Date: Sun, 23 Nov 2014 14:31:01 +0100 From: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> To: Robin Geuze <robing@transip.nl>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Configuring PF with Jails only having IPv6 Message-ID: <20141123133100.GE2833@len-x61s.klaas> In-Reply-To: <20141123131024.GC2833@len-x61s.klaas> References: <54709CEE.2090800@bluerosetech.com> <AM3PR02MB03919B240CBCB1009066B47BAA740@AM3PR02MB0391.eurprd02.prod.outlook.com> <20141123131024.GC2833@len-x61s.klaas>
next in thread | previous in thread | raw e-mail | index | archive | help
Niklaas Baudet von Gersdorff [2014-11-23 14:10 +0100] : > After applying this I could connect to the jail without any problem. So, > thank you very much. Nonetheless there was no outbound connection from > the jail possible. Luckily, I just solved this. It was the following > entry that caused problems: > > pass out on $ext_if proto tcp all modulate state > > Because it looks like that it's not possible to use modulate state with > IPv6, as shortly stated here: > > https://forums.freebsd.org/threads/9-1-and-outgoing-tcp6-operation-timed-out.36595/#post-202506 Just to give you an update about this. My solution is now pass out on $ext_if inet proto tcp all modulate state pass out on $ext_if inet6 proto tcp all keep state which does modulate state for IPv4 traffic and keep state for IPv6. In case this might be helpful for someone in future. -- Niklaas Baudet von Gersdorff niklaas@kulturflatrate.net http://www.twitter.com/NBvGersdorff http://www.kulturflatrate.net/niklaas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141123133100.GE2833>