Em 17-08-2015 08:54, Claus Lensbøl escreveu: > pass quick inet6 proto udp from 2a02:188:5002::/48 to > <__automatic_e513959b_6> port = 547 > pass quick on lo0 inet6 proto udp from 2a02:188:5002::/48 to fe80::1 > port = 547 > pass quick on bge0 inet6 proto udp from 2a02:188:5002::/48 to > fe80::8634:97ff:fe11:c494 port = 547 > pass quick inet6 proto tcp from 2a02:188:5002::/48 to > <__automatic_e513959b_5> port = 547 flags S/SA > pass quick on lo0 inet6 proto tcp from 2a02:188:5002::/48 to fe80::1 > port = 547 flags S/SA
>From these rules I see you're filtering on global addresses. But your machines doesn't have (yet) global addresses, unless they are getting the address through SLAAC and only is consulting the DHCPv6 server for dns and prefix delegation information. Either way, can you reach your clients through link-local addresses? More specifically, try pinging all hosts using the multicast address: ping6 fe02::1%<IF> See if you're getting replies, and if so, from the desired machines. The next step would be trying to communicate with then, using their link-local address and some tool like netcat. tcpdump also is your friend here. That way you can be sure you have network level communication with them. You can also try to disable PF and turn on ndp debugging, net.inet6.icmp6.nd6_debug. Cheers, Giancarlo Razzolini
