8.0-BETA1 - for the record - different paths followed by IPv4
and IPv6 for 'local' connections
Henri Hennebert
hlh at restart.be
Sat Jul 11 10:09:50 UTC 2009
Li, Qing wrote:
> Hi,
>
> Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/
> and let me know how it works out for you. I thought I had committed the patch
> but turned out I didn't.
I apply the patch, reset my pf.conf to its previous content and all is
running smoothly. By the way, I discover after my post that my
"solution" was not working for long (many bytes) connections and this is
solved too.
Many thank for your time
Henri
PS please commit as soon as possible
>
>> On 8.0-BETA1 there is an assymetry:
>>
>> netstat -rn display
>>
>> 192.168.24.1 link#3
>> ....
>> no entry for 2001:41d0:2:2d29:1:1::
>>
>
> This is by design as part of the new architecture in 8.0, which maintains
> the L2 ARP/ND6 and L3 routing tables separately.
>
> -- Qing
>
>
>
> -----Original Message-----
> From: owner-freebsd-stable at freebsd.org on behalf of Henri Hennebert
> Sent: Fri 7/10/2009 5:32 AM
> To: freebsd-stable at freebsd.org; freebsd-st at freebsd.org
> Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections
>
> Hello,
>
> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when
> connecting with firefox to a local apache server using the global
> unicast IPv6 address of the local machine. pf.conf must be updated!
>
> My configuration:
>
> [root at avoriaz ~]# ifconfig em0
>
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
> ether 00:1d:60:ad:2a:ce
> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255
> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1
> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80
> media: Ethernet 100baseTX (100baseTX <half-duplex>)
> status: active
>
> [root at avoriaz ~]# host www.restart.bel
> www.restart.bel is an alias for avoriaz.restart.bel.
> avoriaz.restart.bel has address 192.168.24.1
> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1::
>
> pf.conf:
>
> int_if="em0"
> block in log all
> block out log all
> set skip on lo0
> antispoof quick for $int_if inet
> # Allow trafic with physical internal network
> pass in quick on $int_if from ($int_if:network) to ($int_if) keep state
> pass out quick on $int_if from ($int_if) to ($int_if:network) keep state
>
> The problem:
>
> [root at avoriaz ~]# telnet -4 www.restart.bel 80
> Trying 192.168.24.1...
> Connected to avoriaz.restart.bel.
> Escape character is '^]'.
> ^]
> telnet> quit
> Connection closed.
> [root at avoriaz ~]# telnet -6 www.restart.bel 80
> Trying 2001:41d0:2:2d29:1:1::...
> --->Never connect and get a timeout!
>
> tcpdump and logging in pf show me that
>
> For a IPv4 connection:
> the packet from telnet to apache pass 2 times on lo0 (out and in)
> the answer packet from apache to telnet pass 2 times on lo0 (out and in)
>
> So no problem, there is `set skip on lo0'
>
> For a IPv6 connection:
> The first packet from telnet to apache pass 2 times on lo0 (out and in)
> The answer packet from apache to telnet path on em0 and is rejected
> due to the default flags S/SA.
>
> So I have to change pf.conf and replace the last line:
> pass out quick on $int_if from ($int_if) to ($int_if:network) \
> keep state flags any
>
> Then all is OK
>
> By the way, on 7.2
>
> netstat -rn display
>
> 192.168.24.1 00:1d:60:ad:2a:ce
> ....
> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce
>
>
> On 8.0-BETA1 there is an assymetry:
>
> netstat -rn display
>
> 192.168.24.1 link#3
> ....
> no entry for 2001:41d0:2:2d29:1:1::
>
> Hope it may help someone
>
> Henri
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
More information about the freebsd-stable
mailing list