From owner-freebsd-net@FreeBSD.ORG Wed Feb 1 14:17:09 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 488A21065673 for ; Wed, 1 Feb 2012 14:17:09 +0000 (UTC) (envelope-from ericx@ericx.net) Received: from mail-qw0-f47.google.com (mail-qw0-f47.google.com [209.85.216.47]) by mx1.freebsd.org (Postfix) with ESMTP id 0333F8FC0A for ; Wed, 1 Feb 2012 14:17:08 +0000 (UTC) Received: by qadz30 with SMTP id z30so4007803qad.13 for ; Wed, 01 Feb 2012 06:17:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericx.net; s=selector0; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=CcDZBWdgXxFL0RUVS7ppXJTdbYg7H39/Pux1UurJ/f0=; b=bl1Wlrw20ezHZsnviJhPiMIiZEBUBA/xSKucSqmt9p1TZQW3I/BeTyV+/sExBQqpTR Me+A7HZtv5f0zgrBdhg5qQMFkZgv+dE9tlw1SHU1koTE+q758Dbe2uy7dU4o4sVN+R84 bTNdGGilbei0CfLDaS+OcBfVAlYowhV9DL01M= Received: by 10.224.86.206 with SMTP id t14mr854903qal.59.1328105828429; Wed, 01 Feb 2012 06:17:08 -0800 (PST) Received: from [10.0.0.54] (fw.educompmv.com. [75.150.112.177]) by mx.google.com with ESMTPS id s18sm47849042qaz.15.2012.02.01.06.17.07 (version=SSLv3 cipher=OTHER); Wed, 01 Feb 2012 06:17:07 -0800 (PST) Message-ID: <4F2948F3.1060408@ericx.net> Date: Wed, 01 Feb 2012 09:15:15 -0500 From: "Eric W. Bates" User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20120129 Thunderbird/10.0 MIME-Version: 1.0 To: Hajimu UMEMOTO References: <4F28C168.9010206@ericx.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: allowing gif thru ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2012 14:17:09 -0000 On 2/1/2012 3:32 AM, Hajimu UMEMOTO wrote: > Hi, > ericx> Am I even correct in assuming that my gif packets are being blocked? > > Are you trying to pass an IPv6 over IPv4 tunnel? If so, > > $fwcmd add 00140 allow ip4 from $he_tun to me proto ipv6 > $fwcmd add 00141 allow ip4 from me to $he_tun proto ipv6 > > should work for you. Yes, I'm trying to tunnel in ipv6 from HE. Really? I'm allowing ipv6 packets on the gif0 interface; but not on the lan interface simply because I assumed that like IPSec the encapsulated packets would not be seen as ipv6 on the ethernet interface? > Sincerely, > > -- > Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan > ume@mahoroba.org ume@{,jp.}FreeBSD.org > http://www.imasy.org/~ume/