Re: can't route traffic from lan out via the aiccu connection

Tue, 04 Jan 2011 08:45:40 -0800 

What does `sysctl net.inet6.ip6.forwarding` say ?  It should be set to
1...

Cheers,

Paul 'WEiRD' de Weerd

On Tue, Jan 04, 2011 at 03:28:15PM +0100, nothingness wrote:
| Hi all,
| 
|   I've been trying for a few days to get my ipv6 tunnel to work from my
| lan. I've got a sixxs.net tunnel with a /48 assigned for my lan. I can
| connect from the router to irc networks over ipv6 but I'm unable to run
| traffic out via the gif0 for anything originating from the lan. I can
| also connect to the router over ipv6 for ssh stuff for ex. I'm
| completely out of ideas on what to do to get this to work, hope someone
| will have a suggestion. Here's my pf.conf (I'm running  openbsd 4.8 with
| a generic kernel, patched to latest release):
| 
| ext_if="bge0"
| 
| ipv6_if="gif0"
| ipv6_ip="2001:1620:f00:56::2"
| ipv6_gw="2001:1620:f00:56::1"
| ipv6_lan="2001:1620:f2e1::/64"
| ipv6_lan2="2001:1620:f2e3::/64"
| 
| int_if="dc0"
| vpn1_if="tun1"
| vpn2_if="tun2"
| vpn3_if="tun3"
| tcp_services="{ 179, 2027:2037, 5002, 7777, 8296, 46411 }"
| udp_services="{ 1194, 5003, 5501, 7777, 30000, 46411 }"
| icmp_types="echoreq"
| ssh_ports="{ ssh , 1194 }"
| im_ports="{ icq, msn, ircd, ircd-ssl }"
| 
| table <ssh-violations> persist file "/etc/ssh-violations"
| table <spamd-white> persist
| set block-policy drop
| set loginterface $ipv6_if
| set skip on lo
| set state-policy if-bound
| 
| match out on $ext_if inet from !($ext_if) nat-to ($ext_if)
| 
| match in on $int_if proto tcp to ($int_if) port ftp rdr-to 127.0.0.1
| port 8021
| match in on $int_if proto tcp to ($int_if) port http rdr-to 127.0.0.1
| port 3128
| match in on $ext_if proto tcp to ($ext_if) port smtp rdr-to 127.0.0.1
| port spamd
| block in log
| pass out keep state
| 
| block drop in log on $ext_if from <ssh-violations> to any
| block drop in log on $ipv6_if from <ssh-violations> to any
| 
| #try ipv6 routing
| pass quick on $ipv6_if proto {ipencap, ipv6}
| pass quick on $ext_if proto {ipencap, ipv6}
| pass quick on $ext_if inet6
| pass quick on $ipv6_if inet6
| 
| pass in on $ext_if proto udp from any to any port 1194
| pass in inet proto icmp all icmp-type $icmp_types keep state
| pass proto 41 from any to any keep state
| pass quick on $int_if no state
| pass quick on $vpn1_if no state
| pass quick on $vpn2_if no state
| pass quick on $vpn3_if no state
| 
| #pass quick on $vpn_if inet proto gre any
| pass quick from 224/7 to any keep state
| 
| 
| Cheers,
| 
| Noth
| 

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/

Reply via email to