[6bone] FW-1 & IPv6 gw with 6to4 tunnel

[Toomas Soome]

hi!

we are playing with latest fw-1 in solaris 8 box. we did manage to set
up ip.tun interface for outgoing link, but now there appears 2 problems:

1. fw-1 seems to be unable to filter packets from ip.tun interface. I
know fw-1 is currently unable to "see" inside of 6to4 tunnel, but this
host is endpoint for this tunnel. ok. I can use ipfilter to filter this
interface for workaround.

2. outgoing traffic is broken if initiated outside of this gateway. tcp
session will be established but I will not get [almost] any data, but
then again, session will be closed okay.

we did test this with telnetting to remote host port 22 and 80,
connection was established, I was able to see from remote host, it did
send data, but local host didn't get any data, but it did get RST.

outgoing connections initiated from fw host did behave ok, incoming
connections from remote hosts were ok as well (from remote to fw and
from remote to internal).

any comments/ideas? anyone tested fw-1 in similar kind of solution?
probably the workaround for second (and first) problem would be to
terminate tunnel before fw-1 host and let fw-1 to handle only real
interfaces, but this is not best solution in our case:(

toomas