Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Aug 2008 04:36:57 -0700
From:      Jeremy Chadwick <koitsu@FreeBSD.org>
To:        Mathieu Arnold <mat@FreeBSD.org>
Cc:        stable@FreeBSD.org
Subject:   Re: neighbor discovery problem
Message-ID:  <20080812113657.GB9694@eos.sc1.parodius.com>
In-Reply-To: <7AFCCB24A4B9B391813EBBFF@andromede.in.absolight.net>
References:  <2D4221F0175C7261ECD00191@atuin.in.mat.cc> <20080812083403.GA2150@eos.sc1.parodius.com> <65391406E135A0EC389574BA@andromede.in.absolight.net> <7AFCCB24A4B9B391813EBBFF@andromede.in.absolight.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Aug 12, 2008 at 01:34:35PM +0200, Mathieu Arnold wrote:
> 
> 
> +-le 12.08.2008 13:17:27 +0200, Mathieu Arnold a dit :
> | +-le 12.08.2008 01:34:03 -0700, Jeremy Chadwick a dit :
> || Important note: I know absolutely nothing about IPv6.
> || 
> || Do you have ACLs on any of these machines?  !A in traceroute commonly
> || means there's an ACL blocking said packets:
> || 
> || !A  (communication with destination network administratively prohibited)
> || 
> || A ping from the other host might cause a stateful firewall to begin
> || allowing said traffic to/from the machine which previously wasn't
> || working.
> || 
> || If you use a firewall on these machines (ipfw, pf, etc.), I'd recommend
> || posting your problem to the freebsd-pf list instead.
> | 
> | Hum, no, I've verified it already, there is pf enabled on the gateway, which
> | is also a firewall, but only on the external interface which does not come
> | in play here.
> 
> There's a pass and not a skip, but all my block rules have log, and no
> packets show up in pflog, which tends to make me believe that, well, it's not
> a firewall problem.

A pass on RELENG_7 will still cause state to be kept (keep state is
implicit on RELENG_7).

Do you see state mismatches?  pfctl -s info.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080812113657.GB9694>