Date: Mon, 25 Jun 2007 20:11:34 -0500 From: Eric F Crist <ecrist@secure-computing.net> To: Bruce M. Simpson <bms@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: IPv6 Woes... Message-ID: <8AA398FC-A753-4BB8-A93F-224FDDCE41BA@secure-computing.net> In-Reply-To: <468063F6.2050303@FreeBSD.org> References: <39D6F9D8-3A2C-4AD7-9FA4-0024E304194A@secure-computing.net> <468011FC.4050308@FreeBSD.org> <7731B558-35C7-4E22-A40D-8BCE208AFD6A@secure-computing.net> <468063F6.2050303@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 25, 2007, at 7:55 PMJun 25, 2007, Bruce M. Simpson wrote: > Eric F Crist wrote: >> >> My problem isn't getting out to 2001:4980:1::5, it's getting to my >> LAN, the 2001:4980:1:111::/64 network. My gateway, the machine >> from which I posted the routing and ifconfig information, is able >> to ping across the tunnel, and to the internet just fine. Nothing >> is able to get from the gateway to my LAN, however. Is it a >> problem with the fxp driver, or perhaps my setup with the ethernet >> bridging? > > You appear to have a /64 network address on the inside of your v6 > router. Are you using stateless address auto-configuration? You > appear to have statically assigned ....::145 as a host address on > that net. > > My setup works fine if I ping the network address of my v6 router > from the v6 enabled hosts in my lab. > > When you ping local machines on the inside LAN from that router, do > you see NDP entries being created? > > You shouldn't need to use bridging to achieve what you want in this > scenario, in fact it makes no sense because you want to route v6 > traffic over the gif, therefore ethernet bridging is not relevant > here. > Bruce, First, thanks for taking time to help me through this. Here's some more information regarding the topography of my network. My FBSD firewall is running with 'options BRIDGE' in the kernel, and the following two lines in /etc/sysctl.conf: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=fxp0,fxp1 This is so that I don't have to do routing on my firewall. I have a IPv4 /28 network, so a limited number of IP addresses, this saves one of those. This system is filtering traffic with PF. That's really the only reason for the bridging. Also, it does allow me to do traffic shaping and bandwidth monitoring. This bridging stuff really, as you said, has nothing to do with my IPv6 configuration issues. In addition, this gateway/firewall gets the gateway part from the duties I'm assigning regarding the IPv6 stuff. This box has the gif tunnel, and will route all my IPv6 traffic. I would have my primary router perform this, but it's not currently supported, as I have an over-priced POS. Regarding my addressing, you're right, I am statically assigning IP addresses. My current scheme is to simply use the last octet of my IPv4 address. As I said in my previous email, all of my other servers are communicating just fine across IPv6. The only machine I'm having problems with is my firewall machine, the one I want to be my gateway. TIA, please ask if there are further questions. ----- Eric F Crist Secure Computing Networks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8AA398FC-A753-4BB8-A93F-224FDDCE41BA>