***: adkaruil has joined #arpnetworks
adkaruil has quit IRC (Ping timeout: 255 seconds)
nbari|away is now known as nbari
nbari has left
ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
ziyourenxiang has joined #arpnetworks
jlgaddis has quit IRC (Read error: No route to host)
jlgaddis has joined #arpnetworks
vmmello has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
tuv_ is now known as tuv
tuv has quit IRC (Changing host)
tuv has joined #arpnetworks
B3nj1 has joined #arpnetworks B3nj1: anyone to talk to about a purchase? bob^^: probably best to just ask B3nj1 :) B3nj1: I want to talk about pricing/costs so easier probably to do it pvt bob^^: depending on what your question is we might be able to help - up_the_irons is the only ARP employee
(the rest of us are just customers i think) B3nj1: ah kk ***: fink has joined #arpnetworks
vmmello has quit IRC (Quit: cd ../)
robotarmy has joined #arpnetworks toddf: b3nj1: if your question is generic we can perhaps help here, but the website lays the groundwork for costs in general ***: LT has quit IRC (Quit: Leaving)
robotarmy has quit IRC (Remote host closed the connection)
jpalmer has quit IRC (Quit: leaving)
jpalmer has joined #arpnetworks
jpalmer has quit IRC (Client Quit)
jpalmer has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 276 seconds)
HighJinx has joined #arpnetworks
jlgaddis has quit IRC (Read error: Connection reset by peer)
jlgaddis has joined #arpnetworks
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
jlgaddis has quit IRC (Read error: No route to host)
jlgaddis has joined #arpnetworks
cedwards has quit IRC (Ping timeout: 240 seconds)
cedwards has joined #arpnetworks
w0ls0n has joined #arpnetworks w0ls0n: afternoon all fink: hi w0ls0n: question for you all. I have ipv6 working on pfsense and I can ping ipv6.google.com. There are docs in the handbook about setting up a static ipv6 address but I cannot do that. Is there a way to set it up so routing works if freebsd is assigned an ipv6 address?
I am using ht.net for my ipv6 tunnel
and I am also curious if there is a way to make ipv6 work on winblows XP Sheath: yes w0ls0n: ... ***: robotarmy has joined #arpnetworks jpalmer: w0ls0n: on XP from a command prompt (administrator access) type "ipv6 install"
ipv6 is installed, it's just disabled on XP. coobra: S
ohh w0ls0n: I did do that already
ipv6.google.com just times out
it does ping from pfsense though jpalmer: are you passing protocol 41? is your pfsense sending RA's? does your XP machine have an address other than the link-local? w0ls0n: in order ... probebly not. I would have to check and all the XP machines get 2 2001:470: ips
is protocol 41 something I can forward as a rule in pfsense? jpalmer: I don't use pfsense, so i can't answer that.
you'll need to pass protocol 41, and make sure pfsense is set to pass packets from one interface to the next. w0ls0n: hmmm
Ok I see a box that says
NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:
I would put my ipv4 WAN address there jpalmer: I don't use pfsense, I'm not sure what thats for in particular. w0ls0n: it's the only section I see for Protocol 41
googled around and found this
http://www.mail-archive.com/support@pfsense.com/msg19106.html jpalmer: I'd suggest consulting the #ipv6 channel, or the #pfsense channel (or both)
there ae some guys from he.net on #ipv6, and I'd hope the people on #pfsense are more familiar with it than I am ;) w0ls0n: ok
thanks for trying :-) ***: w0ls0n has left toddf: Dual Stack is bad.
er ..
IPv4-compatible IPv6 address is bad. block them with prejudice.
rfc2893 talks of A6 which is deprecated and no longer used even ***: robotarmy has quit IRC (Remote host closed the connection)
robotarmy has joined #arpnetworks jdoe: toddf: "ipv4-compatible ipv6"? jpalmer: I believe he's referring to the ::ffffff:1.2.3.4 style addressing. similar to the one bit.ly accidentally published to DNS not that long ago. toddf: NAT encapsulated IPv6 packets (IP protocol 41/RFC2893)
unless that means 'ipv4 header ip-protocol-41 ipv6 tunnel' stuff ..
if you're doing filtering with pf and ipv6 beware that you must not block icmp6 otherwise ndp won't work (v6 equivalent of arp); you can block no more than this for things to work:
match out inet6 proto icmp6 icmp6-type { neighbrsol routersol echoreq timex } tag ICMP
match in inet6 proto icmp6 icmp6-type { neighbradv neighbrsol routeradv echoreq echorep fqdnrep timex unreach } tag ICMP
pass tagged ICMP jpalmer: dig AAAA forvo.com <-- heh toddf: (obiously other ways to skin that same cat of behavior, but that's from a `working' system of mine
)
yecht crazed: i need to fix my pf rules
so lazy though up_the_irons: toddf: i'm not very familiar with pf syntax, but given pf is so "readable", i actually understood exactly what those statements mean; pf ftw toddf: ;-)
the echoreq/echorep is not mandatory but I personally consider it so considering it gives more false warnings than true security and/or usefulness up_the_irons: ah ***: robotarmy has quit IRC (Remote host closed the connection)
amdprophet has joined #arpnetworks
vapor has quit IRC (Ping timeout: 260 seconds)
vapor has joined #arpnetworks
amdprophet has quit IRC (Ping timeout: 240 seconds)
amdprophet has joined #arpnetworks
amdprophet has quit IRC (Client Quit)
amdprophet has joined #arpnetworks shatt: What would a /96 from 2a00:dd0:0:17::1/64 be?
if I wanted to split 2a00:dd0:0:17::1/64 into a bunch of /96s.. what would it be? this ipv6 calc i am using sucks ***: robotarmy has joined #arpnetworks up_the_irons: 2a00:dd00:0000:1700:0000:0000:0000::1/96
i believe
actually
2a00:dd00:0000:1700:0000:0000::/96
2a00:dd00:0000:1700:0000:0001::/96
2a00:dd00:0000:1700:0000:0002::/96
2a00:dd00:0000:1700:0000:0003::/96
etc...
shatt: ^
scratch the first jdoe: I think you still have an extra... not octet... extra... whatever.
no I'm wrong, ignore me.
shatt: http://en.linuxreviews.org/IPv6_subnet_matrix_table too. ***: amdprophet has quit IRC (Ping timeout: 255 seconds)
vapor has quit IRC (Ping timeout: 272 seconds)
vapor has joined #arpnetworks crazed: does pf have a way of testing rulesets before applying them? Sheath: yes
-n Do not actually load rules, just parse them.
a manual is a wonderful thing. crazed: that it is Sheath: thats pfctl btw if you haven't figured it out :) crazed: hehe i did, i figured it was that
don't know why i asked instead of manualing first Sheath: its easier to ask i guess ***: Sheath is now known as muskyhusky crazed: any tips for this ruleset? http://arpnetworks.pastebin.com/97d1xHY5
hm i guess i could drop $ext_if and just use egress everywhere ***: crazed_ has joined #arpnetworks
crazed has quit IRC (Ping timeout: 260 seconds) fink: crazed_: service pf check
(on freebsd 8) ***: crazed has joined #arpnetworks
crazed_ has quit IRC (Ping timeout: 260 seconds)
crazed has quit IRC (Read error: Operation timed out)
crazed has joined #arpnetworks crazed: damn.. state table ***: amdprophet has joined #arpnetworks
Zuul_ has joined #arpnetworks
Zuul has quit IRC (Ping timeout: 250 seconds)
cubelogic has quit IRC (Remote host closed the connection)
zeshoem has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 240 seconds)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
jdoe has quit IRC (*.net *.split)
zeshoem has quit IRC (*.net *.split)
zxvff has quit IRC (*.net *.split)
vapor has quit IRC (*.net *.split)
crazed has quit IRC (*.net *.split)
cmeiklejohn has quit IRC (*.net *.split)
nuke` has quit IRC (*.net *.split)
toddf has quit IRC (*.net *.split)
Jareth has quit IRC (*.net *.split)
Ehtyar has quit IRC (*.net *.split)
tuvwx has quit IRC (*.net *.split)
hsbt has quit IRC (*.net *.split)
ajwak95 has quit IRC (*.net *.split)
cubelogic has joined #arpnetworks
zeshoem has joined #arpnetworks
crazed has joined #arpnetworks
vapor has joined #arpnetworks
Jareth has joined #arpnetworks
Ehtyar has joined #arpnetworks
ajwak95 has joined #arpnetworks
tuvwx has joined #arpnetworks
cmeiklejohn has joined #arpnetworks
nuke` has joined #arpnetworks
toddf has joined #arpnetworks
hsbt has joined #arpnetworks
zxvff has joined #arpnetworks
jdoe has joined #arpnetworks
calvino.freenode.net sets mode: +o toddf
crazed has quit IRC (*.net *.split)
cmeiklejohn has quit IRC (*.net *.split)
nuke` has quit IRC (*.net *.split)
toddf has quit IRC (*.net *.split)
cubelogic has quit IRC (Ping timeout: 240 seconds)
crazed has joined #arpnetworks
cmeiklejohn has joined #arpnetworks
nuke` has joined #arpnetworks
toddf has joined #arpnetworks
calvino.freenode.net sets mode: +o toddf
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
robotarmy has quit IRC (Remote host closed the connection)
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
Zuul_ is now known as Zuul
fink has quit IRC (Quit: fink)
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
garrydolley has joined #arpnetworks garrydolley: Hello from android ***: robotarmy has joined #arpnetworks
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
garrydolley has quit IRC (Ping timeout: 272 seconds)
garrydolley has joined #arpnetworks
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
garrydolley has quit IRC (Ping timeout: 255 seconds)
robotarmy has quit IRC (Remote host closed the connection)
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Read error: Connection reset by peer)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Read error: Operation timed out)
HighJinx has joined #arpnetworks
adkaruil has joined #arpnetworks adkaruil: Can I pay with paypal? Jareth: adkaruil: http://support.arpnetworks.com/kb/billing/do-you-accept-paypal adkaruil: :( ***: nerdd has quit IRC (Ping timeout: 240 seconds)
HighJinx has quit IRC (Read error: Connection reset by peer) up_the_irons: adkaruil: we are looking into adding PayPal support, but right now we don't support it, sorry ***: HighJinx has joined #arpnetworks adkaruil: I'm looking forward to it, do you have any timeframe for pp support? up_the_irons: adkaruil: not yet ***: HighJinx has quit IRC (Read error: Operation timed out)
amdprophet has quit IRC (Quit: amdprophet)
zeshoem has quit IRC (Ping timeout: 246 seconds) G: up_the_irons: I thought PayPal was full of risks? up_the_irons: G: it is, but i'm looking to double in size this year, and one way to do it is to accept paypal. dealing with the risks will become another task, hopefully outweighed by the increase in business ***: HighJinx has joined #arpnetworks adkaruil: Yeah, some people out there don't have credit card. ^_^ ***: amdprophet has joined #arpnetworks
nerdd has joined #arpnetworks
amdprophet has quit IRC (Remote host closed the connection)
amdprophet has joined #arpnetworks