|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: openbsd 3.2, pf, and ipv6 tunnels
From: Jolan Luff (jolan
openbsd.servebeer.com)
Date: Sun Aug 03 2003 - 17:47:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Do you have a rule passing ipv4 w/proto ipv6 between you and your tunnel
provider? Something like:
# pass ipv6 tunnel traffic
pass out on $ext_if inet proto ipv6 from $ext_ip to $he_ip keep state
pass in on $ext_if inet proto ipv6 from $he_ip to $ext_ip keep state
On Sun, Aug 03, 2003 at 10:37:28AM -0400, Richard Welty wrote:
> On Sun, 03 Aug 2003 13:38:51 +0200 "Asbjorn L. Johansen" <notsanesveitt.org> wrote:
> > Shouldn't you have a rule like this:
> > pass in [log] quick on $ext_if inet proto ipv6 from $tbipv4 to $ext_addr
>
> > That is what I had to use to get tunneled ipv6 traffic through.
>
> i shouldn't need a rule that broad to get icmp echo reply through, but i
> gave it a shot anyway. since i wasn't sure what you intended by $tbipv4 and
> $ext_addr, i put in any/any for 10 seconds to see if the echo replies
> started getting through:
>
> pass in log quick on $ext_if inet6 proto ipv6 from any to any
>
> they did not, they're still falling through and getting blocked by the
> catchall blocking rule.
>
> richard
> --
> Richard Welty rweltyaverillpark.net
> Averill Park Networking 518-573-7592
> Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]