-----Original Message----- From: owner-freebsd-stable_at_freebsd.org on behalf of Li, Qing Sent: Fri 7/10/2009 2:51 PM To: Henri Hennebert; freebsd-stable_at_freebsd.org; freebsd-st_at_freebsd.org Subject: RE: 8.0-BETA1 - for the record - different paths followed by IPv4and IPv6 for 'local' connections Hi, Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/ and let me know how it works out for you. I thought I had committed the patch but turned out I didn't. > > On 8.0-BETA1 there is an assymetry: > > netstat -rn display > > 192.168.24.1 link#3 > .... > no entry for 2001:41d0:2:2d29:1:1:: > This is by design as part of the new architecture in 8.0, which maintains the L2 ARP/ND6 and L3 routing tables separately. -- Qing -----Original Message----- From: owner-freebsd-stable_at_freebsd.org on behalf of Henri Hennebert Sent: Fri 7/10/2009 5:32 AM To: freebsd-stable_at_freebsd.org; freebsd-st_at_freebsd.org Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections Hello, After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when connecting with firefox to a local apache server using the global unicast IPv6 address of the local machine. pf.conf must be updated! My configuration: [root_at_avoriaz ~]# ifconfig em0 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4> ether 00:1d:60:ad:2a:ce inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 media: Ethernet 100baseTX (100baseTX <half-duplex>) status: active [root_at_avoriaz ~]# host www.restart.bel www.restart.bel is an alias for avoriaz.restart.bel. avoriaz.restart.bel has address 192.168.24.1 avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: pf.conf: int_if="em0" block in log all block out log all set skip on lo0 antispoof quick for $int_if inet # Allow trafic with physical internal network pass in quick on $int_if from ($int_if:network) to ($int_if) keep state pass out quick on $int_if from ($int_if) to ($int_if:network) keep state The problem: [root_at_avoriaz ~]# telnet -4 www.restart.bel 80 Trying 192.168.24.1... Connected to avoriaz.restart.bel. Escape character is '^]'. ^] telnet> quit Connection closed. [root_at_avoriaz ~]# telnet -6 www.restart.bel 80 Trying 2001:41d0:2:2d29:1:1::... --->Never connect and get a timeout! tcpdump and logging in pf show me that For a IPv4 connection: the packet from telnet to apache pass 2 times on lo0 (out and in) the answer packet from apache to telnet pass 2 times on lo0 (out and in) So no problem, there is `set skip on lo0' For a IPv6 connection: The first packet from telnet to apache pass 2 times on lo0 (out and in) The answer packet from apache to telnet path on em0 and is rejected due to the default flags S/SA. So I have to change pf.conf and replace the last line: pass out quick on $int_if from ($int_if) to ($int_if:network) \ keep state flags any Then all is OK By the way, on 7.2 netstat -rn display 192.168.24.1 00:1d:60:ad:2a:ce .... 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce On 8.0-BETA1 there is an assymetry: netstat -rn display 192.168.24.1 link#3 .... no entry for 2001:41d0:2:2d29:1:1:: Hope it may help someone Henri _______________________________________________ freebsd-stable_at_freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe_at_freebsd.org" _______________________________________________ freebsd-stable_at_freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe_at_freebsd.org"Received on Fri Jul 10 2009 - 20:20:08 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:51 UTC