Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Oct 2015 12:59:48 -0400
From:      David Mehler <dave.mehler@gmail.com>
To:        Kristof Provost <kp@freebsd.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Rules sanity check
Message-ID:  <CAPORhP6kQgeutnUnRwbRY==H34NsiBEecOzOvckqz-_c-gd=wA@mail.gmail.com>
In-Reply-To: <B32C77D5-AE6C-471F-8427-B581E80C6748@FreeBSD.org>
References:  <CAPORhP7GxqYGmzk1ZT7sAzMMze3CEwkWUCC2zDWRLNJZC=RH9Q@mail.gmail.com> <B32C77D5-AE6C-471F-8427-B581E80C6748@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

Thanks. How do I get icmpv6 going? That is certainly a problem I'm having.

Thanks.
Dave.


On 10/13/15, Kristof Provost <kp@freebsd.org> wrote:
>
>> On 13 Oct 2015, at 05:51, David Mehler <dave.mehler@gmail.com> wrote:
>> Some things I know definitely aren't working is the ipv6 allowing of
>> ssh and http, ipv6 ping doesn't work gives a udp error, ftp from the
>> machine the data connection doesn't come through, i'm assuming i'll
>> have that same problem when I set up a jailed ftp server as well.
>>
> You really, really want to allow ICMPv6. Without ICMPv6 critical things
> like path MTU (remember, there=E2=80=99s no router fragmentation in IPv6,=
 you
> *need* path MTU discovery) and router advertisements.
>
> It=E2=80=99s still possible to filter out undesirable ICMPv6 types, but I=
=E2=80=99d start
> out just allowing everything.
>
> I=E2=80=99ve not looked at the rest of it in any depth, but the ICMPv6 th=
ing
> probably
> explains all of the IPv6 issues you=E2=80=99ve had.
>
> Regards,
> Kristof
>
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP6kQgeutnUnRwbRY==H34NsiBEecOzOvckqz-_c-gd=wA>