Date: Tue, 27 Feb 2001 15:25:44 +0000 From: Rasputin <rasputin@FreeBSD-uk.eu.org> To: freebsd-stable@freebsd.org Subject: IPF and IPv6 Message-ID: <20010227152544.A69259@dogma.freebsd-uk.eu.org>
next in thread | raw e-mail | index | archive | help
Afternoon people, just wondered if anyone was using ipf with 6-to-4 tunneling (a la freenet6.net)? I'm on a dialup (using gifconfig to build a tunnel through tun0), so there are no IPs mentioned in the ruleset, apart from the usual RFC1918 suspects. If I ping6 outbound to www.normos.org, the returned packets are blocked as though 'keep state' was doing nothing. Turning off ipf starts the traffic flowing instantly, so it's definitely the cause, as does: 'pass in on tun0 from any to any proto ipv6' but 'pass out on tun0 from any to any proto icmp keep state keep frags' doesn't help, and 'pass out on tun0 from any to any proto ipv6 keep state keep frags' gives an error, saying state only works for tcp/udp/icmp. But surely these *are* ICMP packets? So I reckon either: a) IPF can't tell that sessions going out of gif0 come back through tun0 (unlikely) or b) IPv6 support in FreeBSD isn't as full-on as I thought or c) I need a thwack with the cluestick. I don't particularly want to spam you all with my ruleset, but if anyone has got this working, please let me know how you did it. Cheers. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010227152544.A69259>