|
Setting up a static tunnel on FreeBSD. Answer, not a question.
![[us]](/s/countries/us.gif) Shadow Hawkins on Sunday, 04 May 2008 21:53:00
This is with FreeBSD 6-stable, although it should work identically on FreeBSD 7.
The regular FAQ information provided most of the information I needed but there is a little bit missing. First, the tunnel. Once I got my tunnel set up (between Chicago and my firewall/router machine) I couldn't figure out why it wasn't responding to external IPV6 pings. I tried a bunch of things, including things like
${fwcmd} add pass ipv6 from ${ipv6tun} to ${iip}
but nothing worked. Finally I figured out that I just needed to pass all IP traffic between the two ends of the tunnel. I did that with:
${fwcmd} add pass ip from ${ipv6tun} to ${iip} via ${oif}
${fwcmd} add pass ip from ${iip} to ${ipv6tun} via ${oif}
${fwcmd} add pass icmp from ${ipv6tun} to ${iip} via ${oif}
${fwcmd} add pass icmp from ${iip} to ${ipv6tun} via ${oif}
(Where "ipv6tun" is the remote and "iip" the local IPV4 address and "oif" is the external network interface.) The "icmp" lines may be redundant but I'm keeping them anyway.
With the proper configuration of the IPV6 firewall to allow ICMP6:
${fw6cmd} add pass ipv6-icmp from any to any
everything was hunky-dory.
This stuff should probably go into the FAQ.
Setting up a static tunnel on FreeBSD. Answer, not a question.
For years the FAQ already contains: I have a firewall, what ports/protocols are used?.
It indeed doesn't cover the exact pf/ipfw/iptables/whateveryouuse commands, but that is mostly because everybody uses a different mechanism and will have their own preferences. As such, that only serves as a recommendation, it is your network to firewall, if you don't or you do, that is your concern to configure it correctly.
Setting up a static tunnel on FreeBSD. Answer, not a question.
![[ca]](/s/countries/ca.gif) Shadow Hawkins on Tuesday, 13 May 2008 16:10:46
If you can find a suitable place (if there isn't one create it) in the Wiki, then that is another good place to document stuff.
|
![[ch]](/s/countries/ch.gif)
on Monday, 12 May 2008 15:28:26
Posting is only allowed when you are