From owner-freebsd-net@FreeBSD.ORG Wed Feb 1 14:14:03 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 19FB11065675 for ; Wed, 1 Feb 2012 14:14:03 +0000 (UTC) (envelope-from ericx@ericx.net) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id C38F88FC0A for ; Wed, 1 Feb 2012 14:14:02 +0000 (UTC) Received: by qcmt40 with SMTP id t40so929622qcm.13 for ; Wed, 01 Feb 2012 06:14:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericx.net; s=selector0; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=mYgmjrqoxLeqhI3zEdMWCLzNAdhglF1E9h+lVc2Gu7s=; b=M7NJoBvwKyXm59vh5Fr0kZge9OCcpRygulcWdjMC5FDPzVjjp0O+hwoG1UIdEsA0fN ykjGi/vgyyjm7wwZmfVp03PGSnm7IMwi3rFQTL5BZmkq5B1ab8JRemkk810ntxGDfwiM phz7Q44Tjbcw5+DvFv7dhR7/5ngkMBVOSyxto= Received: by 10.229.77.134 with SMTP id g6mr10534116qck.33.1328105641627; Wed, 01 Feb 2012 06:14:01 -0800 (PST) Received: from [10.0.0.54] (fw.educompmv.com. [75.150.112.177]) by mx.google.com with ESMTPS id dm7sm47848017qab.5.2012.02.01.06.14.00 (version=SSLv3 cipher=OTHER); Wed, 01 Feb 2012 06:14:01 -0800 (PST) Message-ID: <4F294839.6060803@ericx.net> Date: Wed, 01 Feb 2012 09:12:09 -0500 From: "Eric W. Bates" User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20120129 Thunderbird/10.0 MIME-Version: 1.0 To: Doug Barton References: <4F28C168.9010206@ericx.net> <4F28E1C7.4060209@grosbein.pp.ru> <4F28F284.7070301@FreeBSD.org> In-Reply-To: <4F28F284.7070301@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org, Eugene Grosbein Subject: Re: allowing gif thru ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2012 14:14:03 -0000 On 2/1/2012 3:06 AM, Doug Barton wrote: > If it's a hurricane electric tunnel don't you want protocol 41? Well, it's a straight up gif. Right this second I'm trying to suss out which protocol gif's use. If it's documented, I can't find it. The closest bit I can find on the man page is: The behavior of gif is mainly based on RFC2893 IPv6-over-IPv4 configured tunnel. I tried to read the pertinent parts of the RFC, but it doesn't really discuss "type" or "protocol". It does talk about some header size issues. Since ipfw is obviously blocking something and I can't get a handle on it with tcpdump, I'm groping for an understanding of the shape of the gif packets. > On 01/31/2012 22:55, Eugene Grosbein wrote: >> 01.02.2012 11:36, Eric W. Bates пишет: >>> Seems like a silly question; but how does one allow the packets >>> composing a gif tunnel thru ipfw? >>> >>> I assumed a gif was made up of ipencap (IP proto 4) packets and added rules: >>> >>> $fwcmd add 00140 allow ipencap from $he_tun to me >>> $fwcmd add 00141 allow ipencap from me to $he_tun >>> >>> ($he_tun is an Hurricane Electric provider); but neither of them are >>> hit; so that's wrong... >>> >>> tcpdump -i em_vlan5 -nnvvs0 ip proto 4 >>> >>> doesn't show any packets either... >> >> Try: >> >> tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp >> >> Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers. >> >> Eugene Grosbein >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > >