On Fri, 2008-12-19 at 08:13 -0600, [email protected] wrote: > | > Wrong. Try this instead: > | > > | > rdr pass inet6 proto tcp from lan:network -> lan port 8081 > | > | > You cannot redirect to `::', a wildcard address. You must redirect to > | > a specific address. > | > | Oh, yes. This is wrong indeed. I wonder why pfctl hasn't bailed out. > | However, using "-> ::1" should then do the trick as well, right? > > Sorry I was not clear. With IPv6, unlike IPv4, it is not possible to > redirect to `localhost'. You must redirect to a global scope address.
You Made My Week. It's working. Awesome. Thanks a lot! This is a good example where ipv4 concepts can't be applied to the ipv6 world in a straight forward way. I would not have thought that it's no longer possible to redirect to localhost, ever. Well, time to put localhost off the network then ;) > | On a side note: I also don't understand why the wrong default gateway is > | advertised to my client. Instead of my global IPv6 address, the > | local-link address is propagated. I was under the impression rtadvd will > | take care of it: > | > | gw$ cat /etc/rtadvd.conf > | em0:\ > | :addr="2001:620:10:1401::":prefixlen#64:raflags#0: > > You have a wrong understanding of IPv6. Will be fixed soon. O'Reillys "IPv6 Network Administration" has been downloaded today... > >It is recommended to use the link > local address for the router(s) since they will always be link local. Routing > to a global scope address is a last choice. Don't over-ride the defaults > here, you have no good reason to. > > | client$ sudo route -n show -inet6 | grep default > | default fe80::20c:f1ff:fe8f:a9c4%em0 UG 0 43 - em0 > | > | client$ cat /etc/mygate > | 2001:620:10:1401::eeee > > Choose one or the other. You either need a default route in /etc/mygate > and a static IP for the client or you need rtsol(d). > > One trick I picked up from ISC is if you want your client to be '::eeee' then > set this in the hostname.if file: > > inet6 fe80::eeee > rtsol > .. and you'll get global scope addresses on that host that end in ::eeee. Cool. Will try that. > I'm still convinced the pf.conf is the problem, redirect to a global scope > IPv6 address and I suspect you'll be much better off. Yes, that fixed it. Thanks again. I owe you a pint, well ... two pints ;) Cheers, -- Stephan A. Rickauer ----------------------------------------------------------- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 Zurich Web www.ini.uzh.ch
