Bad udp cksum

G

Grzegorz

New Member
Dec 16, 2013
7
0
1
I got problem with a host network (pve-manager/3.4-6/102d4547 (running kernel: 2.6.32-48-pve)). I can ping everything from host but can't ssh to it and can't open any www even do apt-get update. I use pfsense inside kvm on the same host as a gateway (which works great) and another openvz guests work well too (with the same pfsense gateway). I try to use hardware router instead of pfsense and host worked well. I believe problem is not with pfsense because few dozens office pc work behind it like a charm.

Here is part of tcpdump from pfsense after lynx ya.ru from the host.

Code: 
04:40:32.444077 90:1b:0e:27:89:0e > ea:55:66:5f:51:63, ethertype IPv4 (0x0800), length 65: (tos 0x0, ttl 64, id 51268, offset 0, flags [DF], proto UDP (17), length 51)
    192.168.0.40.55923 > 192.168.0.1.53: [bad udp cksum 0x81aa -> 0x2793!] 41736+ A? ya.ru. (23)
04:40:32.444124 90:1b:0e:27:89:0e > ea:55:66:5f:51:63, ethertype IPv4 (0x0800), length 65: (tos 0x0, ttl 64, id 51269, offset 0, flags [DF], proto UDP (17), length 51)
    192.168.0.40.55923 > 192.168.0.1.53: [bad udp cksum 0x81aa -> 0x72a5!] 15606+ AAAA? ya.ru. (23)
04:40:32.444250 ea:55:66:5f:51:63 > 90:1b:0e:27:89:0e, ethertype IPv4 (0x0800), length 113: (tos 0x0, ttl 64, id 49807, offset 0, flags [none], proto UDP (17), length 99)
    192.168.0.1.53 > 192.168.0.40.55923: [bad udp cksum 0x81da -> 0xb12d!] 41736 q: A? ya.ru. 3/0/0 ya.ru. A 213.180.204.3, ya.ru. A 213.180.193.3, ya.ru. A 93.158.134.3 (71)
04:40:32.445385 ea:55:66:5f:51:63 > 90:1b:0e:27:89:0e, ethertype IPv4 (0x0800), length 93: (tos 0x0, ttl 64, id 355, offset 0, flags [none], proto UDP (17), length 79)

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 64:66:b3:04:21:0b brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 90:1b:0e:27:89:0e brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 90:1b:0e:0e:5c:21 brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  link/ether 90:1b:0e:27:89:0e brd ff:ff:ff:ff:ff:ff
  inet 192.168.0.40/24 brd 192.168.0.255 scope global vmbr0
  inet6 fe80::921b:eff:fe27:890e/64 scope link
  valid_lft forever preferred_lft forever
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  link/ether 90:1b:0e:0e:5c:21 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::921b:eff:fe0e:5c21/64 scope link
  valid_lft forever preferred_lft forever
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  link/ether 64:66:b3:04:21:0b brd ff:ff:ff:ff:ff:ff
  inet6 fe80::6666:b3ff:fe04:210b/64 scope link
  valid_lft forever preferred_lft forever
8: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  link/void
  inet6 fe80::1/128 scope link
  valid_lft forever preferred_lft forever
9: veth100.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  link/ether fe:b2:9e:cf:5a:39 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::fcb2:9eff:fecf:5a39/64 scope link
  valid_lft forever preferred_lft forever
10: veth101.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  link/ether 1e:4b:d9:fd:9f:72 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::1c4b:d9ff:fefd:9f72/64 scope link
  valid_lft forever preferred_lft forever
11: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
  link/ether d6:6b:f3:fc:0c:25 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::d46b:f3ff:fefc:c25/64 scope link
  valid_lft forever preferred_lft forever
12: tap102i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
  link/ether 36:0f:21:58:2d:12 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::340f:21ff:fe58:2d12/64 scope link
  valid_lft forever preferred_lft forever
13: tap102i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
  link/ether b2:93:12:d8:1a:a0 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::b093:12ff:fed8:1aa0/64 scope link
  valid_lft forever preferred_lft forever

PS The same topics tried to find solution https://forum.proxmox.com/threads/bad-udp-cksum-on-dns-requests-from-pve.7063/
https://forum.proxmox.com/threads/proxmox-crashes-restarts-after-udp-bad-checksum.19053/
 
Last edited:
Are you using VirtIO inside the pfSense Guest ?
FreeBSD pf has problem with virtio NIC. Try E1000 and see if it helps.
 
What did you do to make it work ?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back