Hi all, I'm having an issue (possibly with me rather than the OS) with a new FreeBSD build and IPv6 connectivity. This is via a HE.net tunnel, but not from the device itself, the FreeBSD box is just attached to an IPv6 capable LAN with the tunnel endpoint elsewhere. My problem is that I have a (currently very basic) IPFW ruleset which uses protocol neutral terms (ip rather than ip4/ip6, icmp rather than icmp4/6, etc) but some oddities are occurring where traffic doesn't seem to be being passed correctly. Allow me to paste two rulesets and ping summaries:
These "ipfw show" outputs are from after the ping tests have completed, so I'd particularly like to note the odd behaviour of the ICMP rules; with a blanket icmp rule (number 80) even though one packet was received, this rule was apparently never hit. And then with the second group (where rule 90 specifically allows icmpv6) even though I got 10 ping responses, the rule was only hit twice.
I'll admit that although my knowledge of networking is above average, my skillset lies mainly in Linux/netfilter/iptables so this could just be something I'm not used to, so any pointers would be welcome. Long-term I intend to set this machine up as the new tunnel endpoint, but I figured that setting it up as a client on my existing LAN setup (which works) was the way to start before getting ambitious. So far I haven't had any joy though, so all advice is gratefully received!
Code:
--- ipv6.l.google.com ping6 statistics ---
10 packets transmitted, [b]1 packets received[/b], 90.0% packet loss
round-trip min/avg/max/std-dev = 58.384/58.384/58.384/0.000 ms
Code:
00010 16096 9398190 allow ip from any to any via lo0
00020 0 0 deny ip from any to 127.0.0.0/8
00030 0 0 deny ip from 127.0.0.0/8 to any
00040 0 0 deny tcp from any to any frag
00050 0 0 check-state
00060 7052 4243658 allow tcp from any to any established
00070 1061861 1012713498 allow ip from any to any out keep-state
[b]00080 0 0 allow icmp from any to any[/b]
65535 588 42336 deny ip from any to any
Code:
--- ipv6.l.google.com ping6 statistics ---
10 packets transmitted, [b]10 packets received[/b], 0.0% packet loss
round-trip min/avg/max/std-dev = 33.813/40.743/58.416/9.132 ms
Code:
00010 16738 9521522 allow ip from any to any via lo0
00020 0 0 deny ip from any to 127.0.0.0/8
00030 0 0 deny ip from 127.0.0.0/8 to any
00040 0 0 deny tcp from any to any frag
00050 0 0 check-state
00060 7350 4310502 allow tcp from any to any established
00070 1063064 1012836570 allow ip from any to any out keep-state
00080 0 0 allow icmp from any to any
[b]00090 2 144 allow ipv6-icmp from any to any[/b]
65535 611 43992 deny ip from any to anyThese "ipfw show" outputs are from after the ping tests have completed, so I'd particularly like to note the odd behaviour of the ICMP rules; with a blanket icmp rule (number 80) even though one packet was received, this rule was apparently never hit. And then with the second group (where rule 90 specifically allows icmpv6) even though I got 10 ping responses, the rule was only hit twice.
I'll admit that although my knowledge of networking is above average, my skillset lies mainly in Linux/netfilter/iptables so this could just be something I'm not used to, so any pointers would be welcome. Long-term I intend to set this machine up as the new tunnel endpoint, but I figured that setting it up as a client on my existing LAN setup (which works) was the way to start before getting ambitious. So far I haven't had any joy though, so all advice is gratefully received!