Date: Sat, 11 Mar 2000 02:50:28 +0900 From: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp> To: dick@tar.com Cc: itojun@iijlab.net, current@freebsd.org Subject: Re: IPv6: can a link-site (or global) address be configured in rc.conf? Message-ID: <20000311025028W.shin@nd.net.fujitsu.co.jp> In-Reply-To: <20000310094435.K302@tar.com> References: <20000310200904T.shin@nd.net.fujitsu.co.jp> <20000310073508.I302@tar.com> <20000310094435.K302@tar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > 6to4 support seems to be very important for initial IPv6 > > > deployment on FreeBSD4.0, so I tried small additinal patches > > > to make it available. And It seems to work. > > > > > > Could some FreeBSD4.0 user with direct internet connectivity > > > please try this patches and try to ping6 to my host's 6to4 > > > address? > > > The procedure is, > > > > For the benefit of the lists, and confirming private mail I sent, > > ping6 works using the second of the patches sent (I didn't try the > > first). Thanks very much for your confirmations! > Ok. In addition to your instructions I also configured the > box as an IPv6 router (using the rc.conf switches) and > used a prefix of 2002:cc5f:bb02::0/64 on the interior > ethernet interface de0 with 2002:cc5f:bb02::1/16 on stf0. I'm > not sure if this is quite right. Maybe it is OK. > Anyway, I can ping6 to 2002:cbb2:8dd8::1 from my interior ipv6 > box as well as from the router box. I also configured DNS > for the two boxes, assigning ipv6 addresses to test.ipv6.tar.com > and ns.ipv6.tar.com. One of my DNS secondaries does not update > immediately on notification, so you might not get the ipv6 > resolution until it updates on schedule if you happen to query > that box. However, once all the secondaries are up, i hope > you can ping6 to both ns.ipv6.tar.com (router) and > test.ipv6.tar.com (interior). Yes I could successfully ping them! % ping6 test.ipv6.tar.com PING6(56=40+8+8 bytes) 2002:cbb2:8dd8::1 --> 2002:cc5f:bb02:0:2a0:c9ff:feb1:23ae 16 bytes from 2002:cc5f:bb02:0:2a0:c9ff:feb1:23ae, icmp_seq=0 hlim=63 time=715.85 ms 16 bytes from 2002:cc5f:bb02:0:2a0:c9ff:feb1:23ae, icmp_seq=1 hlim=63 time=426.515 ms ^C --- test.ipv6.tar.com ping6 statistics --- 3 packets transmitted, 2 packets received, 33% packet loss round-trip min/avg/max = 426.515/571.182/715.85 ms % ping6 ns.ipv6.tar.com PING6(56=40+8+8 bytes) 2002:cbb2:8dd8::1 --> 2002:cc5f:bb02:0:200:c0ff:fe34:41c6 16 bytes from 2002:cc5f:bb02:0:200:c0ff:fe34:41c6, icmp_seq=0 hlim=64 time=396.449 ms 16 bytes from 2002:cc5f:bb02:0:200:c0ff:fe34:41c6, icmp_seq=1 hlim=64 time=363.181 ms ^C --- ns.ipv6.tar.com ping6 statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 363.181/379.815/396.449 ms > I also had to adjust my ipv4 firewall rules to allow protocol > ipv6 through. Strange that I didn't have to do that when > doing a gif tunnel to freenet6.net. Also, what do I have to > do to enable ip6fw? Wmmm, it is strange that freenet6 was OK. About ip6fw, I think you can enable ip6fw over 6to4 by specifying "via stf" for each rules for IPv6. Here are some examples. (I belive following examples will work, but not tested yet.) If you want to allow 1:2:3::/48, add 10 allow ipv6 from 1:2:3:::/48 to any via stf* in add 15 allow ipv6 from any to 1:2:3::/48 via stf* out If you want to allow only ssh from 3:4:5::/48 outside to 6:7:8:9::/64 inside, (stf0 below can be stf*. Choosed it just for variety.) add 700 allow tcp from 3:4:5::/48 to 6:7:8:9::/64 ssh via stf0 in add 800 allow tcp from 6:7:8:9::/64 ssh to 3:4:5::/48 via stf0 out By the way, I'm now very much interested in next round of test, that non 6to4 IPv6 prefix routing via 6to4 cloud. Could you please assign some non 6to4 prefix inside your environment? If your non 6to4 prefix is 1:2:3:4::/64 for example, then I would like to configure a route for it, like below. route add -inet6 1:2:3:4:: -prefixlen 64 2002:cc5f:bb02::1 And my non 6to4 prefix is 3ffe:501:4819:2000::/64. So please assigne following route. route add -inet6 3ffe:501:4819:2000:: -prefixlen 64 2002:cbb2:8dd8::1 Then I believe I can ping to some of your non 6to4 addresses from my non 6to4 address. Also, I think you can ping to my non 6to4 addr, 3ffe:501:4819:2000:210:5aff:fe86:b65a, from your non 6to4 address. Thanks, Yoshinobu Inoue To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000311025028W.shin>