Mike Kazantsev a écrit : > > And here's the problem: no link-local address on the interface. Good catch. I didn't notice it. > With this address added (or rather preserved), router is able to send > neighbor solicitation requests from it and everything works fine. > > Anyway, strange thing is that, apparently, VM on the other side is able > to send these requests without link-local address, using global one > instead: [...] > Guess older kernel (2.6.30.4) there is the cause of it, and that's also > why it worked before with pretty much the same setup. I observed that when sending a locally generated packet, Linux uses the source address (which is one one of its own addresses) of the packet as the source address in the neighbour solicitation, whereas when forwarding a packet it uses the link-local address attached to the output interface. So there may be trouble when forwarding a packet and the output interface has no link-local address. The tcpdump trace in your previous message shows a neighbour solicitation packet with unspecified source address : > IP6 :: > ff02::1:ff00:22: ICMP6, neighbor solicitation, who has 2001:470:1f0b:11de::22, length 24 This may explain the different results with pings from the LAN and from the router, and also why VM does not have the problem even though it has no link-local address. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html