6to4 in 6.3-R?
Ivan Voras
ivoras at freebsd.org
Thu Dec 18 12:06:41 PST 2008
Hajimu UMEMOTO wrote:
> Hi,
>
>>>>>> On Tue, 16 Dec 2008 22:01:59 +0100
>>>>>> Ivan Voras <ivoras at freebsd.org> said:
>
> ivoras> > ping6 www.freebsd.org
> ivoras> PING6(56=40+8+8 bytes) 2002:a135:xxyy::1 --> 2001:4f8:fff6::21
> ivoras> ping6: sendmsg: Permission denied
> ivoras> ping6: wrote www.freebsd.org 16 chars, ret=-1
> ivoras> ping6: sendmsg: Permission denied
> ivoras> ping6: wrote www.freebsd.org 16 chars, ret=-1
> ivoras> ^C
> ivoras> --- www.freebsd.org ping6 statistics ---
> ivoras> 2 packets transmitted, 0 packets received, 100.0% packet loss
>
> ivoras> It can ping6 itself. I have ipfw here but a very early rule says "allow
> ivoras> ipv6 from any to any". It's triggered, judging by the packet counts, but
> ivoras> apparently only in one direction (in the above example, only 2 packets
> ivoras> would be accounted for).
>
> Though "allow ipv6 from any to any" allows native IPv6 traffic, it
> doesn't allow IPv6 over IPv4 traffic e.g. 6to4. I suspect you don't
> have a rule to allow 6to4 traffic. Please try the following rule, and
> see the result:
>
> allow ip4 from any to any proto ipv6
You are very much correct - I forgot to allow the inner protocol! Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20081218/50b6cb9e/signature.pgp
More information about the freebsd-net
mailing list