Date: Thu, 02 Feb 2012 00:14:21 +0900 From: Hajimu UMEMOTO <ume@freebsd.org> To: "Eric W. Bates" <ericx@ericx.net> Cc: freebsd-net@freebsd.org Subject: Re: allowing gif thru ipfw Message-ID: <yge1uqe4mcy.wl%ume@mahoroba.org> In-Reply-To: <4F2948F3.1060408@ericx.net> References: <4F28C168.9010206@ericx.net> <yge1uqft0md.wl%ume@mahoroba.org> <4F2948F3.1060408@ericx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Wed, 01 Feb 2012 09:15:15 -0500
>>>>> "Eric W. Bates" <ericx@ericx.net> said:
ericx> On 2/1/2012 3:32 AM, Hajimu UMEMOTO wrote:
> Hi,
> ericx> Am I even correct in assuming that my gif packets are being blocked?
>
> Are you trying to pass an IPv6 over IPv4 tunnel? If so,
>
> $fwcmd add 00140 allow ip4 from $he_tun to me proto ipv6
> $fwcmd add 00141 allow ip4 from me to $he_tun proto ipv6
>
> should work for you.
ericx> Yes, I'm trying to tunnel in ipv6 from HE.
Okay.
ericx> Really? I'm allowing ipv6 packets on the gif0 interface; but not on
ericx> the lan interface simply because I assumed that like IPSec the
ericx> encapsulated packets would not be seen as ipv6 on the ethernet
ericx> interface?
Still, you need to allow an inner protocol number 41 to use an IPv6
over IPv4 gif tunnel. An inner protocol number of an IPv6 over IPv4
tunnel is 41 which is defined as `ipv6' in /etc/protocols.
The ipfw commands I mentioned in my previous mail should do it.
Please take notice that `ip4' is an outer protocol and an `ipv6' in a
proto option is treated as an inner protocol.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge1uqe4mcy.wl%ume>