allowing gif thru ipfw
Eric W. Bates
ericx at ericx.net
Wed Feb 1 15:23:45 UTC 2012
[sigh]
I stand enlightened with increased understanding. Thank you very much.
That is exactly what I've been seeing on my pfSense machine and could
not replicate on my stand-alone FBSD box.
On 2/1/2012 10:14 AM, Hajimu UMEMOTO wrote:
> Hi,
>
>>>>>> On Wed, 01 Feb 2012 09:15:15 -0500
>>>>>> "Eric W. Bates"<ericx at ericx.net> said:
>
> ericx> On 2/1/2012 3:32 AM, Hajimu UMEMOTO wrote:
>> Hi,
>
>> ericx> Am I even correct in assuming that my gif packets are being blocked?
>>
>> Are you trying to pass an IPv6 over IPv4 tunnel? If so,
>>
>> $fwcmd add 00140 allow ip4 from $he_tun to me proto ipv6
>> $fwcmd add 00141 allow ip4 from me to $he_tun proto ipv6
>>
>> should work for you.
>
> ericx> Yes, I'm trying to tunnel in ipv6 from HE.
>
> Okay.
>
> ericx> Really? I'm allowing ipv6 packets on the gif0 interface; but not on
> ericx> the lan interface simply because I assumed that like IPSec the
> ericx> encapsulated packets would not be seen as ipv6 on the ethernet
> ericx> interface?
>
> Still, you need to allow an inner protocol number 41 to use an IPv6
> over IPv4 gif tunnel. An inner protocol number of an IPv6 over IPv4
> tunnel is 41 which is defined as `ipv6' in /etc/protocols.
> The ipfw commands I mentioned in my previous mail should do it.
> Please take notice that `ip4' is an outer protocol and an `ipv6' in a
> proto option is treated as an inner protocol.
>
> Sincerely,
>
> --
> Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
> ume at mahoroba.org ume@{,jp.}FreeBSD.org
> http://www.imasy.org/~ume/
More information about the freebsd-net
mailing list