Date: Mon, 20 Dec 2004 18:05:16 -0800 From: Charlie Schluting <charlie@schluting.com> To: freebsd-net@freebsd.org Subject: firewalling with tunnels, and/or ipv6 Message-ID: <41C784DC.5020805@schluting.com>
next in thread | raw e-mail | index | archive | help
Ok, I've got a v6 tunnel, and to make it work I had to "allow ipv6 from <endpoint>" in ipfw. From what I understand, I have to make a completely different set of rules for ipv6, and load them using the -6 flag. Correct so far? Ok, so I want to set up an ipip v4 tunnel to another box (that runs ipf), and then squirt ipv6 through the tunnel. Sounds easy, but I can't even seem to get the ipip tunnel working. The question: How do you configure ipf/ipfw (in a general sense) to allow ipip tunnels? More importantly, if I "allow ipip from <IP>" does that mean I just poked a big ass hole in the firewall... i.e. anything coming through the ipip tunnel will pass? Or, does that make an IP layer be shed, then the packet is run through all the rules again? Inefficient, but I'd think this would be the desired behaivor. At any rate, simply allowing ipip from <host> doesn't allow the v4 tunnel to work. What else is needed? (of course static routes, etc.) I think I'll stop here for now; once that's clear I should be able to set it up. Thanks, _Charlie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C784DC.5020805>