firewalling with tunnels, and/or ipv6
From: Charlie Schluting (charlie_at_schluting.com)
Date: 12/21/04
- Previous message: David: "IPF to PF rule migration tools"
- Next in thread: Brooks Davis: "Re: firewalling with tunnels, and/or ipv6"
- Reply: Brooks Davis: "Re: firewalling with tunnels, and/or ipv6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 20 Dec 2004 18:05:16 -0800 To: freebsd-net@freebsd.org
Ok, I've got a v6 tunnel, and to make it work I had to "allow ipv6 from
<endpoint>" in ipfw. From what I understand, I have to make a completely
different set of rules for ipv6, and load them using the -6 flag.
Correct so far?
Ok, so I want to set up an ipip v4 tunnel to another box (that runs
ipf), and then squirt ipv6 through the tunnel. Sounds easy, but I can't
even seem to get the ipip tunnel working.
The question:
How do you configure ipf/ipfw (in a general sense) to allow ipip
tunnels? More importantly, if I "allow ipip from <IP>" does that mean I
just poked a big ass hole in the firewall... i.e. anything coming
through the ipip tunnel will pass? Or, does that make an IP layer be
shed, then the packet is run through all the rules again? Inefficient,
but I'd think this would be the desired behaivor.
At any rate, simply allowing ipip from <host> doesn't allow the v4
tunnel to work. What else is needed? (of course static routes, etc.)
I think I'll stop here for now; once that's clear I should be able to
set it up.
Thanks,
_Charlie
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: David: "IPF to PF rule migration tools"
- Next in thread: Brooks Davis: "Re: firewalling with tunnels, and/or ipv6"
- Reply: Brooks Davis: "Re: firewalling with tunnels, and/or ipv6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
