Li, Qing wrote:
Just another case where the route must be created:
That's probably because I explicitly disabled such
route installation for PPP link type.
Please apply patch http://people.freebsd.org/~qingli/patch and
let me know if that solves your problem.
The problem is solved.
Thanks a lot.
Henri
PS. the ipv4 ping was working fine before (and after) your patch, so
I don't see why you have to patch in.c
Thanks,
-- Qing
[r...@avoriaz ~]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 212.239.166.57 --> 94.23.44.41
inet6 fe80::21d:60ff:fead:2ace%gif0 prefixlen 64 scopeid 0x4
inet6 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:0:ffff::
prefixlen
128
options=1<ACCEPT_REV_ETHIP_VER>
[r...@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff::
PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: -->
2001:41d0:2:2d29:1:ffff::
^C
--- 2001:41d0:2:2d29:1:ffff:: ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
[r...@avoriaz ~]# route add -inet6 2001:41d0:2:2d29:1:ffff::
-interface
lo0
add host 2001:41d0:2:2d29:1:ffff::: gateway lo0
[r...@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff::
PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: -->
2001:41d0:2:2d29:1:ffff::
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.531 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.884 ms
16 bytes from ::1, icmp_seq=2 hlim=64 time=0.748 ms
^C
--- 2001:41d0:2:2d29:1:ffff:: ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.531/0.721/0.884/0.145 ms
Thanks
Henri
-----Original Message-----
From: Henri Hennebert [mailto:h...@restart.be]
Sent: Sat 7/11/2009 3:09 AM
To: Li, Qing
Cc: freebsd-stable@freebsd.org; freebsd-...@freebsd.org
Subject: Re: 8.0-BETA1 - for the record - different paths followed
by
IPv4 and IPv6 for 'local' connections
Li, Qing wrote:
Hi,
Please try patch-7-10 in my home directory
http://people.freebsd.org/~qingli/
and let me know how it works out for you. I thought I had committed
the patch
but turned out I didn't.
I apply the patch, reset my pf.conf to its previous content and all
is
running smoothly. By the way, I discover after my post that my
"solution" was not working for long (many bytes) connections and
this
is
solved too.
Many thank for your time
Henri
PS please commit as soon as possible
On 8.0-BETA1 there is an assymetry:
netstat -rn display
192.168.24.1 link#3
....
no entry for 2001:41d0:2:2d29:1:1::
This is by design as part of the new architecture in 8.0, which
maintains
the L2 ARP/ND6 and L3 routing tables separately.
-- Qing
-----Original Message-----
From: owner-freebsd-sta...@freebsd.org on behalf of Henri Hennebert
Sent: Fri 7/10/2009 5:32 AM
To: freebsd-stable@freebsd.org; freebsd...@freebsd.org
Subject: 8.0-BETA1 - for the record - different paths followed by
IPv4 and IPv6 for 'local' connections
Hello,
After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem
when
connecting with firefox to a local apache server using the global
unicast IPv6 address of the local machine. pf.conf must be updated!
My configuration:
[r...@avoriaz ~]# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
mtu
1500
options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO
4>
ether 00:1d:60:ad:2a:ce
inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255
inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1
inet6 2001:41d0:2:2d29:1:1:: prefixlen 80
media: Ethernet 100baseTX (100baseTX <half-duplex>)
status: active
[r...@avoriaz ~]# host www.restart.bel
www.restart.bel is an alias for avoriaz.restart.bel.
avoriaz.restart.bel has address 192.168.24.1
avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1::
pf.conf:
int_if="em0"
block in log all
block out log all
set skip on lo0
antispoof quick for $int_if inet
# Allow trafic with physical internal network
pass in quick on $int_if from ($int_if:network) to ($int_if) keep
state
pass out quick on $int_if from ($int_if) to ($int_if:network) keep
state
The problem:
[r...@avoriaz ~]# telnet -4 www.restart.bel 80
Trying 192.168.24.1...
Connected to avoriaz.restart.bel.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[r...@avoriaz ~]# telnet -6 www.restart.bel 80
Trying 2001:41d0:2:2d29:1:1::...
--->Never connect and get a timeout!
tcpdump and logging in pf show me that
For a IPv4 connection:
the packet from telnet to apache pass 2 times on lo0 (out and in)
the answer packet from apache to telnet pass 2 times on lo0 (out
and
in)
So no problem, there is `set skip on lo0'
For a IPv6 connection:
The first packet from telnet to apache pass 2 times on lo0 (out and
in)
The answer packet from apache to telnet path on em0 and is
rejected
due to the default flags S/SA.
So I have to change pf.conf and replace the last line:
pass out quick on $int_if from ($int_if) to ($int_if:network) \
keep state flags any
Then all is OK
By the way, on 7.2
netstat -rn display
192.168.24.1 00:1d:60:ad:2a:ce
....
2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce
On 8.0-BETA1 there is an assymetry:
netstat -rn display
192.168.24.1 link#3
....
no entry for 2001:41d0:2:2d29:1:1::
Hope it may help someone
Henri
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-
unsubscr...@freebsd.org"
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-
unsubscr...@freebsd.org"
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
