8.0-BETA1 - for the record - different paths followed by IPv4
and IPv6 for 'local' connections
hlh at restart.be
Sat Jul 11 10:09:50 UTC 2009
Li, Qing wrote:
> Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/
> and let me know how it works out for you. I thought I had committed the patch
> but turned out I didn't.
I apply the patch, reset my pf.conf to its previous content and all is
running smoothly. By the way, I discover after my post that my
"solution" was not working for long (many bytes) connections and this is
Many thank for your time
PS please commit as soon as possible
>> On 8.0-BETA1 there is an assymetry:
>> netstat -rn display
>> 192.168.24.1 link#3
>> no entry for 2001:41d0:2:2d29:1:1::
> This is by design as part of the new architecture in 8.0, which maintains
> the L2 ARP/ND6 and L3 routing tables separately.
> -- Qing
> -----Original Message-----
> From: owner-freebsd-stable at freebsd.org on behalf of Henri Hennebert
> Sent: Fri 7/10/2009 5:32 AM
> To: freebsd-stable at freebsd.org; freebsd-st at freebsd.org
> Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections
> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when
> connecting with firefox to a local apache server using the global
> unicast IPv6 address of the local machine. pf.conf must be updated!
> My configuration:
> [root at avoriaz ~]# ifconfig em0
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether 00:1d:60:ad:2a:ce
> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255
> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1
> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80
> media: Ethernet 100baseTX (100baseTX <half-duplex>)
> status: active
> [root at avoriaz ~]# host www.restart.bel
> www.restart.bel is an alias for avoriaz.restart.bel.
> avoriaz.restart.bel has address 192.168.24.1
> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1::
> block in log all
> block out log all
> set skip on lo0
> antispoof quick for $int_if inet
> # Allow trafic with physical internal network
> pass in quick on $int_if from ($int_if:network) to ($int_if) keep state
> pass out quick on $int_if from ($int_if) to ($int_if:network) keep state
> The problem:
> [root at avoriaz ~]# telnet -4 www.restart.bel 80
> Trying 192.168.24.1...
> Connected to avoriaz.restart.bel.
> Escape character is '^]'.
> telnet> quit
> Connection closed.
> [root at avoriaz ~]# telnet -6 www.restart.bel 80
> Trying 2001:41d0:2:2d29:1:1::...
> --->Never connect and get a timeout!
> tcpdump and logging in pf show me that
> For a IPv4 connection:
> the packet from telnet to apache pass 2 times on lo0 (out and in)
> the answer packet from apache to telnet pass 2 times on lo0 (out and in)
> So no problem, there is `set skip on lo0'
> For a IPv6 connection:
> The first packet from telnet to apache pass 2 times on lo0 (out and in)
> The answer packet from apache to telnet path on em0 and is rejected
> due to the default flags S/SA.
> So I have to change pf.conf and replace the last line:
> pass out quick on $int_if from ($int_if) to ($int_if:network) \
> keep state flags any
> Then all is OK
> By the way, on 7.2
> netstat -rn display
> 192.168.24.1 00:1d:60:ad:2a:ce
> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce
> On 8.0-BETA1 there is an assymetry:
> netstat -rn display
> 192.168.24.1 link#3
> no entry for 2001:41d0:2:2d29:1:1::
> Hope it may help someone
> freebsd-stable at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-net