On Wed, Sep 17, 2003 at 03:48:30PM -0400, Adam Gardner wrote: > Yet when I ping myself from outside, I'm getting blocked: > > Sep 17 15:42:32.257616 rule 17/0(match): block in on fxp0: > 2001:730:11::2:10 > 2001:730:11::1:: icmp6: echo request (encap) > Sep 17 15:42:33.265268 rule 17/0(match): block in on fxp0: > 2001:730:11::2:10 > 2001:730:11::1:: icmp6: echo request (encap) > Sep 17 15:42:34.255380 rule 17/0(match): block in on fxp0: > 2001:730:11::2:10 > 2001:730:11::1:: icmp6: echo request (encap) > Sep 17 15:42:35.258714 rule 17/0(match): block in on fxp0: > 2001:730:11::2:10 > 2001:730:11::1:: icmp6: echo request (encap) > Sep 17 15:42:36.255759 rule 17/0(match): block in on fxp0: > 2001:730:11::2:10 > 2001:730:11::1:: icmp6: echo request (encap) > > (I changed the 2001:730:11::1:: address so noone hax0rs me ;) > > What am I missing here? I will send my full pf.conf to anyone who's > interested in it. Didn't want to paste the whole thing here though.
Are you passing in proto ipv6 from the IPv4 address of your tunnel provider? Something like: # pass ipv6 tunnel traffic pass out on $ext_if inet proto ipv6 from $ext_ip to $he_ip keep state pass in on $ext_if inet proto ipv6 from $he_ip to $ext_ip keep state
