From owner-freebsd-stable@FreeBSD.ORG Wed Feb 8 17:09:45 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E27FD16A420 for ; Wed, 8 Feb 2006 17:09:45 +0000 (GMT) (envelope-from ume@mahoroba.org) Received: from ameno.mahoroba.org (gw4.mahoroba.org [218.45.22.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DD9243D46 for ; Wed, 8 Feb 2006 17:09:42 +0000 (GMT) (envelope-from ume@mahoroba.org) Received: from kasuga.mahoroba.org (IDENT:nuQU1NxBs6HwIrfp6hTFKQxerkCEEN4jJIbqbP1UcfAZ0v7YmNkw4HEBCsFlEZWK@kasuga-iwi.mahoroba.org [IPv6:3ffe:501:185b:8010:212:f0ff:fe52:6ac]) (user=ume mech=CRAM-MD5 bits=0) by ameno.mahoroba.org (8.13.4/8.13.4) with ESMTP/inet6 id k18H9W3T044920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Feb 2006 02:09:36 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Thu, 09 Feb 2006 02:09:32 +0900 Message-ID: From: Hajimu UMEMOTO To: Neal Nelson In-Reply-To: <5e9d9fe557ea6dedf8f173c257a0c7a9@kobudo.homeunix.net> References: <5e9d9fe557ea6dedf8f173c257a0c7a9@kobudo.homeunix.net> User-Agent: xcite1.38> Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-unknown-freebsd6.1) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 6.1-PRERELEASE X-PGP-Key: http://www.imasy.or.jp/~ume/publickey.asc X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5 BF5F 04E9 F086 BF90 71FE Organization: Internet Mutual Aid Society, YOKOHAMA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.1.3 (ameno.mahoroba.org [IPv6:3ffe:501:185b:8010::1]); Thu, 09 Feb 2006 02:09:36 +0900 (JST) X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ameno.mahoroba.org Cc: freebsd-stable@freebsd.org Subject: Re: IPv6 and IPFW X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 17:09:46 -0000 Hi, >>>>> On Wed, 8 Feb 2006 14:32:03 +0100 >>>>> Neal Nelson said: nealie> I've been trying to set up IPv6 and without ipfw my tunnel seems to nealie> work. However I cannot seem to setup ipfw to allow IPv6 to flow. Do I nealie> need to use ip6fw or just ipfw as that seems to accept ip6 protocols. nealie> If I need to use ip6fw then why does ipfw accept ip6 protocols? nealie> I'm using -STABLE from yesterday. The ipfw in 6-STABLE has an IPv6 awareness, but it is not enabled as far as you use ipfw as a KLD module. If ipfw is compiled into kernel, ipfw does filterling an IPv6 as well. If you wish to enable an IPv6 support of ipfw as an KLD module, put following lines into your /etc/make.conf and rebuild ipfw.ko: .if ${.CURDIR} == "/usr/src/sys/modules/ipfw" CFLAGS+= -DINET6 .endif If you don't want to filter an IPv6 by ipfw, and want to filter an IPv6 by ip6fw, please add following rule in your ipfw rule: add pass ip6 from any to any Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/