Hi, i have a problem with PF and IPv6 in 2 different servers working very well under IPv4
If i disable PF (pfctl -d), i can access to the server and ping outside:
ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2a02:xx:x:xxx:20c:29ff:fece:xxxx --> 2a00:1450:4003:802::200e
16 bytes from 2a02:xx:x:xxx:20c:29ff:fece:xxxx, icmp_seq=0 hlim=58 time=0.868 ms
16 bytes from 2a02:xx:x:xxx:20c:29ff:fece:xxxx, icmp_seq=1 hlim=58 time=0.802 ms
But with PF activated, ping is not working and server is not accesible by IPv6. I'm trying with a minial pf.conf, its as follow:
I tried a lot of configs, but the problem is always with the default directive of "block in all" (or another block by default conf)
IPv6 config in my rc.conf is:
ipv6_network_interfaces="vmx0"
ifconfig_vmx0_ipv6="inet6 accept_rtadv"
Do you have any idea?
Thank you very much
If i disable PF (pfctl -d), i can access to the server and ping outside:
ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2a02:xx:x:xxx:20c:29ff:fece:xxxx --> 2a00:1450:4003:802::200e
16 bytes from 2a02:xx:x:xxx:20c:29ff:fece:xxxx, icmp_seq=0 hlim=58 time=0.868 ms
16 bytes from 2a02:xx:x:xxx:20c:29ff:fece:xxxx, icmp_seq=1 hlim=58 time=0.802 ms
But with PF activated, ping is not working and server is not accesible by IPv6. I'm trying with a minial pf.conf, its as follow:
Code:
ext_if="vmx0"
set skip on lo0
set block-policy drop
set loginterface $ext_if
ext_if_ip="xx.xx.xx.xx"
ext_if_ipv6="2a02:xx:x:xxx:20c:29ff:fece:xxxx"
# ICMP Types
icmp_types = "{ echorep, unreach, squench, echoreq, timex, paramprob }"
icmp6_types = "{ unreach, toobig, timex, paramprob, echoreq, echorep, neighbradv, neighbrsol, routeradv, routersol }"
scrub in all
webports = "{http, https}"
block in all
pass quick on lo0 all
pass quick on $ext_if proto ipv6
pass inet proto icmp icmp-type echoreq
pass inet6 proto ipv6-frag
pass in on $ext_if inet6 proto icmp6 all icmp6-type $icmp6_types allow-opts
pass proto tcp from any to any port $webports
pass proto tcp from any to $ext_if_ipv6 port $webports
I tried a lot of configs, but the problem is always with the default directive of "block in all" (or another block by default conf)
IPv6 config in my rc.conf is:
ipv6_network_interfaces="vmx0"
ifconfig_vmx0_ipv6="inet6 accept_rtadv"
Do you have any idea?
Thank you very much