[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ipv6 problems



On Sun, Jan 23, 2005 at 12:44:32PM +0100, nik wrote:
> I've got a sstupid problem, I've configured my OpenBSD machine
> either on the ipv6 side, but she wont work and she get me ipv6
> arp errors .. 
> 
> tunnel broker is 1.26.128.35 
pf sees each IPv6 packet twice, once encapsulated (IPv6-in-IPv4) on the
real interface xl0, once as native IPv6 on gif0. If you block it on
either interface, it will be dropped.
Hence, you'll need to allow the encapsulated traffic on the real
interface, like:
  pass out on xl0 inet proto ipv6 from 41.19.150.66 to 1.26.128.35 \
	keep state
  pass in  on xl0 inet proto ipv6 from 1.26.128.35 to 41.19.150.66 \
	keep state
And move all your 'inet6' rules to 'on gif0'.
Daniel