On 2014/02/28 12:19, Mike Belopuhov wrote:
> On 28 February 2014 12:14, Stuart Henderson <st...@openbsd.org> wrote:
> > While I agree with this, I don't think we should ever be natting to a
> > non-scoped link-local address..
> >
>
> i think i have addressed this (or a similar) problem some time ago:
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_lb.c#rev1.14
> it would be nice if someone could take a look at it and see if more
> work is needed. i'll jump in to help as soon as i can.
>
Ah I had some recollection of a commit in this area, but forgot where
exactly - you fixed the 'nat-to (em0)' case for dynamic addresses in the
kernel, but pfctl doesn't know about this.
$ echo 'pass in nat-to em0' | pfctl -o none -nvf -
table <__automatic_0> const { fe80::f2de:f1ff:fef9:a752
2001:8b0:648e:cc01:f2de:f1ff:fef9:a752 }
pass in inet6 all flags S/SA nat-to <__automatic_0> round-robin
