From owner-freebsd-net@FreeBSD.ORG Sat Nov 1 03:23:03 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E37DEEE9 for ; Sat, 1 Nov 2014 03:23:03 +0000 (UTC) Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AC0ACECD for ; Sat, 1 Nov 2014 03:23:03 +0000 (UTC) Received: by mail-ig0-f172.google.com with SMTP id a13so2043761igq.11 for ; Fri, 31 Oct 2014 20:23:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=ni94mpPSQNeNNS1AjLdI5j4Viyxi2Xu+l6HTtCidghc=; b=slTguRf+6rIEyi+/1KgetoZ5RP5tbDY5FF8MvjhoWob3lgCgM/fBD47Afrouqef844 pQKacaqN8UQ92yUzexZa75yO6KsHkc91U5O27ok6ZupjhdijGHyAIBUVetmnG9ko0SJx I8D7OB+uLybkhZRPw0Lq6wf8N/muBbqMF3AeJqByHL67M4mscbKGjIPU/BhekhEDus5o uQ2dzj0XQUaL5K+Ljh09DzgcojPEC0/CSK2wutCPoCgePLYIODHPLBhy7/+jsLscEDAN 1CcsRZdKRhQH+7D1u2kzw7DEIRTlOruFmr/jG3xDIg3eD/75FYrU88zTFzgkdKd24Cd9 JoHA== MIME-Version: 1.0 X-Received: by 10.43.75.138 with SMTP id za10mr27840465icb.23.1414812182976; Fri, 31 Oct 2014 20:23:02 -0700 (PDT) Received: by 10.64.9.33 with HTTP; Fri, 31 Oct 2014 20:23:02 -0700 (PDT) Date: Fri, 31 Oct 2014 23:23:02 -0400 Message-ID: Subject: Help with IPv6 router gateway config, Comcast, DHCP, dnsmasq From: Chris Inacio To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2014 03:23:04 -0000 Hello all, I've tried to find this information in so many ways, but I just can't piece it together, maybe my Google fu is failing me. I have my router/gateway device running FreeBSD 10p11 - so its up to date. On my internal network interface, re1, I'm using dnsmasq to serve both IPv4 DHCP and current private network IPv6 (fc00::). I can successfully configure my public interface (re0) to get IPv6 information from Comcast. I'm getting both a /128 NA for the interface as well as a prefix /64 to allocate IPv6 addresses. The problem is that I get the /64 via dhcp6c operating on my re0 interface, and then I can't figure out how to pass that information to dnsmasq to use it for my internal network. I could only see the /64 by running dhcp6c in foreground+debug mode. Is there a simple solution to this? I'm okay with variations such as "stop using dhcp6c to get the /64 prefix and add `XXXXX` to dnsmasq to do it" or "use dhcp6s to serve the /64 prefix". I am currently having a few issues with dnsmasq, but generally, I still like it. (It keeps crashing with signal 11, but I'm using the version from pkg which doesn't call out to an init script.) But the way dnsmasq handles DHCP, local DNS, and support DNSSEC I like a lot. I find the man pages for dhcp6 pretty awful. The man pages describe the options - but not being able to find what /64 is assigned to dhcp6c other than running in debug mode seems crazy. My configs are really basic. dhcp6c.conf: interface re0 { send ia-pd 0; send ia-na 1; }; id-assoc na 1 { }; id-assoc pd { prefix ::/56 infinity; prefix-interface re0 { sla-len 4; sla-id 1; }; }; dnsmasq.conf: interface=re1 dhcp-range=re1,192.168.1.1,192.168.1.150,255.255.255.0,12h domain-needed bogus-priv resolv-file=/usr/local/etc/dnsmasq-resolv.conf # # serve up our own name # interface-name=aticusjr,re1 # # enable DNSSEC # conf-file=/usr/local/share/dnsmasq/trust-anchors.conf dnssec dnssec-check-unsigned # # do IPv6 router advertisements for internal network # dhcp-range=::,constructor:re1,ra-only enable-ra Any help would be greatly appreciated. thanks Chris