Forgive me as im a complete novice when it comes to this sort of thing, but i need assistance in figuring out why my system log is flooded with a level 7 log level kernel notice relating to traffic that is unable to be forwarded, clearly relating to ipv6 (which i know very little about).
My log has been flooded for so long, ive reached 51GB worth of logs AND climbing!
The log message indicates that the system is unable to forward traffic from one interface (igc1) to another (igc0) and specifically mentions that it's having trouble with IPv6 traffic using both UDP (nxt 17) and a non-UDP (nxt 58) protocol.
I'm honestly not really sure where to start with troubleshooting on this one, but i will say that there has been strange network behavior with some of my TP-Link smartplugs (no longer accessible/toggleable in the Kasa app, or Sense Home App).
snippet of log
2023-10-02T12:16:41-04:00 Notice kernel <7>cannot forward src fe80:2::3ff0:fb6b:56af:56d7, dst 2001:4860:4860::8888, nxt 17, rcvif igc1, outif igc0
2023-10-02T12:16:13-04:00 Notice kernel <7>cannot forward src fe80:2::3ff0:fb6b:56af:56d7, dst 2001:4860:4860::8888, nxt 58, rcvif igc1, outif igc0
2023-10-02T12:16:05-04:00 Notice kernel <7>cannot forward src fe80:2::a4f2:2ccb:4b03:18b2, dst 2001:4860:4860::8888, nxt 58, rcvif igc1, outif igc0
2023-10-02T12:15:57-04:00 Notice kernel <7>cannot forward src fe80:2::9ecc:6e40:bf07:3a9, dst 2001:4860:4860::8888, nxt 58, rcvif igc1, outif igc0
2023-10-02T12:15:12-04:00 Notice kernel <7>cannot forward src fe80:2::3ff0:fb6b:56af:56d7, dst 2001:4860:4860::8888, nxt 17, rcvif igc1, outif igc0
2023-10-02T12:15:05-04:00 Notice kernel <7>cannot forward src fe80:2::a4f2:2ccb:4b03:18b2, dst 2001:4860:4860::8888, nxt 58, rcvif igc1, outif igc0
I wonder if an errant setting was enabled or setting that might be causing this.. but not sure which.
Things to know - i have Verizon Fios. my igc0 interface is my WAN interface. igc1 is my LAN interface.
under Interfaces->WAN IPv6 configuration is set to DHCPv6
under Interfaces->LAN IPv6 configuration is set to Track Interface
under Interfaces->Settings IPv6 DHCP Prevent Release is enabled (recently enabled as of today, to see if this will help)
Running
Versions OPNsense 23.7.5-amd64
FreeBSD 13.2-RELEASE-p3
OpenSSL 1.1.1w 11 Sep 2023
2001:4860:4860::8888 is Google DNS. It seems some devices in your LAN are trying to use Google DNS, but with a link-local source address (fe80::/10). That's impossible, these addresses are not routable. That's essentially what the error messages say.
You can use Interfaces: Diagnostics: NDP Table to identify the misbehaving devices.
Cheers
Maurice
@meelokun did you ever get to the bottom of this? I am having the exact same issue. Dual stack IPv4+6, seeing lots of the same "cannot forward src..." errors. They're all link-local IPv6 addresses coming in on my OPNsense box's LAN interface and trying to go out the WAN interface. I can use the NDP lookup table to determine which devices are doing this, but it doesn't tell me why they're doing it.
I'm positive this is due to an IPv6 misconfiguration...somewhere. But not sure where to look next.
So only some devices do this? Do they have anything in common? This really doesn't look like something OPNsense could have an impact on (bug / misconfiguration).
I have seen this before in my network. In my case the culprits are android devices.
They can't get IPv6 address from SLAAC so they get stupid and trying to reach GUA addresses with their LLA sources.
Interesting about the Android devices. I only have one in the house and it only gets powered on every few weeks, so this wasn't that. I've turned off IPv6 on my LAN for the time being but I'll have to turn it back on and see if I can find any commonalities between the devices producing that issue.
older topic but how can I find the device that is still using fe80: .... I see only proper configured device in my IPv6 leases list...
<7>cannot forward src fe80:1::d1f2:9d6a:4c2e:ef7, dst 2a03:2880:..., nxt 17, rcvif re0, outif re1
As I understand from here, it must bei in my LAN (re0) and want to reach there WAN (re1) right?
Did you check the NDP table to identify the MAC address of the device? See my first comment back then.
Cheers
Maurice
thanks, yes found it now in NDP table!