From owner-freebsd-net@FreeBSD.ORG Sat Dec 10 15:43:10 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B59B716A41F for ; Sat, 10 Dec 2005 15:43:10 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id E618743D5A for ; Sat, 10 Dec 2005 15:43:07 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id D14E691564; Sat, 10 Dec 2005 10:43:06 -0500 (EST) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 50037-01-28; Sat, 10 Dec 2005 10:43:06 -0500 (EST) Received: from [204.17.195.113] (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 26A6D9155A; Sat, 10 Dec 2005 10:43:03 -0500 (EST) Message-ID: <439AF794.3080909@vineyard.net> Date: Sat, 10 Dec 2005 10:43:16 -0500 From: "Eric W. Bates" Organization: Vineyard.NET, Inc. User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Subject: FBSD 6.0 ipfw weirdness with ssh x-forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Dec 2005 15:43:10 -0000 My 6.0 upgrades have been going smoothly. However, I had to add: 121 allow all from me6 to me6 along with my normal: 120 allow all from me to me before I could forward my X applications on a machine with IPSec compiled in. Similar machines with IPv6 but no IPSEC listed in the config options do not exhibit this behavior. I was clued by the following errors in the log: Dec 9 23:15:33 gertrude kernel: ipfw: 510 Deny TCP [::0001]:6010 [::0001]:61310 out via lo0 I was hoping someone smarter than I could point me to any documentation about the change. Has ipfw recently split me and me6 (I never noticed the latter before because I'm not using IPv6 yet [shame])? Is this a change in the way the 6.0 kernel handles lo0 traffic in general? Is this a change in ssh forwarding? Or has there always been IPv6 traffic? Thanks for your time. -- Eric W. Bates