From owner-freebsd-net@FreeBSD.ORG Wed Feb 1 15:41:11 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 808C0106566C for ; Wed, 1 Feb 2012 15:41:11 +0000 (UTC) (envelope-from kirk.davis@epsb.ca) Received: from OWA01.EDU.epsb.ca (owa01.epsb.ca [198.161.119.28]) by mx1.freebsd.org (Postfix) with ESMTP id 537068FC15 for ; Wed, 1 Feb 2012 15:41:11 +0000 (UTC) Received: from Exchange26.EDU.epsb.ca ([10.0.5.123]) by OWA01.EDU.epsb.ca with Microsoft SMTPSVC(6.0.3790.4675); Wed, 1 Feb 2012 08:41:10 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Date: Wed, 1 Feb 2012 08:40:35 -0700 Message-ID: <529374128DC1B04D9D037911B8E8F0531095BC8B@Exchange26.EDU.epsb.ca> In-Reply-To: <4F294AEB.3060405@grosbein.pp.ru> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: allowing gif thru ipfw Thread-Index: Aczg7TbpPTj5/ipNQQ6PQK9MLR6unAACccUA References: <4F28C168.9010206@ericx.net> <4F28E1C7.4060209@grosbein.pp.ru><4F28F284.7070301@FreeBSD.org> <4F294839.6060803@ericx.net> <4F294AEB.3060405@grosbein.pp.ru> From: "Kirk Davis" To: X-OriginalArrivalTime: 01 Feb 2012 15:41:10.0556 (UTC) FILETIME=[EBDCC5C0:01CCE0F7] Subject: RE: allowing gif thru ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2012 15:41:11 -0000 On Wednesday, February 01, 2012 7:24 AM wrote Eugene Grosbein >01.02.2012 21:12, Eric W. Bates =D0=C9=DB=C5=D4: >> On 2/1/2012 3:06 AM, Doug Barton wrote: >>> If it's a hurricane electric tunnel don't you want protocol 41? >>=20 >> Well, it's a straight up gif. Right this second I'm trying to suss = out=20 >> which protocol gif's use. If it's documented, I can't find it. The=20 >> closest bit I can find on the man page is: >>=20 >> The behavior of gif is mainly based on RFC2893 IPv6-over-IPv4=20 >> configured tunnel. >>=20 >> I tried to read the pertinent parts of the RFC, but it doesn't really = >> discuss "type" or "protocol". It does talk about some header size = issues. >>=20 >> Since ipfw is obviously blocking something and I can't get a handle = on=20 >> it with tcpdump, I'm groping for an understanding of the shape of the = >> gif packets. > >Have you tried "tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp = and not udp and not icmp" ? > >I do not use IPv6 over IPv4 tunnels and not sure. >Perhaps, that is IPIP protocol (number 94 decimal)? I use a number of gif tunnels with ipfw and I have always used 'ipencap' = (protocol 4) for my ipfw rules. One you break it out of the tunnel = though you can then use ipfw one the inside tunnel traffic. I don't = have one with HE right now so they may be different but this is what I = use for a standard ipv4-ipv4 gif tunnel. ---- kirk