https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #24 from Tatsuki Makino ---
(In reply to Andrey V. Elsukov from comment #22 & #23)
> I still doesn't understand your problem.
Me too :)
As a result of being stingy with the money I pay upstream (removing services
like phone a
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #23 from Andrey V. Elsukov ---
(In reply to Tatsuki Makino from comment #21)
> The results of ipfw -D show indicated that more than 2 packets were captured
> due to the ipv6-icmp rule, this patch may be meaningful :)
When you
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #22 from Andrey V. Elsukov ---
I still doesn't understand your problem. NPTv6 is stateless and doesn't need
any keep-state rules. We use NPTv6 many years and it works as is without any
patches.
--
You are receiving this mail b
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #21 from Tatsuki Makino ---
(In reply to Tatsuki Makino from comment #20)
In the end, I came back to the method of using this :)
I wanted to keep one_pass enabled, so I used a strange method with dynamic
rules, but with the fol
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #20 from Tatsuki Makino ---
(In reply to Tatsuki Makino from comment #19)
An example of my comment #19 is a bad example.
There is no problem with the communication of the created dynamic rules.
However, if a packet that passes
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
Tatsuki Makino changed:
What|Removed |Added
CC||tatsuki_mak...@hotmail.com
--- Co
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #18 from cnba...@gmail.com ---
(In reply to John Hay from comment #17)
Yes,
ndproxy_uplink_ipv6_addresses="fe80::fc00:5ff:fe07:578d"
and
ndproxy_downlink_mac_address="fe:00:05:07:57:8d"
are both set in rc.conf
When I use `pi
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #17 from John Hay ---
Looking at a previous tcpdump, did you also change the link local to:
ndproxy_uplink_ipv6_addresses="fe80::fc00:5ff:fe07:578d"
and the mac address, I think, but not 100% sure about the first byte (fe), to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #16 from cnba...@gmail.com ---
(In reply to John Hay from comment #15)
thanks for your testing.
I fully copied these configurations and replaced with the mac address of
vtnet0, ping6 failed on server and client.
replaced with t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #15 from John Hay ---
I have made a test setup with roughly your setup, but added the ndproxy port,
and added this to my rc.conf:
ndproxy_enable="YES"
ndproxy_uplink_interface="vtnet0"
# mac and link-local address of upstream
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
Bjoern A. Zeeb changed:
What|Removed |Added
Assignee|n...@freebsd.org |i...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #14 from John Hay ---
Looking at your tcpdumps, one can see that the packets are correctly translated
before being transmitted, so that part is working. The problem is that because
the vtnet0 interface is an ethernet like interf
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #13 from cnba...@gmail.com ---
With the configuration:
#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd nptv6 NPT ip6 from
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #12 from cnba...@gmail.com ---
With the configuration:
#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd allow icmp6 from an
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #11 from cnba...@gmail.com ---
(In reply to John Hay from comment #9)
Then I turn on the firewall again, and run `tcpdump -i vtnet0 -n` on server
when `ping6 freebsd.org` from wireguard client.
With the folowing configuration:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #10 from cnba...@gmail.com ---
(In reply to John Hay from comment #9)
Looks like they route the whole subnet.
If I put `ifconfig_vtnet0_alias0="inet6 2a05:f480:1c00:::ABCD prefixlen 64"
` in rc.conf, and turn off firewall,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #9 from John Hay ---
(In reply to cnbatch from comment #8)
Do they route that whole subnet to you in addition to the address you received
via SLAAC on vtnet0? Or is that the address you received via SLAAC on vtnet0?
If it is yo
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #8 from cnba...@gmail.com ---
(In reply to John Hay from comment #7)
A subnet: 2a05:f480:1c00:::/64
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #7 from John Hay ---
Are you still doing this on vultr like you said on the forum thread? What IPv6
address do you get from them? Just a single address or a subnet? Keep in mind
that nptv6 translates from subnet to another subne
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #6 from cnba...@gmail.com ---
Now I've changed the rules:
#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd nptv6 NPT ip6 fr
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
John Hay changed:
What|Removed |Added
CC||j...@sanren.ac.za
--- Comment #5 from J
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
--- Comment #4 from cnba...@gmail.com ---
Still not able to `ping6 freebsd.org` from client after changing the ipfw
rules:
#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9e
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|n...@freebsd.org
--
You are receiv
23 matches
Mail list logo
