anyone to talk to about a purchase?
probably best to just ask B3nj1 :)
I want to talk about pricing/costs so easier probably to do it pvt
depending on what your question is we might be able to help - up_the_irons is the only ARP employee
(the rest of us are just customers i think)
ah kk
b3nj1: if your question is generic we can perhaps help here, but the website lays the groundwork for costs in general
afternoon all
hi
question for you all. I have ipv6 working on pfsense and I can ping ipv6.google.com. There are docs in the handbook about setting up a static ipv6 address but I cannot do that. Is there a way to set it up so routing works if freebsd is assigned an ipv6 address?
I am using ht.net for my ipv6 tunnel
and I am also curious if there is a way to make ipv6 work on winblows XP
yes
...
w0ls0n: on XP from a command prompt (administrator access)  type "ipv6 install"
ipv6 is installed,  it's just disabled on XP.
S
ohh
I did do that already
ipv6.google.com just times out
it does ping from pfsense though
are you passing protocol 41?   is your pfsense sending RA's?  does your XP machine have an address other than the link-local?
in order ... probebly not. I would have to check and all the XP machines get 2 2001:470: ips
is protocol 41 something I can forward as a rule in pfsense?
I don't use pfsense,  so i can't answer that.
you'll need to pass protocol 41,  and make sure pfsense is set to pass packets from one interface to the next.
hmmm
Ok I see a box that says
NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:
I would put my ipv4 WAN address there
I don't use pfsense,  I'm not sure what thats for in particular.
it's the only section I see for Protocol 41
googled around and found this
http://www.mail-archive.com/support@pfsense.com/msg19106.html
I'd suggest consulting the #ipv6 channel,  or the #pfsense channel (or both)
there ae some guys from he.net on #ipv6,  and I'd hope the people on #pfsense are more familiar with it than I am ;)
ok
thanks for trying :-)
Dual Stack is bad.
er ..
IPv4-compatible IPv6 address is bad. block them with prejudice.
rfc2893 talks of A6 which is deprecated and no longer used even
toddf: "ipv4-compatible ipv6"?
I believe he's referring to the ::ffffff:1.2.3.4 style addressing.   similar to the one bit.ly accidentally published to DNS not that long ago.
NAT encapsulated IPv6 packets (IP protocol 41/RFC2893)
unless that means 'ipv4 header ip-protocol-41 ipv6 tunnel' stuff ..
if you're doing filtering with pf and ipv6 beware that you must not block icmp6 otherwise ndp won't work (v6 equivalent of arp); you can block no more than this for things to work:
match out inet6 proto icmp6 icmp6-type { neighbrsol routersol echoreq timex } tag ICMP
match in inet6 proto icmp6 icmp6-type { neighbradv neighbrsol routeradv echoreq echorep fqdnrep timex unreach } tag ICMP
pass     tagged ICMP
dig AAAA forvo.com  <-- heh
(obiously other ways to skin that same cat of behavior, but that's from a `working' system of mine
)
yecht
i need to fix my pf rules
so lazy though
toddf: i'm not very familiar with pf syntax, but given pf is so "readable", i actually understood exactly what those statements mean;  pf ftw
;-)
the echoreq/echorep is not mandatory but I personally consider it so considering it gives more false warnings than true security and/or usefulness
ah
What would a /96 from 2a00:dd0:0:17::1/64 be?
if I wanted to split 2a00:dd0:0:17::1/64 into a bunch of /96s.. what would it be?  this ipv6 calc i am using sucks
2a00:dd00:0000:1700:0000:0000:0000::1/96
i believe
actually
2a00:dd00:0000:1700:0000:0000::/96
2a00:dd00:0000:1700:0000:0001::/96
2a00:dd00:0000:1700:0000:0002::/96
2a00:dd00:0000:1700:0000:0003::/96
etc...
shatt: ^
scratch the first
I think you still have an extra... not octet... extra... whatever.
no I'm wrong, ignore me.
shatt: http://en.linuxreviews.org/IPv6_subnet_matrix_table too.
does pf have a way of testing rulesets before applying them?
yes
     -n      Do not actually load rules, just parse them.
a manual is a wonderful thing.
that it is
thats pfctl btw if you haven't figured it out :)
hehe i did, i figured it was that
don't know why i asked instead of manualing first
its easier to ask i guess
any tips for this ruleset? http://arpnetworks.pastebin.com/97d1xHY5
hm i guess i could drop $ext_if and just use egress everywhere
crazed_: service pf check
(on freebsd 8)
damn.. state table
Hello from android
Can I pay with paypal?
adkaruil: http://support.arpnetworks.com/kb/billing/do-you-accept-paypal
:(
adkaruil: we are looking into adding PayPal support, but right now we don't support it, sorry
I'm looking forward to it, do you have any timeframe for pp support?
adkaruil: not yet
up_the_irons: I thought PayPal was full of risks?
G: it is, but i'm looking to double in size this year, and one way to do it is to accept paypal.  dealing with the risks will become another task, hopefully outweighed by the increase in business
Yeah, some people out there don't have credit card. ^_^