From owner-freebsd-net@FreeBSD.ORG Thu Dec 18 18:18:44 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D709106564A; Thu, 18 Dec 2008 18:18:44 +0000 (UTC) (envelope-from ume@mahoroba.org) Received: from asuka.mahoroba.org (unknown [IPv6:2001:2f0:104:8010::1]) by mx1.freebsd.org (Postfix) with ESMTP id D14C58FC1C; Thu, 18 Dec 2008 18:18:43 +0000 (UTC) (envelope-from ume@mahoroba.org) Received: from kasuga.mahoroba.org (IDENT:DO9pd7JVZxa/zNrXDac6yzmDPjF5OFM8f9QdA1prp5XOKkk11gzojgHgupWnGQPc@kasuga.mahoroba.org [IPv6:2001:2f0:104:8010:20b:97ff:fe2e:b521]) (user=ume mech=CRAM-MD5 bits=0) by asuka.mahoroba.org (8.14.3/8.14.3) with ESMTP/inet6 id mBIIIb62074181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 19 Dec 2008 03:18:37 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Fri, 19 Dec 2008 03:18:37 +0900 Message-ID: From: Hajimu UMEMOTO To: Ivan Voras In-Reply-To: References: User-Agent: xcite1.58> Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.7 Emacs/22.3 (i386-portbld-freebsd7.1) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 7.1-PRERELEASE X-PGP-Key: http://www.imasy.or.jp/~ume/publickey.asc X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5 BF5F 04E9 F086 BF90 71FE Organization: Internet Mutual Aid Society, YOKOHAMA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (asuka.mahoroba.org [IPv6:2001:2f0:104:8010::1]); Fri, 19 Dec 2008 03:18:37 +0900 (JST) X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on asuka.mahoroba.org Cc: freebsd-net@freebsd.org Subject: Re: 6to4 in 6.3-R? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2008 18:18:44 -0000 Hi, >>>>> On Tue, 16 Dec 2008 22:01:59 +0100 >>>>> Ivan Voras said: ivoras> > ping6 www.freebsd.org ivoras> PING6(56=40+8+8 bytes) 2002:a135:xxyy::1 --> 2001:4f8:fff6::21 ivoras> ping6: sendmsg: Permission denied ivoras> ping6: wrote www.freebsd.org 16 chars, ret=-1 ivoras> ping6: sendmsg: Permission denied ivoras> ping6: wrote www.freebsd.org 16 chars, ret=-1 ivoras> ^C ivoras> --- www.freebsd.org ping6 statistics --- ivoras> 2 packets transmitted, 0 packets received, 100.0% packet loss ivoras> It can ping6 itself. I have ipfw here but a very early rule says "allow ivoras> ipv6 from any to any". It's triggered, judging by the packet counts, but ivoras> apparently only in one direction (in the above example, only 2 packets ivoras> would be accounted for). Though "allow ipv6 from any to any" allows native IPv6 traffic, it doesn't allow IPv6 over IPv4 traffic e.g. 6to4. I suspect you don't have a rule to allow 6to4 traffic. Please try the following rule, and see the result: allow ip4 from any to any proto ipv6 Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/