From owner-freebsd-net@FreeBSD.ORG Thu Dec 18 20:06:40 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC8411065673 for ; Thu, 18 Dec 2008 20:06:40 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 7904D8FC19 for ; Thu, 18 Dec 2008 20:06:39 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LDP8i-0002My-OA for freebsd-net@freebsd.org; Thu, 18 Dec 2008 20:06:34 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 18 Dec 2008 20:06:32 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 18 Dec 2008 20:06:32 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Ivan Voras Date: Thu, 18 Dec 2008 21:06:28 +0100 Lines: 57 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigDBA2173EF5D4CE8E85005F9C" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.18 (X11/20081125) In-Reply-To: X-Enigmail-Version: 0.95.0 Sender: news Subject: Re: 6to4 in 6.3-R? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2008 20:06:41 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDBA2173EF5D4CE8E85005F9C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hajimu UMEMOTO wrote: > Hi, >=20 >>>>>> On Tue, 16 Dec 2008 22:01:59 +0100 >>>>>> Ivan Voras said: >=20 > ivoras> > ping6 www.freebsd.org > ivoras> PING6(56=3D40+8+8 bytes) 2002:a135:xxyy::1 --> 2001:4f8:fff6::2= 1 > ivoras> ping6: sendmsg: Permission denied > ivoras> ping6: wrote www.freebsd.org 16 chars, ret=3D-1 > ivoras> ping6: sendmsg: Permission denied > ivoras> ping6: wrote www.freebsd.org 16 chars, ret=3D-1 > ivoras> ^C > ivoras> --- www.freebsd.org ping6 statistics --- > ivoras> 2 packets transmitted, 0 packets received, 100.0% packet loss >=20 > ivoras> It can ping6 itself. I have ipfw here but a very early rule say= s "allow > ivoras> ipv6 from any to any". It's triggered, judging by the packet co= unts, but > ivoras> apparently only in one direction (in the above example, only 2 = packets > ivoras> would be accounted for). >=20 > Though "allow ipv6 from any to any" allows native IPv6 traffic, it > doesn't allow IPv6 over IPv4 traffic e.g. 6to4. I suspect you don't > have a rule to allow 6to4 traffic. Please try the following rule, and > see the result: >=20 > allow ip4 from any to any proto ipv6 You are very much correct - I forgot to allow the inner protocol! Thanks!= --------------enigDBA2173EF5D4CE8E85005F9C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJSq1EldnAQVacBcgRArmEAJ9YeMFyIf713lLhoBMo9Nd9s/Rv+QCfV/ns XV7TGMxOys00kzm/oydBnwc= =YkOd -----END PGP SIGNATURE----- --------------enigDBA2173EF5D4CE8E85005F9C--