Date: Sun, 11 Dec 2005 13:46:21 +0000 From: Brian Candler <B.Candler@pobox.com> To: "Eric W. Bates" <ericx_lists@vineyard.net> Cc: freebsd-net@freebsd.org Subject: Re: FBSD 6.0 ipfw weirdness with ssh x-forwarding Message-ID: <20051211134621.GA98105@uk.tiscali.com> In-Reply-To: <439AF794.3080909@vineyard.net> References: <439AF794.3080909@vineyard.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 10, 2005 at 10:43:16AM -0500, Eric W. Bates wrote: > Dec 9 23:15:33 <security.info> gertrude kernel: ipfw: 510 Deny TCP > [::0001]:6010 [::0001]:61310 out via lo0 Note that ::0001 is the IPv6 "localhost" address (equivalent to IPv4 127.0.0.1) > I was hoping someone smarter than I could point me to any documentation > about the change. > > Has ipfw recently split me and me6 (I never noticed the latter before > because I'm not using IPv6 yet [shame])? Looking on a 5.4-STABLE system, the ipfw(8) manpage mentions 'me' but not 'me6'. Looking on the web, at http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=8&manpath=FreeBSD+6.0-RELEASE+and+Ports&format=html I see 'me' and 'me6' options. So yes, it looks like it has been split. > Is this a change in the way the 6.0 kernel handles lo0 traffic in general? > > Is this a change in ssh forwarding? Or has there always been IPv6 traffic? IPv6 support has been around in FreeBSD for a long time. If this causes you pain (as it does for me), then I recommend you remove 'options INET6' from your kernel config and rebuild the kernel. Other things to look for are your hosts file, which may have ::1 localhost 127.0.0.1 localhost in which case you can swap them, or comment out the IPv6 ::1 one altogether (otherwise IPv6 is preferred over IPv4 when using localhost). Also, a lot of ports tend to build with IPV6 support unless you explicitly disable it. I think there's a setting you can put in /etc/make.conf but I can't remember offhand what it is. Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051211134621.GA98105>