Date: Thu, 18 Dec 2008 21:06:28 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Subject: Re: 6to4 in 6.3-R? Message-ID: <gieafv$f1$1@ger.gmane.org> In-Reply-To: <yge4p11xs76.wl%ume@mahoroba.org> References: <gi950h$91i$1@ger.gmane.org> <yge4p11xs76.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hajimu UMEMOTO wrote: > Hi, > >>>>>> On Tue, 16 Dec 2008 22:01:59 +0100 >>>>>> Ivan Voras <ivoras@freebsd.org> said: > > ivoras> > ping6 www.freebsd.org > ivoras> PING6(56=40+8+8 bytes) 2002:a135:xxyy::1 --> 2001:4f8:fff6::21 > ivoras> ping6: sendmsg: Permission denied > ivoras> ping6: wrote www.freebsd.org 16 chars, ret=-1 > ivoras> ping6: sendmsg: Permission denied > ivoras> ping6: wrote www.freebsd.org 16 chars, ret=-1 > ivoras> ^C > ivoras> --- www.freebsd.org ping6 statistics --- > ivoras> 2 packets transmitted, 0 packets received, 100.0% packet loss > > ivoras> It can ping6 itself. I have ipfw here but a very early rule says "allow > ivoras> ipv6 from any to any". It's triggered, judging by the packet counts, but > ivoras> apparently only in one direction (in the above example, only 2 packets > ivoras> would be accounted for). > > Though "allow ipv6 from any to any" allows native IPv6 traffic, it > doesn't allow IPv6 over IPv4 traffic e.g. 6to4. I suspect you don't > have a rule to allow 6to4 traffic. Please try the following rule, and > see the result: > > allow ip4 from any to any proto ipv6 You are very much correct - I forgot to allow the inner protocol! Thanks! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJSq1EldnAQVacBcgRArmEAJ9YeMFyIf713lLhoBMo9Nd9s/Rv+QCfV/ns XV7TGMxOys00kzm/oydBnwc= =YkOd -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?gieafv$f1$1>