From owner-freebsd-questions@FreeBSD.ORG Tue Dec 10 13:55:25 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DF2A2112 for ; Tue, 10 Dec 2013 13:55:25 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AFC591E1C for ; Tue, 10 Dec 2013 13:55:25 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 313C120901 for ; Tue, 10 Dec 2013 08:55:24 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Tue, 10 Dec 2013 08:55:24 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date:in-reply-to :references; s=smtpout; bh=dXV1tJiTsslM3LtkG8Tkskn70JQ=; b=GgZHK 1Ad03VU2Xnuj4Q04LyHLmXeAtJnbwQaC/IvlAsO1jgsGmeoL+mtHv+c3NX/EGN1I ItkQOVTmY6fDryu4QIocrdRfmn+C7eAScnVAgY29FZH9Ngd0GhDKGUw4gorEzr7x fq0Yuil41QRhWJvAWivONNJyk7kUFqvHHzU/x4= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id F0D13103E0C; Tue, 10 Dec 2013 08:55:23 -0500 (EST) Message-Id: <1386683723.5062.57813365.47243466@webmail.messagingengine.com> X-Sasl-Enc: 33RToTUsAgcG/2kmftzDH8Uoo8PWXg2bpZxpTAEmTD9V 1386683723 From: Mark Felder To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-605a1389 Subject: Re: pf blocking too much Date: Tue, 10 Dec 2013 07:55:23 -0600 In-Reply-To: <87wqjgfzz1.fsf@anonymous.siccegge.de> References: <87wqjgfzz1.fsf@anonymous.siccegge.de> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Dec 2013 13:55:25 -0000 On Sat, Dec 7, 2013, at 9:22, Christoph Egger wrote: > > Now I'm trying to set up a 6in4 tunnel (HE.net). Creating the gif > interface, routing usw and starting ping on the local network to some > system outside I can see the outgoing traffic pass gif0, then the > DSL/tun link and on the ping'ed system. However the returning traffic > comes in through the DSL/tun and disappears before reaching the > gif. (All according to tcpdump on the interfaces) > from my old bsd firewall config (now running a juniper, otherwise i'd still be using this): # Allow proto 41 for ipv6 tunnel pass in quick on egress inet proto 41 all