Date: Mon, 27 Aug 2012 20:06:25 +0200 From: Christian Laursen <xi@borderworlds.dk> To: freebsd-stable@freebsd.org Subject: Re: IPv6 default route. Can't see the wood for the trees. Message-ID: <503BB721.9000108@borderworlds.dk> In-Reply-To: <503BA51E.4030103@libeljournal.com> References: <503BA51E.4030103@libeljournal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/27/12 18:49, John Hawkes-Reed wrote: > BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. > IP4 works. > > IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box. > > However, while LAN clients (XP, OSX) manage to acquire addresses with > the right prefix, the autoconfigured default route is a link-local > address. Some bits of the internet think that's ok. Other bits don't. Bits of the internet does not see anything about whether your default gateway is link-local or not and do not care. The default gateway on the box that I'm writing this from is link-local and IPv6 works quite nicely. > Trying to ping6/traceroute6 out to (say) Google works on the BSD box, > but not on the clients. > > Do I need to be running a routing daemon, or is there some ip6 > handwaving I'm missing? If you are running pf or another firewall, you should have rules that allow traffic to pass through. > rc.conf: > > (I'm not convinced that obfuscating the addresses is worth the confusion) > > ipv6_gateway_enable="YES" > ip6addrctl_verbose="YES" > rtadvd_enable="YES" > rtadvd_interfaces="rl0" > ipv6_cpe_wanif="pcn0" > ipv6_defaultrouter="2001:470:1f0a:b5a::1" > gif_interfaces="gif0" > gifconfig_gif0="192.168.1.100 216.66.80.30" > ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 > prefixlen 128" > ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" > ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed it and I run a setup similar to what you describe. -- Christian Laursen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503BB721.9000108>