Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Any way to "bridge" only IPv6 packets?

On Aug 8, 2014, at 20:10, Brian Buhrow <> wrote:
>       Hello Dave.  Can't you use the BRIDGE_IPF option to enable filtering on
> the bridge(4) that bridges the inside and outside interface of your NetBSD
> box and then write a filter that allows IPV6 and blocks IPV4 packets?

Hmm, I'm not sure how to do that... my understanding is that with 
BRIDGE_IPF, the filter rules don't specifically reference the bridge, 
but reference the component interfaces of the bridge. It seems like a 
rule that's intended to only block only bridging of IPv4 between the 
two interfaces would block *all* IPv4 between the two interfaces, not 
just bridged traffic.

> Another way to possibly do this is if you have 3 interfaces on your
> NetBSD box.

It's a Soekris net5501 with 4 interfaces, so this seems doable... I 
haven't quite gotten it working though; not sure why. The machines on 
the LAN side are getting public IPv6 addresses, so SLAAC is working. 
However, I can't actually pass any IPv6 traffic... The device is 
sending an ICMP6 neighbor solicitation looking for the AT&T router's 
link local address, and it does like that's being sent out the correct 
interface to the router. However, the router doesn't respond. I can 
successfully ping6 the AT&T router's LL address from the NetBSD box 

I'll mess around with it more... it seems like this setup should work :)
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 38 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++

Home | Main Index | Thread Index | Old Index