From owner-freebsd-net@FreeBSD.ORG  Wed Jun 27 00:28:20 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AFFA616A421;
	Wed, 27 Jun 2007 00:28:19 +0000 (UTC)
	(envelope-from ecrist@secure-computing.net)
Received: from snipe.secure-computing.net (snipe.secure-computing.net
	[209.240.66.149])
	by mx1.freebsd.org (Postfix) with ESMTP id 57E9213C458;
	Wed, 27 Jun 2007 00:28:19 +0000 (UTC)
	(envelope-from ecrist@secure-computing.net)
Received: from [192.168.1.2] (unknown [209.240.66.157])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ecrist@secure-computing.net)
	by snipe.secure-computing.net (Postfix) with ESMTP id C660F1702D;
	Tue, 26 Jun 2007 19:28:18 -0500 (CDT)
In-Reply-To: <4681AA8D.8050009@freebsd.org>
References: <39D6F9D8-3A2C-4AD7-9FA4-0024E304194A@secure-computing.net>	<468011FC.4050308@FreeBSD.org>	<7731B558-35C7-4E22-A40D-8BCE208AFD6A@secure-computing.net>	<468063F6.2050303@FreeBSD.org>	<8AA398FC-A753-4BB8-A93F-224FDDCE41BA@secure-computing.net>	<46818609.3080202@freebsd.org>
	<B43A4B9D-4CB9-435B-94E9-766647CD8776@secure-computing.net>
	<4681AA8D.8050009@freebsd.org>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <B9917511-D6BF-4EFB-A668-EA4B7704072C@secure-computing.net>
Content-Transfer-Encoding: 7bit
From: Eric F Crist <ecrist@secure-computing.net>
Date: Tue, 26 Jun 2007 19:28:16 -0500
To: Bruce A. Mah <bmah@freebsd.org>
X-Mailer: Apple Mail (2.752.3)
Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" <bms@freebsd.org>
Subject: Re: IPv6 Woes...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2007 00:28:20 -0000

On Jun 26, 2007, at 7:08 PMJun 26, 2007, Bruce A. Mah wrote:

> If memory serves me right, Eric F Crist wrote:
>> On Jun 26, 2007, at 4:32 PMJun 26, 2007, Bruce A. Mah wrote:
>
> [big snip]
>
>>> I wonder if the problem I've seen with bridge(4) might be related to
>>> your IPv6 problems (since you're terminating the tunnel on your
>>> firewall).  If so, maybe switching to if_bridge(4) as I've described
>>> above might help things.
>>>
>>> In any case, good luck!
>>
>> Bruce! Thanks for all the help!  That did the trick!  Only one more
>> thing that's holding me up.
>
> Cool...I was half-guessing on this one.
[snip]
> This is a little odd.  If you switched to using if_bridge for  
> bridging,
> I would have expected to see bridge0 as one of your links.  Is it not
> configured for IPv6?  In my setup, the physical interfaces in the  
> bridge
> are also unnumbered with respect to IPv6 as well (and the gateway
> machine's IPv6 address gets assigned to the bridge0 interface).

The bridge0 interface is there (not in routing table), but it doesn't  
have anything assigned.  Seems to be working great for IPv4 and IPv6  
right now, aside from not being able to connect to that aliased v6  
address...

> I'm not sure what bearing this has on the question you really asked,
> which was about assigning another IPv6 address to an interface.  It's
> not real obvious to me what the problem is there...at least from the
> routing table everything looks OK.
>
> What about the neighbor table ("ndp -a")?  On the gateway, ndp -a  
> should
> show entries for the two IPv6 addresses you assigned.  On one of your
> LAN hosts (which I'm assuming are some *nix flavor), if you ping  
> the two
> addresses of your gateway machine, you should then get entries in the
> NDP table for both those addresses as well.
>

Here's the output of the command you asked for.  I pinged the hosts  
on my network so there was more data to review:

 > ndp -a
Neighbor                             Linklayer Address  Netif  
Expire    S Flags
2001:4980:1::5                       (incomplete)        gif0  
23h51m15s S R
2001:4980:1::6                       (incomplete)        gif0  
permanent R
2001:4980:1:111::1                   0:6:5b:5:30:19      fxp0  
permanent R
2001:4980:1:111::145                 0:6:5b:5:30:19      fxp0  
permanent R
2001:4980:1:111::147                 0:6:5b:38:2e:82     fxp0  
1d0h0m0s  S
2001:4980:1:111::148                 0:12:17:51:f6:e9    fxp0  
23h59m58s S
2001:4980:1:111::149                 0:12:17:4d:da:87    fxp0  
9s        R
2001:4980:1:111::150                 0:6:5b:8b:8:d3      fxp0  
2s        R
fe80::206:5bff:fe05:3019%fxp0        0:6:5b:5:30:19      fxp0  
permanent R
fe80::206:5bff:fe05:301a%fxp1        0:6:5b:5:30:1a      fxp1  
permanent R
fe80::1%lo0                          (incomplete)         lo0  
permanent R
fe80::206:5bff:fe05:3019%gif0        (incomplete)        gif0  
permanent R
fe80::206:5bff:fe05:3019%tun0        (incomplete)        tun0  
permanent R

Thanks again!
-----
Eric F Crist
Secure Computing Networks