NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/50508 ipnat doesn't work without INET6 kernel option
The following reply was made to PR kern/50508; it has been noted by GNATS.
From: scole_mail%gmx.com@localhost
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: kern/50508 ipnat doesn't work without INET6 kernel option
Date: Tue, 24 May 2016 13:44:02 -0400
It looks like this flag
#ifdef USE_INET6
might have to be unset somehow everywhere in
/src/sys/external/bsd/ipf/netinet/
To get the same effect without having to recompiling a kernel sans
INET6, I tried to block ipv6 packets in /etc/ipf.conf:
########################
#
# n.b., last matching rule wins unless line has "quick" keyword
#
# block all ipv6
block in quick on athn0 family inet6 all
block out quick on athn0 family inet6 all
# allow
pass in from any to any
pass out from any to any
#######################
dstar# ipfstat -io -h -n -6
19 @1 block out quick on athn0 inet6 all
16 @2 pass out from any to any
97 @1 block in quick on athn0 inet6 all
20 @2 pass in from any to any
dstar# ipfstat -io -h -n
18 @1 pass out from any to any
24 @1 pass in from any to any
But that seems to block everything. My athn0 interface is a dhcp wifi
ipv4 that works fine until those block lines are added. Once added, I
can't reach any external ip upstream on that interface. I can still
reach other hosts on my local network through a different re0 interface
though.
So it seems like the "family inet6" or "on athn0" flag is not working,
that packets still going through ipv6 routing somehow, or I am missing
something.
Thanks
Home |
Main Index |
Thread Index |
Old Index