Rantings by Nick Buraglio

Once again the pfSense team has given the open source and commercial community another great release of their marvelous firewall software. CHECK IT OUT, DONATE, or HELP OUT!

I’ve been revisiting IPv6 a lot again lately, and one thing I wanted to do was to get my home network back running IPv6 again after having it off for a while. IPv6 isn’t that hard to understand, configure, route or use, it’s just different and I need to know it well for my job so this is a good excuse to play around and re-read some of the books I bought years ago on the subject.
Since my lovely provider, Comcast, has no plan to deploy v6 yet I turned to one of the several IPv6 Tunnel Brokers. I had used the Hurricane Electric Tunnel Broker service a lot when first pawing at v6 years ago, and my tunnel info was still there.
OK, Tunnel up. Reverse DNS delegated and working. Router Advertisements flying all over the network and modified EUI-64 addresses all looking good.

# ifconfig
lo0: flags=8049 mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0×5
vic0: flags=8843 mtu 1500
lladdr 00:0c:29:38:49:eb
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe38:49eb%vic0 prefixlen 64 scopeid 0×1
inet6 2001:470:1f07:447:20c:29ff:fe38:49eb prefixlen 64 pltime 604786 vltime 2591986
inet 192.168.209.11 netmask 0xffffffc0 broadcast 192.168.209.63


inet6 2001:470:1f07:447:20c:29ff:fe38:49eb prefixlen 64 pltime 604786 vltime 2591986 being the important string in there.

…..Flash back like 12 months. In an effort to be a little more conscious of money as well as environment, and out of good old fashioned cheapness, I took down my nice rack of servers, powered them all off, saved up my pennies and got a really nice 24″ iMac, packed to the hilt with RAM and disk with the idea of using one of my copies of vmware fusion to run my FreeBSD, OpenBSD and pfSense stuff on.

OK, time for the fun…..geting some v6 stuff to work through my network, over wireless, using vmware fusion with the gust OS in bridge mode….uuuumm, nope.
Hmmmm, why could this be? It’s just a network interface, right? Wrong. After troubleshooting this for a while and seeing nothing in packet dumps from anything outside of the box I decided to hit up my the smartest place I know to look, Google (yes, I used http://ipv6.google.com).
Low and behold, I found this post.

Apparently wireless interfaces are a problem, and as so tersely stated more than once in that thread “VMware policy is to not comment on unannounced products, features, or timelines”.
Crud. Well, I’m running vmware fusion 1.1.4 still….maybe I’ll see if it’s supported in 2.0, but not tonight. That would make life too easy so I’m not counting on it.

I’m not really sure how I missed this, probably because it’s some students doing the work, but nevertheless, it’s very exciting.
This is something that has been unavailable for the most part under *BSD, but available for quite some time under Linux. I personally don’t like iptables and find it much less elegant than pf, both in implementation and practice so seeing this work is very encouraging and I can’t wait to test it out.
Adding this into pfSense is a very exciting thing!

Add this blog to your RSS reader to keep track!

BGP, QoS, L7, pf, CARP (and OSPF if I can get off my butt and finish the GUI), pfSense is going to take over the world!