From owner-freebsd-pf@FreeBSD.ORG Sat Dec 4 18:57:29 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9A1716A4CE for ; Sat, 4 Dec 2004 18:57:29 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id D90F643D3F for ; Sat, 4 Dec 2004 18:57:28 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Caf5z-0007HM-00; Sat, 04 Dec 2004 19:57:27 +0100 Received: from [84.128.130.154] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1Caf5z-0003Po-00; Sat, 04 Dec 2004 19:57:27 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Sat, 4 Dec 2004 19:58:05 +0100 User-Agent: KMail/1.7.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6561382.xf86ZO2IIh"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200412041958.11601.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Bernhard Schmidt Subject: Re: IPv6 MLD packets blocked X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Dec 2004 18:57:29 -0000 --nextPart6561382.xf86ZO2IIh Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 04 December 2004 03:34, Bernhard Schmidt wrote: > Hi, > > I'm currently trying to enable IPv6 multicast forwarding on my FreeBSD > home gateway. With both pim6sd and xorp I had the problem that MLD (IGMP > for IPv6) from clients did not come through to the appropriate daemon > and therefor groups are never subscribed. > > This seems to be a problem with pf. When I disable pf with "pfctl -d" it > works like a charm; when I enable pf again, even with the simple ruleset > > pass all Does your setup include a 6to4 (stf(4)) device? If so then you should move = to=20 a RELENG_5 with pf_if.c, rev. 1.5.2.2. (you can simply move that one file). To debug a problem like this you should use a ruleset like: block log all pass all and watch pflog on tcpdump. It'll give you information why a packet is=20 dropped. Increasing the verbosity of pf's debug facilities might also be=20 helpful: # pfctl -xm > it breaks. I've uploaded a sample of a MLD packet to > > http://www.birkenwald.de/~berni/tmp/mld.dump > > FreeBSD heimdall.birkenwald.de 5.3-STABLE FreeBSD 5.3-STABLE #0: Wed Nov > 24 00:48:49 CET 2004 pf_if.c went in "Nov 24 16:57:32 2004 UTC" so you might have missed it. > root@heimdall.birkenwald.de:/usr/obj/usr/src/sys/HEIMDALL i386 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart6561382.xf86ZO2IIh Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBsgjDXyyEoT62BG0RAk0EAJ45QNNJyao0E5XME0NcKTIH2bbKXACffUg2 bui09Am2plXqfk/Tdmsjy6o= =o0GT -----END PGP SIGNATURE----- --nextPart6561382.xf86ZO2IIh--