Date: Wed, 1 Feb 2012 08:40:35 -0700 From: "Kirk Davis" <kirk.davis@epsb.ca> To: <freebsd-net@freebsd.org> Subject: RE: allowing gif thru ipfw Message-ID: <529374128DC1B04D9D037911B8E8F0531095BC8B@Exchange26.EDU.epsb.ca> In-Reply-To: <4F294AEB.3060405@grosbein.pp.ru> References: <4F28C168.9010206@ericx.net> <4F28E1C7.4060209@grosbein.pp.ru><4F28F284.7070301@FreeBSD.org> <4F294839.6060803@ericx.net> <4F294AEB.3060405@grosbein.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, February 01, 2012 7:24 AM wrote Eugene Grosbein >01.02.2012 21:12, Eric W. Bates =D0=C9=DB=C5=D4: >> On 2/1/2012 3:06 AM, Doug Barton wrote: >>> If it's a hurricane electric tunnel don't you want protocol 41? >>=20 >> Well, it's a straight up gif. Right this second I'm trying to suss = out=20 >> which protocol gif's use. If it's documented, I can't find it. The=20 >> closest bit I can find on the man page is: >>=20 >> The behavior of gif is mainly based on RFC2893 IPv6-over-IPv4=20 >> configured tunnel. >>=20 >> I tried to read the pertinent parts of the RFC, but it doesn't really = >> discuss "type" or "protocol". It does talk about some header size = issues. >>=20 >> Since ipfw is obviously blocking something and I can't get a handle = on=20 >> it with tcpdump, I'm groping for an understanding of the shape of the = >> gif packets. > >Have you tried "tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp = and not udp and not icmp" ? > >I do not use IPv6 over IPv4 tunnels and not sure. >Perhaps, that is IPIP protocol (number 94 decimal)? I use a number of gif tunnels with ipfw and I have always used 'ipencap' = (protocol 4) for my ipfw rules. One you break it out of the tunnel = though you can then use ipfw one the inside tunnel traffic. I don't = have one with HE right now so they may be different but this is what I = use for a standard ipv4-ipv4 gif tunnel. ---- kirk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?529374128DC1B04D9D037911B8E8F0531095BC8B>