On 2009-04-06, Peter N. M. Hansteen wrote:
> Aaron Stellman writes:
>
>> By commenting out half the ruleset, and doing that recursively until
>> finding which rule causes it, I found it it be:
>>
>> nat on $ext_if from !self to any -> ($ext_if:0)
>
> The perils of doing both ipv4 and ipv6 at the
Aaron Stellman writes:
> By commenting out half the ruleset, and doing that recursively until
> finding which rule causes it, I found it it be:
>
> nat on $ext_if from !self to any -> ($ext_if:0)
The perils of doing both ipv4 and ipv6 at the same time, I see. Then
again, if you narrow its scope
On Sun, Apr 05, 2009 at 10:48:21PM -0700, Aaron Stellman wrote:
> On Sun, Apr 05, 2009 at 10:43:17PM -0700, Aaron Stellman wrote:
> > Sorry, this machine is running 4.4 and I'm unable to upgrade it to
> > current, since I only have remote access to it.
> >
> > My goal is to have operational ipv6 t
On Mon, Apr 06, 2009 at 11:58:01AM +0200, Tasmanian Devil wrote:
> > whereas, a state should be created by this rule:
> > pass out quick inet from any to 209.51.181.2
>
> Not sure how this fits together with your second post where you say
> that you can ping6 from the outside, but depends also on
On Mon, Apr 06, 2009 at 04:31:42PM +0100, Sevan / Venture37 wrote:
> try adding:
> pass in on $ext_if inet proto ipv6
> to your pf.conf
This has nothing to do with "in" direction. Packets coming "in" are
passed fine and they do create a proper state.
The problem is that packets that are coming "out
try adding:
pass in on $ext_if inet proto ipv6
to your pf.conf
> whereas, a state should be created by this rule:
> pass out quick inet from any to 209.51.181.2
Not sure how this fits together with your second post where you say
that you can ping6 from the outside, but depends also on your other
rules. What you need to allow is proto 41 (ipv6) between the two
On Sun, Apr 05, 2009 at 10:43:17PM -0700, Aaron Stellman wrote:
> Sorry, this machine is running 4.4 and I'm unable to upgrade it to
> current, since I only have remote access to it.
>
> My goal is to have operational ipv6 tunnel. Whenever appropriate gif0 is
> created and default route through it
Sorry, this machine is running 4.4 and I'm unable to upgrade it to
current, since I only have remote access to it.
My goal is to have operational ipv6 tunnel. Whenever appropriate gif0 is
created and default route through it is added, ipv6 traffic is not
allowed out.
As far as I understand, there
9 matches
Mail list logo
