Re: [pfSense] Forwarding Protocol 41 for 1:1 IP Addresses

[Yehuda Katz]

On Wed, Jun 27, 2012 at 3:07 PM, Seth Mos  wrote:

> > I would like add a HE IPv6 tunnel to two of my servers without adding a
> tunnel for the whole network.
> > I was looking at adding an option for each 1:1 to forward protocol 41
> just for that public IP. (maybe a checkbox on the 1:1 create/edit page)
> > Is there any reason this would not work?
>
> Theoretically not impossible. A port forward might be a better match
> though, rdr is a forward, binat is a 1:1, don't think binat allows for
> protocol selection.
>
> > If I understand the code correctly, a rule would look something like:
> > rdr on {$natif} proto ipv6 from any to {$dstaddr} -> {$target}
>
> binat on {$natif} proto 41 from {$endpoint} to {$dstaddr}
>

Looking at /tmp/rules.debug:
I already have
binat on em2 from 192.168.118.60 to any -> 71.__.__.87
but it seems that proto41 is not being passed.

I added this rule to check that it is not the problem:
pass  in  quick  on $WAN reply-to ( em2 71.__.__.1 )  from any to
192.168.118.60 keep state  label "USER_RULE"

Am I looking at this wrong?
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Forwarding Protocol 41 for 1:1 IP Addresses

[Seth Mos]

Good question,

Op 27 jun 2012, om 20:53 heeft Yehuda Katz het volgende geschreven:

> I would like add a HE IPv6 tunnel to two of my servers without adding a 
> tunnel for the whole network.
> I was looking at adding an option for each 1:1 to forward protocol 41 just 
> for that public IP. (maybe a checkbox on the 1:1 create/edit page)
> Is there any reason this would not work?

Theoretically not impossible. A port forward might be a better match though, 
rdr is a forward, binat is a 1:1, don't think binat allows for protocol 
selection.

> If I understand the code correctly, a rule would look something like:
> rdr on {$natif} proto ipv6 from any to {$dstaddr} -> {$target}

binat on {$natif} proto 41 from {$endpoint} to {$dstaddr}

Perhaps, patched accepted.

Cheers,
Seth
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Forwarding Protocol 41 for 1:1 IP Addresses

[Yehuda Katz]

I would like add a HE IPv6 tunnel to two of my servers without adding a
tunnel for the whole network.
I was looking at adding an option for each 1:1 to forward protocol 41 just
for that public IP. (maybe a checkbox on the 1:1 create/edit page)
Is there any reason this would not work?

If I understand the code correctly, a rule would look something like:
rdr on {$natif} proto ipv6 from any to {$dstaddr} -> {$target}

- Y
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list