[pfSense Support] How to forward protocol 41
Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. /jan Mikel Jimenez wrote: Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
:( Ok, I have the tunnel alive, but it is impossible access from outside no? So... no solution for access from outside? Thanks El 11/02/10 22:54, Jan Zorz escribió: Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. /jan Mikel Jimenez wrote: Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
- Jan Zorz j...@dir-slovenia.com wrote: Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. sarcasm If you're unhappy with pfSense, simply request a refund. /sarcasm Before you start throwing around complaints, you may wish to check the status of IPv6 development. Try here: http://redmine.pfsense.org/search/index/pfsense?q=ipv6 Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
Uohh!! There is an option in System/Advanced/ Nat encapsultaed IpV6 PAckets ( IP protocol 41) and thre put the Linux box ipv4 address. For example 10.10.0.5 and it works!! I ping from outside, the tunnel endpoint and my LAN clients El 11/02/10 22:54, Jan Zorz escribió: Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. /jan Mikel Jimenez wrote: Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
On 2/11/2010 4:54 PM, Jan Zorz wrote: 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. Many of us would gladly work on IPv6, but we have no IPv6 connectivity directly available. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] How to forward protocol 41
sarcasm If you're unhappy with pfSense, simply request a refund. /sarcasm I disagree with the assumption of this statement: that you have to pay for something to have a valid criticism of it. I'd argue that it is the role of the user to advocate for desired features, regardless of what price was paid for the software. The fact that IPv6 support doesn't seem to be finished yet is an issue that gains significance every day. While it could probably have been phrased in more polite way, and possibly with more research behind it, I do understand the sentiment, though. I too would like to see more resources go towards completing IPv6 support in PFSense. I am relieved to see and hear that efforts are being made to address real IPv6 support, but the day when it is done cannot come soon enough. I have native IPv6 transport today to all of my facilities. The time of 'IPv6 is coming' has passed; we have moved into 'IPv6 to the last mile provider and consumer is coming', and with Comcast starting last mile IPv6 betas, it's looking like we're talking about sooner, rather than later. Best Regards, Nathan Eisenberg
Re: [pfSense Support] How to forward protocol 41
IPv6 is likely to be the first thing added after 2.0, and there won't be much added for the 2.1 release. To date It's just not in enough demand to justify the effort vs. other things we've been working on. For those of you it's important to, the great thing about open source is you can do it yourself - anyone can create a clone at rcs.pfsense.org and do the work. Code speaks louder than anything. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
On Thu, Feb 11, 2010 at 8:37 PM, Nathan Eisenberg nat...@atlasnetworks.us wrote: I'd argue that it is the role of the user to advocate for desired features, regardless of what price was paid for the software. The fact that IPv6 support doesn't seem to be finished yet is an issue that gains significance every day. While it could probably have been phrased in more polite way, and possibly with more research behind it, With these requirements a majority of the open source projects would never have releases. Almost everyone that contributes to the project are volunteers. There is no way we can dictate how a volunteer spends their time. This goes for pfSense and a lot of open source projects. Heck even a recent study showed that a majority of Linux kernrel commits are now sponsored in some fashion by companies. I am not arguing that open source is commercialized I am trying to emphasize that it is a scratch your itch type of deal. Either you get paid for XYZ company to do their work or you are scratching an itch somewhere that you feel the need. There are very few people that just come along and say your user base demands are my priority. Most of the cutting edge features in pfSense have come from a developer scratching an itch or a commercial support customer sponsoring the development time. I do understand the sentiment, though. I too would like to see more resources go towards completing IPv6 support in PFSense. I am relieved to see and hear that efforts are being made to address real IPv6 support, but the day when it is done cannot come soon enough. See above. I have native IPv6 transport today to all of my facilities. The time of 'IPv6 is coming' has passed; we have moved into 'IPv6 to the last mile provider and consumer is coming', and with Comcast starting last mile IPv6 betas, it's looking like we're talking about sooner, rather than later. That's pretty cutting edge in terms of American internet and you are lightyears ahead of us. Last I heard Youtube just came online and a huge spike of traffic was seen on the IPV6 backbone in America. That goes to show how little IPV6 is used overall in the USA still. It's unfortunate but it's the truth in the USA. I would love to have native IPV6 connectivity from my local carrier and I applaud comcast for taking that important first step in terms of cable modem subscribers. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
I'll just toss in a reason why I would like to see IPV6. I've got a network with about 24 subnets,,, a combination of physical and vlans. We have been rolling out Windows 7, and slowly been upgrading our servers to 2008 R2. My tech team is very small and we support a large number of clients in the K-12 sector. The advent of Microsoft's new PNRP protocol which is more or less an IPV6 P2P protocol is super slick. We have been playing with setting up our own private PNRP cloud but we discovered that it won't traverse our pfsense box. Now that being said, there are other ways to accomplish the same thing (send remote assistance via email, drop file on a file server so we can reach out and grab it), but this easy to use help desk tool, when its configured end to end, has a huge amount of value. The other option is doing some sort of 6to4 tunneling but I haven't figured out how to do that yet, but either way I just want to keep this traffic on the inside of the firewall in the first place. But I am incredibly grateful to the developers, you have a product second to none in the open source world in my opinion. If this manifests itself (IPV6), then great. If not, you can still count on my kind words. :) Take care, Tim P.S. Please no MS bashing here,,, I know that PNRP is about as safe as UPnP, but any good tech knows how to put in mitigating factors. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
