I recently decided to join the ipv6 world. I set up a tunnel since my
isp doesn't provide ipv6 yet. I'm almost there. I can ping6 and host -6
from my laptop, but I can't browse the ipv6 web. I appologize in advance
if thunderbird screws this up.
[Sun Apr 09 03:57:59 edgar@thinkpad:~ ] $ ping6 google.com
PING google.com (2607:f8b0:4000:80a::200e): 56 data bytes
64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=0 hlim=57 time=65.239 ms
64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=1 hlim=57 time=82.029 ms
64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=2 hlim=57 time=77.891 ms
64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=3 hlim=57 time=77.393 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 65.239/75.638/82.029/6.268 ms
[Sun Apr 09 04:07:14 edgar@thinkpad:~ ] $ host -6 google.com
2001:470:be02:e2::3
Using domain server:
Name: 2001:470:be02:e2::3
Address: 2001:470:be02:e2::3#53
Aliases:
google.com has address 216.58.194.142
google.com has IPv6 address 2607:f8b0:4000:80d::200e
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
[Sun Apr 09 03:58:30 edgar@thinkpad:~ ] $ route show -inet6
Routing tables
Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
default fe80::21d:6aff:fe6 UG 0 227 - 56 iwn0
::/96 localhost UGRS 0 0 32768 8 lo0
::/104 localhost UGRS 0 0 32768 8 lo0
localhost localhost UHhl 14 28 32768 1 lo0
::127.0.0.0/104 localhost UGRS 0 0 32768 8 lo0
::224.0.0.0/100 localhost UGRS 0 0 32768 8 lo0
::255.0.0.0/104 localhost UGRS 0 0 32768 8 lo0
::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8 lo0
2001:470:be02:a0:: 2001:470:be02:a0:2 UCn 1 2 - 8 iwn0
2001:470:be02:a0:: 00:1d:6a:60:e1:a9 UHLc 0 186 - 7 iwn0
2001:470:be02:a0:2 24:77:03:5f:12:38 UHLl 0 31 - 1 iwn0
2001:470:be02:a0:7 24:77:03:5f:12:38 UHLl 0 34 - 1 iwn0
2002::/24 localhost UGRS 0 0 32768 8 lo0
2002:7f00::/24 localhost UGRS 0 0 32768 8 lo0
2002:e000::/20 localhost UGRS 0 0 32768 8 lo0
2002:ff00::/24 localhost UGRS 0 0 32768 8 lo0
fe80::/10 localhost UGRS 0 1 32768 8 lo0
fec0::/10 localhost UGRS 0 0 32768 8 lo0
fe80::%iwn0/64 fe80::2677:3ff:fe5 UCn 1 1 - 8 iwn0
fe80::21d:6aff:fe6 00:1d:6a:60:e1:a9 UHLch 1 368 - 7 iwn0
fe80::2677:3ff:fe5 24:77:03:5f:12:38 UHLl 0 75 - 1 iwn0
fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0
ff01::/16 localhost UGRS 0 1 32768 8 lo0
ff01::%iwn0/32 fe80::2677:3ff:fe5 Um 0 2 - 4 iwn0
ff01::%lo0/32 localhost Um 0 1 32768 4 lo0
ff02::/16 localhost UGRS 0 1 32768 8 lo0
ff02::%iwn0/32 fe80::2677:3ff:fe5 Um 0 2 - 4 iwn0
ff02::%lo0/32 localhost Um 0 1 32768 4 lo0
[Sun Apr 09 03:59:12 edgar@thinkpad:~ ] $ ndp -na
Neighbor Linklayer Address Netif Expire
S Flags
2001:470:be02:a0:: 00:1d:6a:60:e1:a9 iwn0 23h59m26s S R
2001:470:be02:a0:2677:3ff:fe5f:1238 24:77:03:5f:12:38 iwn0 permanent R l
2001:470:be02:a0:7843:3366:8838:f579 24:77:03:5f:12:38 iwn0 permanent R l
fe80::21d:6aff:fe60:e1a9%iwn0 00:1d:6a:60:e1:a9 iwn0 23h59m56s S R
fe80::2677:3ff:fe5f:1238%iwn0 24:77:03:5f:12:38 iwn0 permanent R l
<-------------------------on the
router------------------------------------------------->
# route show -inet6
Routing tables
Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
default epettijohn-1.tunne UGS 0 612 - 8 gif0
::/96 localhost UGRS 0 0 32768 8 lo0
::/104 localhost UGRS 0 0 32768 8 lo0
localhost localhost UHl 14 17 32768 1 lo0
::127.0.0.0/104 localhost UGRS 0 0 32768 8 lo0
::224.0.0.0/100 localhost UGRS 0 0 32768 8 lo0
::255.0.0.0/104 localhost UGRS 0 0 32768 8 lo0
::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8 lo0
epettijohn-1.tunne epettijohn-1-pt.tu UH 1 23 - 8 gif0
epettijohn-1-pt.tu epettijohn-1-pt.tu UHl 0 14 - 1 gif0
2001:470:be02:a0:: 2001:470:be02:a0:: UC 4 2 - 4 athn0
2001:470:be02:a0:: 00:1d:6a:60:e1:a9 UHLl 0 54 - 1 athn0
2001:470:be02:a0:c 5c:8d:4e:76:12:ae UHLc 0 25 - 4 athn0
2001:470:be02:a0:2 24:77:03:5f:12:38 UHLc 0 115 - 4 athn0
2001:470:be02:a0:7 24:77:03:5f:12:38 UHLc 0 282 - 4 athn0
2001:470:be02:a0:d link#4 UHLc 0 1 - 4 athn0
2001:470:be02:e2:: router.my.domain UC 0 0 - 4 sis0
router.my.domain 00:00:24:c3:54:50 UHLl 0 0 - 1 sis0
2002::/24 localhost UGRS 0 0 32768 8 lo0
2002:7f00::/24 localhost UGRS 0 0 32768 8 lo0
2002:e000::/20 localhost UGRS 0 0 32768 8 lo0
2002:ff00::/24 localhost UGRS 0 0 32768 8 lo0
fe80::/10 localhost UGRS 0 3 32768 8 lo0
fec0::/10 localhost UGRS 0 0 32768 8 lo0
fe80::%sis0/64 fe80::200:24ff:fec UC 0 0 - 4 sis0
fe80::200:24ff:fec 00:00:24:c3:54:50 UHLl 0 0 - 1 sis0
fe80::%athn0/64 fe80::21d:6aff:fe6 UC 1 2 - 4 athn0
fe80::21d:6aff:fe6 00:1d:6a:60:e1:a9 UHLl 0 63 - 1 athn0
fe80::2677:3ff:fe5 24:77:03:5f:12:38 UHLc 1 248 - 4 athn0
fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0
fe80::%gif0/64 fe80::200:24ff:fec U 0 0 - 4 gif0
fe80::200:24ff:fec fe80::200:24ff:fec UHl 0 0 - 1 gif0
ff01::/16 localhost UGRS 0 3 32768 8 lo0
ff01::%sis0/32 fe80::200:24ff:fec Um 0 1 - 4 sis0
ff01::%athn0/32 fe80::21d:6aff:fe6 Um 0 1 - 4 athn0
ff01::%lo0/32 localhost Um 0 1 32768 4 lo0
ff01::%gif0/32 fe80::200:24ff:fec Um 0 1 - 4 gif0
ff02::/16 localhost UGRS 0 3 32768 8 lo0
ff02::%sis0/32 fe80::200:24ff:fec Um 0 1 - 4 sis0
ff02::%athn0/32 fe80::21d:6aff:fe6 Um 0 2 - 4 athn0
ff02::%lo0/32 localhost Um 0 1 32768 4 lo0
ff02::%gif0/32 fe80::200:24ff:fec Um 0 1 - 4 gif0
# ndp -na
Neighbor Linklayer Address Netif Expire
S Flags
2001:470:be02:a0:: 00:1d:6a:60:e1:a9 athn0 permanent R l
2001:470:be02:a0:cd5:5a43:52d:c5c9 5c:8d:4e:76:12:ae athn0 23h49m16s S
2001:470:be02:a0:2677:3ff:fe5f:1238 24:77:03:5f:12:38 athn0 23h56m22s S
2001:470:be02:a0:7843:3366:8838:f579 24:77:03:5f:12:38 athn0 23h56m12s S
2001:470:be02:a0:d2bf:9cff:fe27:356e (incomplete) athn0 expired N
2001:470:be02:e2::3 00:00:24:c3:54:50 sis0 permanent R l
fe80::200:24ff:fec3:5450%sis0 00:00:24:c3:54:50 sis0 permanent R l
fe80::21d:6aff:fe60:e1a9%athn0 00:1d:6a:60:e1:a9 athn0 permanent R l
fe80::2677:3ff:fe5f:1238%athn0 24:77:03:5f:12:38 athn0 1s D
# cat /etc/pf.conf
ext_if="sis0"
v6_if="gif0"
tunnel_remote = "184.105.253.10"
tunnel_routed = "{ 2001:470:1f0f:832::/64, 2001:470:be02::/48 }"
int_if="{ vether0 sis1 sis2 athn0 }"
table <martian> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
203.0.113.0/24 }
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>
block all
pass out quick inet keep state
pass out quick inet6 keep state
pass in on $int_if inet
pass in quick inet6 from any to 64:ff9b::/96 af-to inet from (egress:0)
keep state rtable 0
pass in on $int_if proto { tcp, udp } from any to any port domain
pass out on $ext_if inet proto ipv6 from $ext_if to $tunnel_remote keep
state
pass in on $ext_if inet proto ipv6 from $tunnel_remote to $ext_if keep state
pass out quick on $v6_if keep state
pass in proto { icmp, icmp6 } all
Thanks in advance.
