allowing gif thru ipfw
Eric W. Bates
ericx at ericx.net
Wed Feb 1 05:04:17 UTC 2012
Seems like a silly question; but how does one allow the packets
composing a gif tunnel thru ipfw?
I assumed a gif was made up of ipencap (IP proto 4) packets and added rules:
$fwcmd add 00140 allow ipencap from $he_tun to me
$fwcmd add 00141 allow ipencap from me to $he_tun
($he_tun is an Hurricane Electric provider); but neither of them are
hit; so that's wrong...
tcpdump -i em_vlan5 -nnvvs0 ip proto 4
doesn't show any packets either...
I also have the rule to allow icmp6 thru the gif:
$fwcmd add 30132 allow icmp6 from me to any out via gif0 keep-state
but that doesn't get hit either. Bottom line: I cannot ping the far end
of my ipv6 tunnel. I receive the error "permission denied"
** root at olivia ** ~ ** Tue Jan 31 23:31:43
# ping6 2001:****:****:****::1
PING6(56=40+8+8 bytes) 2001:****:****:****::2 --> 2001:****:****:****::1
ping6: sendmsg: Permission denied
ping6: wrote 2001:****:****:****::1 16 chars, ret=-1
ping6: sendmsg: Permission denied
Am I even correct in assuming that my gif packets are being blocked?
Thanks.
More information about the freebsd-net
mailing list