On Thu, Jun 01, 2017 at 07:42:51AM -0500, Michael Graves wrote:
> Hello
>
> [...]
>
> The problem that I cannot explain is when I ping from obsd01 vether0 to
> obsd02 vether0 and I do a tcpdump on rtbsd vio0 I never see any IGMP packets
> from the obsd01/02 system, but I do see VXLAN packets. However the
> destination MAC address is broadcast (all ff's) and not a multicast address
> like I would expect. Side note, the TTL on the packets is 10 and matches the
> tunnelttl setting.
>
> If anyone has an idea of what I am doing wrong I would appreciate a pointer
> in the right direction.
>
my guess would be IGMP uses IP-Options. and by default, pf doesn't allow
them.
you should try using the following in pf.conf:
set skip lo
block log
pass allow-opts
the "allow-opts" will make IPv4 wit IP options to be allowed. The fact
to have a block log just before would permit you to check if pf is
blocking some other thing "by default" using tcpdump -i pflog0 -n.
--
Sebastien Marie
No comments:
Post a Comment