Date: Tue, 26 Jun 2007 17:08:45 -0700 From: "Bruce A. Mah" <bmah@freebsd.org> To: Eric F Crist <ecrist@secure-computing.net> Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" <bms@freebsd.org> Subject: Re: IPv6 Woes... Message-ID: <4681AA8D.8050009@freebsd.org> In-Reply-To: <B43A4B9D-4CB9-435B-94E9-766647CD8776@secure-computing.net> References: <39D6F9D8-3A2C-4AD7-9FA4-0024E304194A@secure-computing.net> <468011FC.4050308@FreeBSD.org> <7731B558-35C7-4E22-A40D-8BCE208AFD6A@secure-computing.net> <468063F6.2050303@FreeBSD.org> <8AA398FC-A753-4BB8-A93F-224FDDCE41BA@secure-computing.net> <46818609.3080202@freebsd.org> <B43A4B9D-4CB9-435B-94E9-766647CD8776@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6E2673EFBA427C1D67C0D801
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
If memory serves me right, Eric F Crist wrote:
> On Jun 26, 2007, at 4:32 PMJun 26, 2007, Bruce A. Mah wrote:
[big snip]
>> I wonder if the problem I've seen with bridge(4) might be related to
>> your IPv6 problems (since you're terminating the tunnel on your
>> firewall). If so, maybe switching to if_bridge(4) as I've described
>> above might help things.
>>
>> In any case, good luck!
>=20
> Bruce! Thanks for all the help! That did the trick! Only one more =20
> thing that's holding me up.
Cool...I was half-guessing on this one.
> On my gateway, I've got 2001:4980:1:111::145/64 as the primary IP =20
> address. In addition, I've got 2001:4980:1:111::1/128 as an alias. =20
> I can ping/connect to the xxx:145 address, but not the xxx:1 =20
> address. What did I configure wrong? Here's the output of netstat -=20
> r -f inet6:
>=20
> Routing tables
>=20
> Internet6:
> Destination Gateway =20
> Flags Refs Use Mtu Netif Expire
> :: localhost.secure-computing.net =20
> UGRS 0 0 16384 lo0 =3D>
> default 2001:4980:1::5 =20
> UGS 0 0 1280 gif0
> localhost.secure-computing.net localhost.secure-computing.net =20
> UHL 5 0 16384 lo0
> ::ffff:0.0.0.0 localhost.secure-computing.net =20
> UGRS 0 0 16384 lo0
> 2001:4980:1::4 link#7 =20
> UC 0 0 1280 gif0
> 2001:4980:1::5 link#7 =20
> UHLW 2 4 1280 gif0
> 2001:4980:1::6 link#7 =20
> UHL 1 4 1280 lo0
> 2001:4980:1:111:: link#1 =20
> UC 0 1 1500 fxp0
> 2001:4980:1:111::1 00:06:5b:05:30:19 =20
> UHL 1 4 1500 lo0
> 2001:4980:1:111::145 00:06:5b:05:30:19 =20
> UHL 2 4 1500 lo0
> 2001:4980:1:111::147 00:06:5b:38:2e:82 =20
> UHLW 1 14 1500 fxp0
> fe80:: localhost.secure-computing.net =20
> UGRS 0 0 16384 lo0
> fe80::%fxp0 link#1 =20
> UC 0 0 1500 fxp0
> fe80::206:5bff:fe05:3019%fxp0 00:06:5b:05:30:19 =20
> UHL 1 0 1500 lo0
> fe80::%fxp1 link#2 =20
> UC 0 0 1500 fxp1
> fe80::206:5bff:fe05:301a%fxp1 00:06:5b:05:30:1a =20
> UHL 1 0 1500 lo0
> fe80::%lo0 fe80::1%lo0 =20
> U 0 0 16384 lo0
> fe80::1%lo0 link#3 =20
> UHL 1 0 16384 lo0
> fe80::%gif0 link#7 =20
> UC 0 0 1280 gif0
> fe80::206:5bff:fe05:3019%gif0 link#7 =20
> UHL 1 0 1280 lo0
> fe80::%tun0 link#8 =20
> UC 0 0 1500 tun0
> fe80::206:5bff:fe05:3019%tun0 link#8 =20
> UHL 1 0 1500 lo0
> ff01:1:: link#1 =20
> UC 0 0 1500 fxp0
> ff01:2:: link#2 =20
> UC 0 0 1500 fxp1
> ff01:3:: localhost.secure-computing.net =20
> UC 0 0 16384 lo0
> ff01:7:: link#7 =20
> UC 0 0 1280 gif0
> ff01:8:: link#8 =20
> UC 0 0 1500 tun0
> ff02:: localhost.secure-computing.net =20
> UGRS 0 0 16384 lo0
> ff02::%fxp0 link#1 =20
> UC 0 0 1500 fxp0
> ff02::%fxp1 link#2 =20
> UC 0 0 1500 fxp1
> ff02::%lo0 localhost.secure-computing.net =20
> UC 0 0 16384 lo0
> ff02::%gif0 link#7 =20
> UC 0 0 1280 gif0
> ff02::%tun0 link#8 =20
> UC 0 0 1500 tun0
This is a little odd. If you switched to using if_bridge for bridging,
I would have expected to see bridge0 as one of your links. Is it not
configured for IPv6? In my setup, the physical interfaces in the bridge
are also unnumbered with respect to IPv6 as well (and the gateway
machine's IPv6 address gets assigned to the bridge0 interface).
I'm not sure what bearing this has on the question you really asked,
which was about assigning another IPv6 address to an interface. It's
not real obvious to me what the problem is there...at least from the
routing table everything looks OK.
What about the neighbor table ("ndp -a")? On the gateway, ndp -a should
show entries for the two IPv6 addresses you assigned. On one of your
LAN hosts (which I'm assuming are some *nix flavor), if you ping the two
addresses of your gateway machine, you should then get entries in the
NDP table for both those addresses as well.
Bruce.
--------------enig6E2673EFBA427C1D67C0D801
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGgaqN2MoxcVugUsMRAg7+AJ4urIpTADBqvhhlTM3R4dcJ3JzY7ACgtsE+
eTLMm48bhUiQ7SWvwmXPDi8=
=x6Qz
-----END PGP SIGNATURE-----
--------------enig6E2673EFBA427C1D67C0D801--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4681AA8D.8050009>