From owner-freebsd-stable@FreeBSD.ORG Sat Jul 11 10:09:48 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D205106566C; Sat, 11 Jul 2009 10:09:48 +0000 (UTC) (envelope-from hlh@restart.be) Received: from tignes.restart.be (tignes.restart.be [IPv6:2001:41d0:2:2d29:0:1::]) by mx1.freebsd.org (Postfix) with ESMTP id E99C78FC0A; Sat, 11 Jul 2009 10:09:47 +0000 (UTC) (envelope-from hlh@restart.be) Received: from restart.be (avoriaz.tunnel.bel [IPv6:2001:41d0:2:2d29:1:ffff::]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "avoriaz.restart.be", Issuer "CA master" (verified OK)) by tignes.restart.be (Postfix) with ESMTPS id 1106349EC; Sat, 11 Jul 2009 12:09:47 +0200 (CEST) Received: from avoriaz.restart.bel (avoriaz.restart.be [IPv6:2001:41d0:2:2d29:1:1::]) (authenticated bits=0) by restart.be (8.14.3/8.14.3) with ESMTP id n6BA9WFF002010; Sat, 11 Jul 2009 12:09:44 +0200 (CEST) (envelope-from hlh@restart.be) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=restart.be; s=avoriaz; t=1247306986; bh=ohZzOiiDOclM9ju3h+ps/X/cNm82mYLSLdB0v1b9nm4=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=zduN8S5MpQBGMK8EG4q9yYtnIWoK6a8dG2eWJGTmDsZqRlJTxMZcSjGZZqzjQUzXM jF2ApULFOOa19pU2kCxxg== DomainKey-Signature: a=rsa-sha1; s=avoriaz; d=restart.be; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:cc:subject: references:in-reply-to:content-type: content-transfer-encoding:x-scanned-by; b=FqlBW87rw1hbX+XOTru7+xqPdq2MXEBitcIYu/SBfF2LgFN7+gg+2uoxLJ8xlLGt8 s/iVMnxKbvjikV17MtQ0g== Message-ID: <4A5864DC.1070106@restart.be> Date: Sat, 11 Jul 2009 12:09:32 +0200 From: Henri Hennebert User-Agent: Thunderbird 2.0.0.22 (X11/20090710) MIME-Version: 1.0 To: "Li, Qing" References: <4A5734C3.3000806@restart.be> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.64 on IPv6:2001:41d0:2:2d29:1:1:: Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2009 10:09:50 -0000 Li, Qing wrote: > Hi, > > Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/ > and let me know how it works out for you. I thought I had committed the patch > but turned out I didn't. I apply the patch, reset my pf.conf to its previous content and all is running smoothly. By the way, I discover after my post that my "solution" was not working for long (many bytes) connections and this is solved too. Many thank for your time Henri PS please commit as soon as possible > >> On 8.0-BETA1 there is an assymetry: >> >> netstat -rn display >> >> 192.168.24.1 link#3 >> .... >> no entry for 2001:41d0:2:2d29:1:1:: >> > > This is by design as part of the new architecture in 8.0, which maintains > the L2 ARP/ND6 and L3 routing tables separately. > > -- Qing > > > > -----Original Message----- > From: owner-freebsd-stable@freebsd.org on behalf of Henri Hennebert > Sent: Fri 7/10/2009 5:32 AM > To: freebsd-stable@freebsd.org; freebsd-st@freebsd.org > Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections > > Hello, > > After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when > connecting with firefox to a local apache server using the global > unicast IPv6 address of the local machine. pf.conf must be updated! > > My configuration: > > [root@avoriaz ~]# ifconfig em0 > > em0: flags=8843 metric 0 mtu 1500 > options=19b > ether 00:1d:60:ad:2a:ce > inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 > inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 > inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 > media: Ethernet 100baseTX (100baseTX ) > status: active > > [root@avoriaz ~]# host www.restart.bel > www.restart.bel is an alias for avoriaz.restart.bel. > avoriaz.restart.bel has address 192.168.24.1 > avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: > > pf.conf: > > int_if="em0" > block in log all > block out log all > set skip on lo0 > antispoof quick for $int_if inet > # Allow trafic with physical internal network > pass in quick on $int_if from ($int_if:network) to ($int_if) keep state > pass out quick on $int_if from ($int_if) to ($int_if:network) keep state > > The problem: > > [root@avoriaz ~]# telnet -4 www.restart.bel 80 > Trying 192.168.24.1... > Connected to avoriaz.restart.bel. > Escape character is '^]'. > ^] > telnet> quit > Connection closed. > [root@avoriaz ~]# telnet -6 www.restart.bel 80 > Trying 2001:41d0:2:2d29:1:1::... > --->Never connect and get a timeout! > > tcpdump and logging in pf show me that > > For a IPv4 connection: > the packet from telnet to apache pass 2 times on lo0 (out and in) > the answer packet from apache to telnet pass 2 times on lo0 (out and in) > > So no problem, there is `set skip on lo0' > > For a IPv6 connection: > The first packet from telnet to apache pass 2 times on lo0 (out and in) > The answer packet from apache to telnet path on em0 and is rejected > due to the default flags S/SA. > > So I have to change pf.conf and replace the last line: > pass out quick on $int_if from ($int_if) to ($int_if:network) \ > keep state flags any > > Then all is OK > > By the way, on 7.2 > > netstat -rn display > > 192.168.24.1 00:1d:60:ad:2a:ce > .... > 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce > > > On 8.0-BETA1 there is an assymetry: > > netstat -rn display > > 192.168.24.1 link#3 > .... > no entry for 2001:41d0:2:2d29:1:1:: > > Hope it may help someone > > Henri > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >