Date: Thu, 21 Feb 2008 16:36:01 -0800 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Colin Brace <cb@lim.nl> Cc: freebsd-questions@freebsd.org Subject: Re: PF vs. ping6 Message-ID: <20080222003601.GN88015@hal.rescomp.berkeley.edu> In-Reply-To: <aec9371b0802211614v6b886952k895ec5426ad5a0ee@mail.gmail.com> References: <aec9371b0802211614v6b886952k895ec5426ad5a0ee@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--yK/6QRnH3Zanb0EF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 22, 2008 at 01:14:55AM +0100, Colin Brace wrote: > Hi all, >=20 > I am trying to set up a IPv6 tunnel following the instructions in the > handbook <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/netwo= rk-ipv6.html>. > aiccu starts ok: >=20 > # sixxs-aiccu start > Tunnel Information for T14342: > POP Id : nlams05 > IPv6 Local : xxxxxxxxxxxxxxxxx2/64 > IPv6 Remote : xxxxxxxxxxxxxxxxx1/64 > Tunnel Type : 6in4-heartbeat > Adminstate : enabled > Userstate : enabled >=20 > I can ping6 localhost, I can ping6 the tunnel begin point (local), but > I can't ping6 the (remote) end point. Firing up tcpdump, I see that > the firewall is blocking the ping packets. >=20 > I have these (provisional) rules at the top of the filter section in PF: >=20 > pass quick on fxp0 inet6 # ext if I don't use pf, but I'm guessing from the man page that you may need to try: pass quick on fxp0 proto 41 You might be able to substitue 41 with the symbolic name in /etc/protocols (ipv6). Note that you're trying to match the "protocol" field of an IPv4 address which, for the majority of internet traffic, is tcp, udp, or icmp; in this case its ipv6, because the contents of your IPv4 packets are the tunneled v6 packets. I think 'pass quick on fxp0 inet6' is checking against the type of the outer packet, which is actually an IPv4 packet. Good luck, --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --yK/6QRnH3Zanb0EF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBR74Y8SPHEDszU3zYAQK6/A/+MSxC5jJUBKg57HDp9sywz9hFSffm2tAX DTi8Byp7/PVIj95tIBYFtB96zJyNs2QMcs9lVDCzNUSltN29+K0W2dnOAys+fnZX GMoNZTsBPdF5fJ9ADBv6RQRV+mcHqomJl1pzSR+/i9tI17HL5Kf/8O729ToeyEI+ lCSRLAKB4F87Yk2m4BSHBtU2fJGrlOVLWZldmwnIGiqErFgvrKTQQWkv0Sf2tXYH kpcU9wugWYw0bUa8QQ12zzv/JoNSMpI2hOAlYuUn3cT7ie4tIblbdrCA43zR+1Wu uqqVGqESvvH7lfoiTYHQE1QfqrMkf5eFVJWy0FqnYx2hG1qv7swbhjX0jt7nSeIj rkLLlF47RQ0QDTBE+xrJB+BxWDKYrRuXiWnMWij51WGYlNS+C9WK+de6sYUN1n48 mdMPwoktDDh5h7eHKJiO8jm5Jw7atgeD4My09LIWNw5nJyX+Of05ZxDZNDhJc3gV mJlN0XsSgkadohrUcprBqgLEQ93lgH4wns3Ov4c3fSvjU+gErbl3Y07lpONTklWK Dz5V8SBeK9avuiR6POhUVWR87Rnau98mONOAvGu66d2xG5QKJ6HsjZxPM25hojpt ypmoivALg7TlhMFkUmxMydG4Y6q9Patl7Sn0DK+csb2WN4GK9+Nlafrn/D1LjluR SOhexGwv4Cs= =zPtS -----END PGP SIGNATURE----- --yK/6QRnH3Zanb0EF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080222003601.GN88015>