From owner-freebsd-net@FreeBSD.ORG  Tue Aug 21 14:38:46 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B63B016A420
	for <freebsd-net@freebsd.org>; Tue, 21 Aug 2007 14:38:45 +0000 (UTC)
	(envelope-from jacek@ipv6.jacek.it.pl)
Received: from smtpauth.ipartners.pl (smtpauth3.ipartners.pl
	[IPv6:2001:4190:8002:1::270])
	by mx1.freebsd.org (Postfix) with ESMTP id 3071513C46C
	for <freebsd-net@freebsd.org>; Tue, 21 Aug 2007 14:38:44 +0000 (UTC)
	(envelope-from jacek@ipv6.jacek.it.pl)
Received: from kx.jacek.it.pl (cl-158.mbx-01.si.sixxs.net
	[IPv6:2001:15c0:65ff:9d::2]) (authenticated bits=0)
	by smtpauth.ipartners.pl with ESMTP id l7LEccml063532
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Tue, 21 Aug 2007 16:38:40 +0200 (CEST)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by kx.jacek.it.pl (Postfix) with ESMTP id CB43F5982AD;
	Tue, 21 Aug 2007 16:38:37 +0200 (CEST)
From: Jacek Zapala <jacek@ipv6.jacek.it.pl>
To: Daniel Hartmeier <daniel@benzedrine.cx>
In-Reply-To: <20070821143125.GB32421@insomnia.benzedrine.cx>
References: <200708211010.l7LAA6V7082258@freefall.freebsd.org>
	<20070821121118.GF27160@insomnia.benzedrine.cx>
	<1187703472.22531.4.camel@localhost.localdomain>
	<20070821135048.GA32421@insomnia.benzedrine.cx>
	<1187705811.30269.5.camel@localhost.localdomain>
	<20070821143125.GB32421@insomnia.benzedrine.cx>
Content-Type: text/plain
Date: Tue, 21 Aug 2007 16:38:37 +0200
Message-Id: <1187707117.846.3.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.3 
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: kern/115413: [ipv6] ipv6 pmtu not working
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2007 14:38:46 -0000

On Tue, 2007-08-21 at 16:31 +0200, Daniel Hartmeier wrote:
> Is the following a correct view of your setup:
> 
>   src ---- $int_if pf $ext_if ---- router ---- dst
> 
> Where client src connects to server dst, and you create the state
> entry
> when the initial TCP SYN goes out $ext_if on the firewall?
> 
> The ICMPv6 is coming in on $ext_if, in the reverse direction, relative
> to the initial TCP SYN?
> 
> And the router is between pf and dst, on the $ext_if side? 

pf is set up on src so it looks like:

src with pf ---- router ---- (internet) ---- dst

pf rule:
pass  out  quick on $if0 inet6 proto tcp from any to $dst_net port 22
flags S/SA keep state


	Jacek