Re: IPv6 Woes...
- From: "Bruce A. Mah" <bmah@xxxxxxxxxxx>
- Date: Tue, 26 Jun 2007 14:32:57 -0700
If memory serves me right, Eric F Crist wrote:
On Jun 25, 2007, at 7:55 PMJun 25, 2007, Bruce M. Simpson wrote:
Eric F Crist wrote:
My problem isn't getting out to 2001:4980:1::5, it's getting to myYou appear to have a /64 network address on the inside of your v6
LAN, the 2001:4980:1:111::/64 network. My gateway, the machine
from which I posted the routing and ifconfig information, is able
to ping across the tunnel, and to the internet just fine. Nothing
is able to get from the gateway to my LAN, however. Is it a
problem with the fxp driver, or perhaps my setup with the ethernet
bridging?
router. Are you using stateless address auto-configuration? You
appear to have statically assigned ....::145 as a host address on
that net.
My setup works fine if I ping the network address of my v6 router
from the v6 enabled hosts in my lab.
When you ping local machines on the inside LAN from that router, do
you see NDP entries being created?
Hi Eric--
First note that I'm a different Bruce than the chap who's been helping
thus far. :-)
BTW, use "ndp -a" to see this.
You shouldn't need to use bridging to achieve what you want in this
scenario, in fact it makes no sense because you want to route v6
traffic over the gif, therefore ethernet bridging is not relevant
here.
I'm not quite so sure about this...see below.
First, thanks for taking time to help me through this. Here's some
more information regarding the topography of my network. My FBSD
firewall is running with 'options BRIDGE' in the kernel, and the
following two lines in /etc/sysctl.conf:
net.link.ether.bridge.enable=1
net.link.ether.bridge.config=fxp0,fxp1
Your setup is not *too* different from what I have at home in terms of
network topology and what you hope to accomplish. (I have a Soekris
net4801 run 6.2-STABLE and acting as a filtering bridge between an IPv4
/29 and the rest of the Internet, and also terminating a gif(4) tunnel
for IPv6.)
This is so that I don't have to do routing on my firewall. I have a
IPv4 /28 network, so a limited number of IP addresses, this saves one
of those. This system is filtering traffic with PF. That's really
the only reason for the bridging. Also, it does allow me to do
traffic shaping and bandwidth monitoring. This bridging stuff
really, as you said, has nothing to do with my IPv6 configuration
issues.
I think the biggest difference between your network and mine is that
rather than using options BRIDGE I'm using the if_bridge(4) driver
between my "inside" and "outside" network interfaces. The physical
interfaces in the bridge are unnumbered and the if_bridge
pseudo_interface has IPv4 and IPv6 addresses.
The main reason for doing this is that I've seen that bridge(4) can have
difficulty determining the correct physical interface to use for packets
that originate on the bridging host. I recall having this problem with
pfnat. (I don't remember the exact details, but I did some postings to
the m0n0wall mailing lists on this topic some time ago...your favorite
search engine can probably help find these messages.)
I wonder if the problem I've seen with bridge(4) might be related to
your IPv6 problems (since you're terminating the tunnel on your
firewall). If so, maybe switching to if_bridge(4) as I've described
above might help things.
In any case, good luck!
Bruce.
Attachment:
signature.asc
Description: OpenPGP digital signature
- Follow-Ups:
- Re: IPv6 Woes...
- From: Eric F Crist
- Re: IPv6 Woes...
- References:
- IPv6 Woes...
- From: Eric F Crist
- Re: IPv6 Woes...
- From: Bruce M. Simpson
- Re: IPv6 Woes...
- From: Eric F Crist
- Re: IPv6 Woes...
- From: Bruce M. Simpson
- Re: IPv6 Woes...
- From: Eric F Crist
- IPv6 Woes...
- Prev by Date: libalias / ng_nat memory leak
- Next by Date: Re: IPv6 Woes...
- Previous by thread: Re: IPv6 Woes...
- Next by thread: Re: IPv6 Woes...
- Index(es):
Relevant Pages
|
