Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: FreeBSD requires I ping to be seen remotely?  (Read 2564 times)

feld

  • Newbie
  • *
  • Posts: 4
FreeBSD requires I ping to be seen remotely?
« on: August 27, 2010, 08:07:53 AM »

OK, this is not exactly the same as the other similar questions, but it's in the general area. Here's my setup --

OpenWRT router has the tunnel. It runs radvd and distributes my subnet to my network.

I have many devices behind this, notably my Linux box. This machine is fine -- I can always get to it remotely, nothing special needs to be done.

However, on the FreeBSD box (with a pf firewall), I can't get to it unless I ping out to the internet or ping my gateway(OpenWRT) to make it "known" again. Why is this? All of the proto41 stuff is handled on the OpenWRT router as that's the tunnel endpoint; it should have nothing to do with the machines behind it. Does anyone have insight as to of why it's not "just working" on my FreeBSD box?

Thanks
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: FreeBSD requires I ping to be seen remotely?
« Reply #1 on: August 27, 2010, 08:10:48 AM »

What version of FreeBSD?
Logged

feld

  • Newbie
  • *
  • Posts: 4
Re: FreeBSD requires I ping to be seen remotely?
« Reply #2 on: August 27, 2010, 08:25:52 AM »

It's FreeBSD 8.1 and I think I found my problem -- checking pf logs said ip6 is being blocked... my rules disagreed.

Googled and found this:

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=9684+0+/usr/local/www/db/text/2008/freebsd-rc/20081109.freebsd-rc


`pfctl -d` then `pfctl -e` fixed it. Turns out on boot your pf rules for ipv6 might not work....   :o

edit: the fact that i had to ping to be seen remotely (as in be pingable) is probably due to the keep state here:

Code: [Select]
permitted_icmp6_types = "{ 1, 2, 3, 4, 129, 135 }"
permitted_icmp6_types_ks = "{ 128, 136 }"

pass in quick inet6 proto icmp6 from any to self icmp6-type $permitted_icmp6_types
pass in quick inet6 proto icmp6 from any to self icmp6-type $permitted_icmp6_types_ks $ks

« Last Edit: August 27, 2010, 08:31:05 AM by feld »
Logged