[support] passing MIPv6 traffic through pf firewall
harland s.j. (sjh706)
sjh706 at ecs.soton.ac.uk
Tue Sep 9 22:50:57 JST 2008
Hello,
Currently I'm running Homeguy on a laptop, talking to another box running the HA.
The topology of the network here is quite complex, but as far as passing traffic *inside* the firewall goes, everything works fine.
However we have a wireless DMZ in place, and run the BSD pf as the firewall. When the MN is on the Wireless DMZ, BU packets appear to pass quite nicelly through the firewall, and the HA sends a BuA back. However the firewall drops the packet marking it as matching ip-option.
The pf rules that we have for it are as follows:
pass out quick on inet6 from $HA to any flags S/SA keep state
pass out quick on inet6 from any to $HA flags S/SA keep state
pass in quick on $int_iface all flags S/SA keep state tag INT_NET
pass in quick on $wlan_iface all flags S/SA keep state tag WLAN_NET
pass out quick on $wlan_iface all flags keep state tagged INT_NET
(of course the last rule in theory shouldn't be matched as the first should apply in this instance due to the 'quick' keyword).
My main request here is to ask if anyone has any experience of debugging this, and if it actually a fault in the BSD pf (which I have a nasty feeling that it might be.)
Kind Regards
Stuart Harland
More information about the Support
mailing list