FBSD 6.0 ipfw weirdness with ssh x-forwarding

Eric W. Bates ericx_lists at vineyard.net
Sat Dec 10 07:43:10 PST 2005


My 6.0 upgrades have been going smoothly. However, I had to add:

  121 allow all from me6 to me6

along with my normal:

  120 allow all from me to me

before I could forward my X applications on a machine with IPSec
compiled in. Similar machines with IPv6 but no IPSEC listed in the
config options do not exhibit this behavior. I was clued by the
following errors in the log:

Dec  9 23:15:33 <security.info> gertrude kernel: ipfw: 510 Deny TCP
[::0001]:6010 [::0001]:61310 out via lo0

I was hoping someone smarter than I could point me to any documentation
about the change.

Has ipfw recently split me and me6 (I never noticed the latter before
because I'm not using IPv6 yet [shame])?

Is this a change in the way the 6.0 kernel handles lo0 traffic in general?

Is this a change in ssh forwarding?  Or has there always been IPv6 traffic?

Thanks for your time.

--
Eric W. Bates


More information about the freebsd-net mailing list