Date: Fri, 10 Jul 2020 13:22:02 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Jon Radel <jon@radel.com> Cc: freebsd-questions@freebsd.org Subject: Re: trouble setting up ipv6 Message-ID: <5F08A3BA.8060401@gmail.com> In-Reply-To: <a8339776-478e-2274-428e-5f451c06f0dc@radel.com> References: <5F088CAE.2090400@gmail.com> <a8339776-478e-2274-428e-5f451c06f0dc@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Radel wrote:
> On 7/10/20 11:43, Ernie Luzar wrote:
>> ping6 -c 1 ipv6.google.com
>>
>> responds with this
>>
>> ping6: UDP connect: No route to host
>>
>>
>> Any idea why?
>>
> Leading guess around these parts would be that you don't have IPv6
> configured properly. Does it work for anything?Â
>
> To narrow it down a bit to something useful, why don't you do the usual
> steps, such as sharing your network configuration and current IPv6
> routing table, the results of pinging your IPv6 gateway, etc., etc.
>
>
rc.conf
ifconfig_vtnet0="DHCP"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
gateway_enable="YES"
ipv6_gateway_enable="YES"
:/etc#ifconfig -a
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether f2:3c:92:bc:54:37
inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1
inet6 2600:3c02::f03c:92ff:febc:5437 prefixlen 64 autoconf
inet xxx.xxx.33.221 netmask 0xffffff00 broadcast xx.x.xx.xx
media: Ethernet 10Gbase-T <full-duplex>
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
:/etc#netstat -nr6
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#2 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2600:3c02::/64 link#1 U vtnet0
2600:3c02::f03c:92ff:febc:1 link#3 UHS lo0
2600:3c02::f03c:92ff:febc:5437 link#1 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%vtnet0/64 link#1 U vtnet0
fe80::f03c:92ff:febc:5437%vtnet0 link#1 UHS lo0
fe80::%lo0/64 link#2 U lo0
fe80::1%lo0 link#2 UHS lo0
fe80::%epair0a/64 link#4 U epair0a
fe80::ad:7fff:fe8d:820a%epair0a link UHS lo0
fe80::%epair1a/64 link#5 U epair1a
fe80::c0:11ff:fee6:990a%epair1a link#5 UHS lo0
ff02::/16 ::1 UGRS lo0
ipf.rules
# There is fixed bug about ipv6 and keep state not working together
# This fixed bug is not included in 12.1.
# No rules with ipv6 and keep state allowed at this time.
pass out quick inet6 proto icmp6 from any to any
# Allow out access to my ISP's Domain name server (dns).
# Get the IP addresses from /etc/resolv.conf file
pass out quick on vtnet0 proto tcp from any to any port = 53 flags S
keep state
pass out quick on vtnet0 proto udp from any to any port = 53 keep state
# Allow access to ISP's specified DHCP server
pass out quick on vtnet0 proto udp from any to any port = 67 keep state
# Allow out all pings (icmp) to public Internet
pass out quick on vtnet0 proto icmp from any to any keep state
# Block and log everything that's trying to get out.
# This rule enforces the block all by default logic.
block out log quick on vtnet0 all
# allow in ISP dhcp traffic
pass in quick on vtnet0 proto udp from any to any port = 67 keep state
# pass in ipv6 pings. no ipv6 with keep state option allowed
pass in log quick proto icmp6 all
# Block and log all remaining traffic coming into the firewall.
# This rule enforces the block all by default logic.
block in log quick on vtnet0 all
Anything else you want to see post the commands to use.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F08A3BA.8060401>