ipfw, ipv6 and gif(4)

Tue, 08 Feb 2011 01:20:51 -0800 

 Hi.
I'm running FreeBSD 8.1-STABLE (I had major issues with em(4) on 8.1-RELEASE, so I had to upgrade this host to more recent STABLE). 

I'm using ipv6-over-ipv4 tunnel.

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 89.250.210.67 --> 216.66.80.26

        inet6 2001:470:1f08:14c0::2 --> 2001:470:1f08:14c0::1 prefixlen 
128

        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        options=1<ACCEPT_REV_ETHIP_VER>

In order it to work I have to allow ipv4 packets between these two hosts:

(and these are two first rules in the filter)

00005      14       1072 allow log ip4 from 89.250.210.67 to 
216.66.80.26 out via vlan104
00006      14       1072 allow log ip4 from 216.66.80.26 to 
89.250.210.67 in via vlan104



The thing is, normally (at least in ipv4 world) I would have to allow 
ipencap packets between these hosts (and that's what I did first thing), 
but this configuraion never worked. I've even added 'allow' strings for 
every type of encapsulation from /etc/protocols, just to see their 
counters never changed from zero. Those two rules above were made after 
'ok, let's allow everything just to see in log what does it want' decision.


I want to ask - why ip4 ?

And the log looks even more weird:

%ping6 2001:470:1f08:14c0::1
PING6(56=40+8+8 bytes) 2001:470:1f08:14c0::2 --> 2001:470:1f08:14c0::1
16 bytes from 2001:470:1f08:14c0::1, icmp_seq=0 hlim=64 time=93.917 ms
16 bytes from 2001:470:1f08:14c0::1, icmp_seq=1 hlim=64 time=93.307 ms


Feb  8 13:56:48 ns kernel: ipfw: 5 Accept P:41 89.250.210.67 
216.66.80.26 out via vlan104
Feb  8 13:56:48 ns kernel: ipfw: 6 Accept P:41 216.66.80.26 
89.250.210.67 in via vlan104
Feb  8 13:56:49 ns kernel: ipfw: 5 Accept P:41 89.250.210.67 
216.66.80.26 out via vlan104
Feb  8 13:56:49 ns kernel: ipfw: 6 Accept P:41 216.66.80.26 
89.250.210.67 in via vlan104


As you can see, P:41 is IPv6:

%grep 41 /etc/protocols
ipv6    41      IPV6            # ipv6


And, of course, ipfw doesn't allow me to create the rules it is actually 
logging:


%ipfw add 7 allow 41 from 216.66.80.26 to 89.250.210.67 in via vlan104
ipfw: bad address "216.66.80.26"

Do I misunderstand the concept, or is it how it really should look ?

Thanks.
Eugene.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"






















					Reply via email to