FreeBSD_4.4 + ipfilter_3.4.20 + IPv6 = headache...
Pete Toscano
pete@research.netsol.com
Thu, 4 Oct 2001 16:57:37 -0400
Ah, my friends, I encountered the same problem back when I made my
FreeBSD IPv6 firewall and I have your answer. =8]
Somewhere around about that 4.3-to-4.4 cutover time, the kernel was
changed to not automatically create the gif interfaces. You need to use
the gifconfig command. The tip-off for me was some changes in
/etc/defaults/rc.conf. Grep through /etc/defaults/rc.conf for gif.
Okay, I'll do that for you. This is what you get:
====================
gif_interfaces="NO" # List of GIF tunnels (or "NO").
#gif_interfaces="gif0 gif1" # Examples typically for a router.
#gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router.
#gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router.
====================
Ah-ha! I added something very similar to my /etc/rc.conf file and
everything was good. Well, everything with respect to the gif interface
problems. Here's sort of what I added:
====================
gif_interfaces="gif0"
gifconfig_gif0="m1.m2.m3.m4 b1.b2.b3.b4"
ipv6_ifconfig_gif0="3ffe:mX::mY:0:0:e 3ffe:bX::bY:0:0:d prefixlen 128"
====================
The first two lines are used to create the gif interfaces and configure
their IPv4 end-points. Add as many gif interfaces to gif_interfaces as
you need and for each one, add a gifconfig_gifX line (X >= 0). The
first IPv4 address is mine, the second is the address at the other end
of the tunnel.
The third line (IPv6) configures the gif interface. (Actually, this
isn't specific to the gif interface, but for the sake of being
complete...)
Upon restart, the interfaces all started up fine.
HTH,
pete
On Wed, 03 Oct 2001, lazy wrote:
> Is it supposed to exist? ;)
>
> Check your kernel configuration and make sure you
> have it enabled, the line should look something
> similar to:
> pseudo-device gif 4
>
> // lazy
>
>
> "Rendo A.W" wrote:
> >
> > how could i do that if gif interface didn't exist ?
> > this is the error message
> >
> > root >> ifconfig gif create
> > ifconfig: interface gif does not exist
> >
> > # RENDO A.W >>
> >
> > On Wed, 3 Oct 2001, kim chua wrote:
> >
> > > I think you need to create gif interface first:
> > >
> > > ifconfig gif create
> > >
> > > hope this helps,
> > >
> > > Chua K K
> > > NTT MSC
> > > Cyberjaya
> > > Malaysia
> > > --
> > >
> > > On Mon, 1 Oct 2001 08:51:36
> > > Rendo A.W wrote:
> > > >
> > > >I agree with you, I also failed in make tunnel for ipv6 in FreeBSD
> > > >4.4-Stable. The gif interface didn't appear and I can't use stf for
> > > >tunnelling.
> > > >Can anyone explain me how to make tunneling in FreeBSD 4.4-Stable ?
> > > >
> > > >Thank you and sorry about my poor english.
> > > >
> > > ># RENDO A.W >>
> > > >
> > > >On Sun, 30 Sep 2001, Oliver, Michael W. wrote:
> > > >
> > > >> I realize that this may be somewhat off topic, but please hear me out. I
> > > >> have been spending the past few days trying to build a FreeBSD 4.4 STABLE
> > > >> firewall, using the included ipfilter 3.4.20 port, that supports IPv6
> > > >> filtering. I have been completely unsuccessful up to now. I have also
> > > >> bypassed the port and downloaded 3.4.20 from ftp://coombs.anu.edu.au/ and,
> > > >> following the instructions from a Zama pdf
> > > >> (ftp://www.zamanetworks.com/pub/knowledgebase/techdocs/Implementing%20an%20I
> > > >> Pv6%20and%20IPv4%20IPF%20firewall%20on%20FreeBSD%204.2.pdf), tried to
> > > >> compile. Now, I know that the Zama pdf instructions are for ipfilter
> > > >> 3.4.16, but that version isn't available anymore. Anyway, the patch fails
> > > >> when I try to apply it.... <sigh>
> > > >>
> > > >> Has anyone tried this setup yet? I have posted this to the FreeBSD
> > > >> newsgroups, but I figured that I would send it here also since this may be
> > > >> too 'out there' for the newsgroups. Thanks in advance!
--
Pete Toscano pete@research.netsol.com 703.948.3364