• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

FreeBSD requires I ping to be seen remotely?

Started by feld, August 27, 2010, 08:07:53 AM

Previous topic - Next topic


OK, this is not exactly the same as the other similar questions, but it's in the general area. Here's my setup --

OpenWRT router has the tunnel. It runs radvd and distributes my subnet to my network.

I have many devices behind this, notably my Linux box. This machine is fine -- I can always get to it remotely, nothing special needs to be done.

However, on the FreeBSD box (with a pf firewall), I can't get to it unless I ping out to the internet or ping my gateway(OpenWRT) to make it "known" again. Why is this? All of the proto41 stuff is handled on the OpenWRT router as that's the tunnel endpoint; it should have nothing to do with the machines behind it. Does anyone have insight as to of why it's not "just working" on my FreeBSD box?




It's FreeBSD 8.1 and I think I found my problem -- checking pf logs said ip6 is being blocked... my rules disagreed.

Googled and found this:


`pfctl -d` then `pfctl -e` fixed it. Turns out on boot your pf rules for ipv6 might not work....   :o

edit: the fact that i had to ping to be seen remotely (as in be pingable) is probably due to the keep state here:

permitted_icmp6_types = "{ 1, 2, 3, 4, 129, 135 }"
permitted_icmp6_types_ks = "{ 128, 136 }"

pass in quick inet6 proto icmp6 from any to self icmp6-type $permitted_icmp6_types
pass in quick inet6 proto icmp6 from any to self icmp6-type $permitted_icmp6_types_ks $ks