Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Aug 2007 16:38:37 +0200
From:      Jacek Zapala <jacek@ipv6.jacek.it.pl>
To:        Daniel Hartmeier <daniel@benzedrine.cx>
Cc:        freebsd-net@freebsd.org
Subject:   Re: kern/115413: [ipv6] ipv6 pmtu not working
Message-ID:  <1187707117.846.3.camel@localhost.localdomain>
In-Reply-To: <20070821143125.GB32421@insomnia.benzedrine.cx>
References:  <200708211010.l7LAA6V7082258@freefall.freebsd.org> <20070821121118.GF27160@insomnia.benzedrine.cx> <1187703472.22531.4.camel@localhost.localdomain> <20070821135048.GA32421@insomnia.benzedrine.cx> <1187705811.30269.5.camel@localhost.localdomain> <20070821143125.GB32421@insomnia.benzedrine.cx>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2007-08-21 at 16:31 +0200, Daniel Hartmeier wrote:
> Is the following a correct view of your setup:
> 
>   src ---- $int_if pf $ext_if ---- router ---- dst
> 
> Where client src connects to server dst, and you create the state
> entry
> when the initial TCP SYN goes out $ext_if on the firewall?
> 
> The ICMPv6 is coming in on $ext_if, in the reverse direction, relative
> to the initial TCP SYN?
> 
> And the router is between pf and dst, on the $ext_if side? 

pf is set up on src so it looks like:

src with pf ---- router ---- (internet) ---- dst

pf rule:
pass  out  quick on $if0 inet6 proto tcp from any to $dst_net port 22
flags S/SA keep state


	Jacek





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1187707117.846.3.camel>