From owner-freebsd-net@FreeBSD.ORG Wed Jun 27 00:08:49 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 348FB16A400; Wed, 27 Jun 2007 00:08:49 +0000 (UTC) (envelope-from bmah@freebsd.org) Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by mx1.freebsd.org (Postfix) with ESMTP id 17F3113C45A; Wed, 27 Jun 2007 00:08:49 +0000 (UTC) (envelope-from bmah@freebsd.org) Received: from bmah.local (hornet.kitchenlab.org [64.142.31.105]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id l5R08mOn003414 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Jun 2007 17:08:48 -0700 Message-ID: <4681AA8D.8050009@freebsd.org> Date: Tue, 26 Jun 2007 17:08:45 -0700 From: "Bruce A. Mah" User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604) MIME-Version: 1.0 To: Eric F Crist References: <39D6F9D8-3A2C-4AD7-9FA4-0024E304194A@secure-computing.net> <468011FC.4050308@FreeBSD.org> <7731B558-35C7-4E22-A40D-8BCE208AFD6A@secure-computing.net> <468063F6.2050303@FreeBSD.org> <8AA398FC-A753-4BB8-A93F-224FDDCE41BA@secure-computing.net> <46818609.3080202@freebsd.org> In-Reply-To: X-Enigmail-Version: 0.95.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig6E2673EFBA427C1D67C0D801" Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" Subject: Re: IPv6 Woes... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 00:08:49 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6E2673EFBA427C1D67C0D801 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable If memory serves me right, Eric F Crist wrote: > On Jun 26, 2007, at 4:32 PMJun 26, 2007, Bruce A. Mah wrote: [big snip] >> I wonder if the problem I've seen with bridge(4) might be related to >> your IPv6 problems (since you're terminating the tunnel on your >> firewall). If so, maybe switching to if_bridge(4) as I've described >> above might help things. >> >> In any case, good luck! >=20 > Bruce! Thanks for all the help! That did the trick! Only one more =20 > thing that's holding me up. Cool...I was half-guessing on this one. > On my gateway, I've got 2001:4980:1:111::145/64 as the primary IP =20 > address. In addition, I've got 2001:4980:1:111::1/128 as an alias. =20 > I can ping/connect to the xxx:145 address, but not the xxx:1 =20 > address. What did I configure wrong? Here's the output of netstat -=20 > r -f inet6: >=20 > Routing tables >=20 > Internet6: > Destination Gateway =20 > Flags Refs Use Mtu Netif Expire > :: localhost.secure-computing.net =20 > UGRS 0 0 16384 lo0 =3D> > default 2001:4980:1::5 =20 > UGS 0 0 1280 gif0 > localhost.secure-computing.net localhost.secure-computing.net =20 > UHL 5 0 16384 lo0 > ::ffff:0.0.0.0 localhost.secure-computing.net =20 > UGRS 0 0 16384 lo0 > 2001:4980:1::4 link#7 =20 > UC 0 0 1280 gif0 > 2001:4980:1::5 link#7 =20 > UHLW 2 4 1280 gif0 > 2001:4980:1::6 link#7 =20 > UHL 1 4 1280 lo0 > 2001:4980:1:111:: link#1 =20 > UC 0 1 1500 fxp0 > 2001:4980:1:111::1 00:06:5b:05:30:19 =20 > UHL 1 4 1500 lo0 > 2001:4980:1:111::145 00:06:5b:05:30:19 =20 > UHL 2 4 1500 lo0 > 2001:4980:1:111::147 00:06:5b:38:2e:82 =20 > UHLW 1 14 1500 fxp0 > fe80:: localhost.secure-computing.net =20 > UGRS 0 0 16384 lo0 > fe80::%fxp0 link#1 =20 > UC 0 0 1500 fxp0 > fe80::206:5bff:fe05:3019%fxp0 00:06:5b:05:30:19 =20 > UHL 1 0 1500 lo0 > fe80::%fxp1 link#2 =20 > UC 0 0 1500 fxp1 > fe80::206:5bff:fe05:301a%fxp1 00:06:5b:05:30:1a =20 > UHL 1 0 1500 lo0 > fe80::%lo0 fe80::1%lo0 =20 > U 0 0 16384 lo0 > fe80::1%lo0 link#3 =20 > UHL 1 0 16384 lo0 > fe80::%gif0 link#7 =20 > UC 0 0 1280 gif0 > fe80::206:5bff:fe05:3019%gif0 link#7 =20 > UHL 1 0 1280 lo0 > fe80::%tun0 link#8 =20 > UC 0 0 1500 tun0 > fe80::206:5bff:fe05:3019%tun0 link#8 =20 > UHL 1 0 1500 lo0 > ff01:1:: link#1 =20 > UC 0 0 1500 fxp0 > ff01:2:: link#2 =20 > UC 0 0 1500 fxp1 > ff01:3:: localhost.secure-computing.net =20 > UC 0 0 16384 lo0 > ff01:7:: link#7 =20 > UC 0 0 1280 gif0 > ff01:8:: link#8 =20 > UC 0 0 1500 tun0 > ff02:: localhost.secure-computing.net =20 > UGRS 0 0 16384 lo0 > ff02::%fxp0 link#1 =20 > UC 0 0 1500 fxp0 > ff02::%fxp1 link#2 =20 > UC 0 0 1500 fxp1 > ff02::%lo0 localhost.secure-computing.net =20 > UC 0 0 16384 lo0 > ff02::%gif0 link#7 =20 > UC 0 0 1280 gif0 > ff02::%tun0 link#8 =20 > UC 0 0 1500 tun0 This is a little odd. If you switched to using if_bridge for bridging, I would have expected to see bridge0 as one of your links. Is it not configured for IPv6? In my setup, the physical interfaces in the bridge are also unnumbered with respect to IPv6 as well (and the gateway machine's IPv6 address gets assigned to the bridge0 interface). I'm not sure what bearing this has on the question you really asked, which was about assigning another IPv6 address to an interface. It's not real obvious to me what the problem is there...at least from the routing table everything looks OK. What about the neighbor table ("ndp -a")? On the gateway, ndp -a should show entries for the two IPv6 addresses you assigned. On one of your LAN hosts (which I'm assuming are some *nix flavor), if you ping the two addresses of your gateway machine, you should then get entries in the NDP table for both those addresses as well. Bruce. --------------enig6E2673EFBA427C1D67C0D801 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgaqN2MoxcVugUsMRAg7+AJ4urIpTADBqvhhlTM3R4dcJ3JzY7ACgtsE+ eTLMm48bhUiQ7SWvwmXPDi8= =x6Qz -----END PGP SIGNATURE----- --------------enig6E2673EFBA427C1D67C0D801--