Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: ajr on September 18, 2024, 05:37:22 PM

Title: <interface>:network contains only 1 net on dual stack interface
Post by: ajr on September 18, 2024, 05:37:22 PM
Some nets have both an IP4 and an IP6 address.
Looking at the rule set with pfctl shows only 1 net.

E.g.
  pass in quick on vlan010 inet from (vlan010:network:1) to (vlan011:network:1)

What could be the reason?
Both addresses are static.

IP6 addresses come from a openvpn tunnel, which may be not yet established wenn pf starts.
Other addresses come via DHCP6.

Should I use aliases instead of <if>:network ?
Title: Re: <interface>:network contains only 1 net on dual stack interface
Post by: franco on September 18, 2024, 08:12:05 PM
Because ":1" selects the first address only.


Cheers,
Franco
Title: Re: <interface>:network contains only 1 net on dual stack interface [resolved]
Post by: ajr on September 18, 2024, 10:33:13 PM
I see:
the GUI "<interface> net" rule is split by pf into 2 rules, one for IP4 and one for IP6:
  pass in quick on vlan010 inet from (vlan010:network:1) to (vlan011:network:1) flags
  pass in quick on vlan010 inet6 from (vlan010:network:1) to (vlan011:network:1) flags
Each of them relates to only 1 net.

Thanks, Franco.
Ajr
Text only | Text with Images