From owner-freebsd-stable Tue Feb 27 7:25:49 2001 Delivered-To: freebsd-stable@freebsd.org Received: from serenity.mcc.ac.uk (serenity.mcc.ac.uk [130.88.200.93]) by hub.freebsd.org (Postfix) with ESMTP id 1E31E37B71A for ; Tue, 27 Feb 2001 07:25:46 -0800 (PST) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by serenity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14Xm0X-000A3s-00 for freebsd-stable@freebsd.org; Tue, 27 Feb 2001 15:25:45 +0000 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f1RFPi369366 for freebsd-stable@freebsd.org; Tue, 27 Feb 2001 15:25:44 GMT (envelope-from rasputin) Date: Tue, 27 Feb 2001 15:25:44 +0000 From: Rasputin To: freebsd-stable@freebsd.org Subject: IPF and IPv6 Message-ID: <20010227152544.A69259@dogma.freebsd-uk.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Afternoon people, just wondered if anyone was using ipf with 6-to-4 tunneling (a la freenet6.net)? I'm on a dialup (using gifconfig to build a tunnel through tun0), so there are no IPs mentioned in the ruleset, apart from the usual RFC1918 suspects. If I ping6 outbound to www.normos.org, the returned packets are blocked as though 'keep state' was doing nothing. Turning off ipf starts the traffic flowing instantly, so it's definitely the cause, as does: 'pass in on tun0 from any to any proto ipv6' but 'pass out on tun0 from any to any proto icmp keep state keep frags' doesn't help, and 'pass out on tun0 from any to any proto ipv6 keep state keep frags' gives an error, saying state only works for tcp/udp/icmp. But surely these *are* ICMP packets? So I reckon either: a) IPF can't tell that sessions going out of gif0 come back through tun0 (unlikely) or b) IPv6 support in FreeBSD isn't as full-on as I thought or c) I need a thwack with the cluestick. I don't particularly want to spam you all with my ruleset, but if anyone has got this working, please let me know how you did it. Cheers. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message