FBSD 6.0 ipfw weirdness with ssh x-forwarding
Eric W. Bates
ericx_lists at vineyard.net
Sat Dec 10 07:43:10 PST 2005
My 6.0 upgrades have been going smoothly. However, I had to add:
121 allow all from me6 to me6
along with my normal:
120 allow all from me to me
before I could forward my X applications on a machine with IPSec
compiled in. Similar machines with IPv6 but no IPSEC listed in the
config options do not exhibit this behavior. I was clued by the
following errors in the log:
Dec 9 23:15:33 <security.info> gertrude kernel: ipfw: 510 Deny TCP
[::0001]:6010 [::0001]:61310 out via lo0
I was hoping someone smarter than I could point me to any documentation
about the change.
Has ipfw recently split me and me6 (I never noticed the latter before
because I'm not using IPv6 yet [shame])?
Is this a change in the way the 6.0 kernel handles lo0 traffic in general?
Is this a change in ssh forwarding? Or has there always been IPv6 traffic?
Thanks for your time.
--
Eric W. Bates
More information about the freebsd-net
mailing list