From owner-freebsd-questions Fri Aug 30 7:39:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0D6537B400 for ; Fri, 30 Aug 2002 07:39:22 -0700 (PDT) Received: from mx.headlight.de (mx.headlight.de [62.111.62.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8ABD43E3B for ; Fri, 30 Aug 2002 07:39:21 -0700 (PDT) (envelope-from hartmann@headlight.de) Received: from NB (office.headlight.de [195.2.180.3]) by mx.headlight.de (Postfix) with ESMTP id 3E362BA35 for ; Fri, 30 Aug 2002 16:38:42 +0200 (CEST) From: "Bert Hartmann" Organization: Headlight Housingfactory GmbH To: freebsd-questions@freebsd.org Date: Fri, 30 Aug 2002 16:39:14 +0200 MIME-Version: 1.0 Subject: IPv6, IPV6FIREWALL, Type=OPEN >> permission denied? Message-ID: <3D6F9FB2.13836.1603709@localhost> X-mailer: Pegasus Mail for Windows (v4.02) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I've added IPv6FIREWALL into kernel config, new kernel was built and entered /etc/rc.conf:ipv6_firewall_type="OPEN" but after reboot v6-communication is damaged. FreeBSD 4.6-RELEASE with IPv6 enabled, IPV6FIREWALL in kernel. /etc/rc.conf: ipv6_firewall_enable="YES" and ipv6_firewall_type="OPEN". #ip6fw list 00100 allow ipv6 from any to any via lo0 00200 allow ipv6-icmp from :: to ff02::/16 00300 allow ipv6-icmp from fe80::/10 to fe80::/10 00400 allow ipv6-icmp from fe80::/10 to ff02::/16 65000 allow ipv6 from any to any 65100 allow ipv6-icmp from any to any 65535 deny ipv6 from any to any but ping6 >>>> ping6: sendmsg: Permission denied Another problem since I've added IPV6FIREWALL: wwwoffles[563]: Failed to create and connect client socket. wwwoffles[563]: Cannot open the HTTP connection to .... [Permission denied]. wwwoffle is a proxyserver. Before I added the firewall v4 and v6 targets were reached correctly. Now v4-targets still work and v6 won't because wwwoffled can't create a socket. With type=open and its rules 65000+65100 every targets should be reachable or not? What about the socket problem? A socket should be created idependently of an existing firewall and if the rules would deny a target the connection couldn't be setup up ok. But why this socket error? Any ideas? thanks bert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message