From owner-freebsd-net@FreeBSD.ORG Sat Jan 17 17:46:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 940B016A4CE for ; Sat, 17 Jan 2004 17:46:15 -0800 (PST) Received: from netlx014.civ.utwente.nl (netlx014.civ.utwente.nl [130.89.1.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B94843D5F for ; Sat, 17 Jan 2004 17:46:12 -0800 (PST) (envelope-from r.s.a.vandomburg@student.utwente.nl) Received: from gog (gog.student.utwente.nl [130.89.165.107]) by netlx014.civ.utwente.nl (8.11.7/HKD) with ESMTP id i0I1k0J20009 for ; Sun, 18 Jan 2004 02:46:00 +0100 Message-Id: <200401180146.i0I1k0J20009@netlx014.civ.utwente.nl> From: "Roderick van Domburg" To: Date: Sun, 18 Jan 2004 02:46:11 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Thread-Index: AcPdZNnsjW/ODD0lQOevdA0+C8RVJQ== X-UTwente-MailScanner-Information: Scanned by MailScanner. Contact helpdesk@ITBE.utwente.nl for more information. X-UTwente-MailScanner: Found to be clean Subject: ip6fw borkage on sparc64 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2004 01:46:15 -0000 Hello everybody, I just built and installed a new world and kernel on a sparc64, and unfortunately ip6fw no longer seems to work correctly. The box runs an IPv6-enabled Apache server. With the previous kernel (Sun Jan 11 14:03:52 CET 2004), I could access that Apache server without any problems from my IPv6-enabled workstation. With today's kernel (Sun Jan 18 01:30:58 CET 2004) the same firewall configuration no longer does the trick (attached below). Funny thing: if I issue a "ip6fw add 50 allow ipv6 from any to any", everything looks peachy, but a "ip6fw add 50 allow tcp from any to any" blocks traffic all the same. Any idea? Regards, Roderick -8<-- 00100 allow ipv6 from any to any via lo0 00200 allow ipv6-icmp from :: to ff02::/16 00300 allow ipv6-icmp from fe80::/10 to fe80::/10 00400 allow ipv6-icmp from fe80::/10 to ff02::/16 00500 allow ipv6 from fe80::/10 to ff02::/16 00600 allow ipv6 from 2001:610:1908::/48 to ff02::/16 00700 allow tcp from any to any established 00800 allow ipv6 from any to any frag 00900 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 22 setup 01000 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 25 setup 01100 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 80 setup 01200 allow tcp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any setup 01300 deny tcp from any to any setup 01400 allow udp from any 53 to 2001:610:1908:8000:a00:20ff:fecf:c01b 01500 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 53 01600 allow ipv6-icmp from any to any icmptype 33 01700 allow ipv6-icmp from any to any icmptype 34 65535 deny ipv6 from any to any