On Friday 04 August 2006 13:13, Fabian Keil wrote:
Max Laier [EMAIL PROTECTED] wrote:
On a box running sshd (or something listening on an inet6 tcp port)
load the following ruleset:
pass quick on lo0 all
pass quick on bge0 inet all
block drop log all
pass in log-all on bge0 inet6 proto tcp from any to 3000::1 port = ssh \
flags S/SA keep state
where bge0 is a real interface and 3000::1 is configured on that
interface. Then try telnet 3000::1 22 and see if it works and
provide me with the a tcpdump from pflog0 during the connection
attempt - whether it works or not.
On OpenBSD 3.9 with GENERIC kernel and the following ruleset:
pass log quick on lo0 all
pass quick on ne3 inet all
block drop log all
pass in log (all) on ne3 inet6 proto tcp from any to 3000::1 port = ssh
flags S/SA keep state
[added log in the first line and changed log-all to log (all) in the
last one]
telnet works and the log shows:
Aug 04 13:07:08.201358 rule 0/(match) pass out on lo0: [|ip6]
Aug 04 13:07:08.201772 rule 0/(match) pass in on lo0: [|ip6]
Aug 04 13:07:08.204606 rule 0/(match) pass out on lo0: [|ip6]
Aug 04 13:07:08.205024 rule 0/(match) pass in on lo0: [|ip6]
Aug 04 13:07:08.205758 rule 0/(match) pass out on lo0: [|ip6]
Aug 04 13:07:08.205867 rule 0/(match) pass in on lo0: [|ip6]
Aug 04 13:07:08.954137 rule 0/(match) pass out on lo0: [|ip6]
Aug 04 13:07:08.954581 rule 0/(match) pass in on lo0: [|ip6]
Aug 04 13:07:09.150295 rule 0/(match) pass out on lo0: [|ip6]
Aug 04 13:07:09.150509 rule 0/(match) pass in on lo0: [|ip6]
Aug 04 13:07:37.841839 rule 0/(match) pass out on lo0: [|ip6]
Aug 04 13:07:37.842188 rule 0/(match) pass in on lo0: [|ip6]
[...]
Is that enough information, or do you need the actual binary
file?
No, that's fine. Thanks a lot.
--
/\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpyyRaXR33yN.pgp
Description: PGP signature
