interface

from packet sniffer

3.740201 Nat64 in 2a01:6f01:1204:c64:91f0:7113:7aba:f4c1 -> 64:ff9b::b915:11f9: icmp6: echo request seq 1681 [flowlabel 0x20000]
3.740235 naf.root out 2a01:6f01:1204:c64:91f0:7113:7aba:f4c1 -> 64:ff9b::b915:11f9: icmp6: echo request seq 1681 [flowlabel 0x20000]
3.740243 naf.root in 157.97.12.199 -> 185.21.17.249: icmp: echo request
3.740273 wan1 out 157.97.12.199 -> 185.21.17.249: icmp: echo request
3.741179 wan1 in 185.21.17.249 -> 157.97.12.199: icmp: echo reply

br

Heiðar S.

Netkerfi · ‎10-31-2022

when i do debug flow, i can see on strange line but can't find the reson for it

"fw_forward_dirty_handler" i find it little suspicious,

id=65308 trace_id=28 func=print_pkt_detail line=5892 msg="vd-root:0 received a packet(proto=1, 157.97.12.199:23207->92.43.192.120:2048) tun_id=0.0.0.0 from naf.root. type=8, code=0, id=23207, seq=35371."
id=65308 trace_id=28 func=resolve_ip_tuple_fast line=5980 msg="Find an existing session, id-0016de26, original direction"
id=65308 trace_id=28 func=npu_handle_session64 line=1287 msg="Trying to offloading session from naf.root to wan1, skb.npu_flag=00000480 ses.state=00010200 ses.npu_state=0x04000000"
id=65308 trace_id=28 func=fw_forward_dirty_handler line=414 msg="state=00010200, state2=00000000, npu_state=04000000"
i

Fortinet Community

Problem with Nat64 on 7.2.2