# IPV6/IPV4  ipfw



## mold (May 20, 2010)

Hi all,

I have a several machines behind a linksys with 192 ip addresses. I setup an IPV6 tunnel on the gif0 interface on the gateway box.
The IPV6 works great on the lan and gateway.

my question is:
can the IPV4 and IPV6 co-exist and if so
how would one setup IPFW to pass all the packets through the gateway box to the clients on the lan with out interfering with the ipv4 rules? I know its first match wins, so what comes first, the chicken or the egg.

seems no matter what i setup the packets are filtered.


```
00100 allow ip from any to any via lo0 keep-state
00300 allow ip6 from any to any via lo0                          
00400 deny ip6 from any to ::1                                   
00500 deny ip6 from ::1 to any                                   
06404 allow ip6 from :: to ff02::/16 proto ipv6-icmp             
06405 allow ip6 from fe80::/10 to fe80::/10 proto ipv6-icmp      
06406 allow ip6 from fe80::/10 to ff02::/16 proto ipv6-icmp      
06417 allow tcp from any to 192.168.1.102 dst-port 21 in via rl0 
06418 allow tcp from 192.168.1.102 21 to any out via rl0         
06419 allow tcp from any to 192.168.1.102 dst-port 22 in via rl0 
06420 allow tcp from 192.168.1.102 22 to any out via rl0         
06421 allow tcp from any to 192.168.1.102 dst-port 25 in via rl0 
06422 allow tcp from 192.168.1.102 25 to any out via rl0
06423 allow udp from any to 192.168.1.102 dst-port 53 in via rl0
06424 allow tcp from 192.168.1.102 53 to any out via rl0
06425 allow tcp from any to 192.168.1.102 dst-port 80 in via rl0
06426 allow tcp from 192.168.1.102 80 to any out via rl0
06427 allow tcp from any to 192.168.1.102 dst-port 443 in via rl0
06428 allow tcp from 192.168.1.102 443 to any out via rl0
06429 allow tcp from any to 192.168.1.102 dst-port 143 in via rl0
06430 allow tcp from 192.168.1.102 143 to any out via rl0
06431 allow tcp from 192.168.1.102 993 to any out via rl0
06432 allow tcp from any to 192.168.1.102 dst-port 110 in via rl0
06433 allow tcp from 192.168.1.102 110 to any out via rl0
06434 allow tcp from 192.168.1.102 995 to any out via rl0
06445 allow ip from 192.168.1.0/24 to any out via rl0
06447 allow tcp from any to any established
06448 allow ip from any to any frag
06449 allow ip6 from any to any
06459 allow udp from any 53 to 192.168.1.102 in via rl0
06460 allow udp from any 123 to 192.168.1.102 in via rl0
06461 allow udp from any to 192.168.1.102 dst-port 53 in via rl0
06462 allow udp from any to 192.168.1.102 dst-port 123 in via rl0
06463 unreach port udp from any to 192.168.1.102 dst-port 33435-33524 in via rl0
06464 allow icmp from any to any in via rl0 icmptypes 0,3,4,8,11
06465 deny ip from any to 255.255.255.255
06466 deny log ip6 from any to any
06467 deny log ip from any to any
65535 deny ip from any to any
```

of coarse if i use an 


```
00050 allow all from any to any
```
all works well.


ifconfig on the gateway.

```
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:e0:18:d3:20:95
        inet 192.168.2.102 netmask 0xfffffff0 broadcast 192.168.2.111
        inet6 2001:471:5:16f::1 prefixlen 64
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:50:bf:3a:53:e4
        inet 192.168.1.102 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 192.168.1.102 --> 209.51.161.58
        inet6 2001:471:4:16f::2 --> 2001:471:0:8c::1 prefixlen 128
        options=1<ACCEPT_REV_ETHIP_VER>
```

thanks in advance!


----------

