Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 01 Feb 2012 10:21:51 -0500
From:      "Eric W. Bates" <ericx@ericx.net>
To:        Hajimu UMEMOTO <ume@freebsd.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: allowing gif thru ipfw
Message-ID:  <4F29588F.2090603@ericx.net>
In-Reply-To: <yge1uqe4mcy.wl%ume@mahoroba.org>
References:  <4F28C168.9010206@ericx.net> <yge1uqft0md.wl%ume@mahoroba.org> <4F2948F3.1060408@ericx.net> <yge1uqe4mcy.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
[sigh]

I stand enlightened with increased understanding. Thank you very much. 
That is exactly what I've been seeing on my pfSense machine and could 
not replicate on my stand-alone FBSD box.

On 2/1/2012 10:14 AM, Hajimu UMEMOTO wrote:
> Hi,
>
>>>>>> On Wed, 01 Feb 2012 09:15:15 -0500
>>>>>> "Eric W. Bates"<ericx@ericx.net>  said:
>
> ericx>  On 2/1/2012 3:32 AM, Hajimu UMEMOTO wrote:
>> Hi,
>
>> ericx>   Am I even correct in assuming that my gif packets are being blocked?
>>
>> Are you trying to pass an IPv6 over IPv4 tunnel?  If so,
>>
>> 	$fwcmd add 00140 allow ip4 from $he_tun to me proto ipv6
>> 	$fwcmd add 00141 allow ip4 from me to $he_tun proto ipv6
>>
>> should work for you.
>
> ericx>  Yes, I'm trying to tunnel in ipv6 from HE.
>
> Okay.
>
> ericx>  Really? I'm allowing ipv6 packets on the gif0 interface; but not on
> ericx>  the lan interface simply because I assumed that like IPSec the
> ericx>  encapsulated packets would not be seen as ipv6 on the ethernet
> ericx>  interface?
>
> Still, you need to allow an inner protocol number 41 to use an IPv6
> over IPv4 gif tunnel.  An inner protocol number of an IPv6 over IPv4
> tunnel is 41 which is defined as `ipv6' in /etc/protocols.
> The ipfw commands I mentioned in my previous mail should do it.
> Please take notice that `ip4' is an outer protocol and an `ipv6' in a
> proto option is treated as an inner protocol.
>
> Sincerely,
>
> --
> Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
> ume@mahoroba.org  ume@{,jp.}FreeBSD.org
> http://www.imasy.org/~ume/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F29588F.2090603>