From owner-freebsd-net@FreeBSD.ORG Sat Nov 1 05:54:02 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33CB57F3 for ; Sat, 1 Nov 2014 05:54:02 +0000 (UTC) Received: from st11p02mm-asmtp001.mac.com (st11p02mm-asmtp001.mac.com [17.172.220.236]) (using TLSv1 with cipher DES-CBC3-SHA (112/168 bits)) (Client CN "smtp.me.com", Issuer "VeriSign Class 3 Extended Validation SSL SGC CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 072BC92B for ; Sat, 1 Nov 2014 05:54:01 +0000 (UTC) Received: from fukuyama.hsd1.ca.comcast.net (unknown [73.162.13.215]) by st11p02mm-asmtp001.mac.com (Oracle Communications Messaging Server 7u4-27.10(7.0.4.27.9) 64bit (built Jun 6 2014)) with ESMTPSA id <0NEC008ZAJ1RIB90@st11p02mm-asmtp001.mac.com> for freebsd-net@freebsd.org; Sat, 01 Nov 2014 05:53:54 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.28,0.0.0000 definitions=2014-11-01_02:2014-10-31,2014-11-01,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=2 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1408290000 definitions=main-1411010065 Content-type: text/plain; charset=us-ascii MIME-version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) Subject: Re: Help with IPv6 router gateway config, Comcast, DHCP, dnsmasq From: Rui Paulo In-reply-to: Date: Fri, 31 Oct 2014 22:53:51 -0700 Content-transfer-encoding: quoted-printable Message-id: <44D1EB57-CFB0-4E78-822C-29A9FEA85A66@me.com> References: To: Chris Inacio X-Mailer: Apple Mail (2.1990.1) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2014 05:54:02 -0000 On Oct 31, 2014, at 20:23, Chris Inacio wrote: >=20 > Hello all, >=20 > I've tried to find this information in so many ways, but I just can't = piece > it together, maybe my Google fu is failing me. >=20 > I have my router/gateway device running FreeBSD 10p11 - so its up to = date. > On my internal network interface, re1, I'm using dnsmasq to serve both = IPv4 > DHCP and current private network IPv6 (fc00::). This prefix has been depreciated. Why aren't you giving global IPv6 = addresses internally anyway? > I can successfully configure my public interface (re0) to get IPv6 > information from Comcast. I'm getting both a /128 NA for the = interface as > well as a prefix /64 to allocate IPv6 addresses. >=20 > The problem is that I get the /64 via dhcp6c operating on my re0 = interface, > and then I can't figure out how to pass that information to dnsmasq to = use > it for my internal network. I could only see the /64 by running = dhcp6c in > foreground+debug mode. The way this works is by prefix delegation. dhcp6c gets a delegated = prefix from the DHCPv6 server and then it's supposed to configure it on = your internal network (re1). You could theoretically write a script that runs when you get a prefix = which configures dnsmasq, but to be honest letting dhcp6c configure the = prefix on your internal network and then running rtadvd is much easier. = Not to mention that not every system out there supports DHCPv6 by = default. > Is there a simple solution to this? I'm okay with variations such as = "stop > using dhcp6c to get the /64 prefix and add `XXXXX` to dnsmasq to do = it" or > "use dhcp6s to serve the /64 prefix". >=20 > I am currently having a few issues with dnsmasq, but generally, I = still > like it. (It keeps crashing with signal 11, but I'm using the version = from > pkg which doesn't call out to an init script.) But the way dnsmasq = handles > DHCP, local DNS, and support DNSSEC I like a lot. >=20 > I find the man pages for dhcp6 pretty awful. The man pages describe = the > options - but not being able to find what /64 is assigned to dhcp6c = other > than running in debug mode seems crazy. There's an alternative: dhclient from ports which includes DHCPv6 = support with prefix delegation. >=20 > My configs are really basic. dhcp6c.conf: >=20 > interface re0 { >=20 > send ia-pd 0; >=20 > send ia-na 1; >=20 > }; >=20 >=20 > id-assoc na 1 { >=20 > }; >=20 >=20 > id-assoc pd { >=20 > prefix ::/56 infinity; >=20 > prefix-interface re0 { >=20 > sla-len 4; >=20 > sla-id 1; >=20 > }; >=20 > }; >=20 >=20 > dnsmasq.conf: >=20 >=20 > interface=3Dre1 >=20 > dhcp-range=3Dre1,192.168.1.1,192.168.1.150,255.255.255.0,12h >=20 > domain-needed >=20 > bogus-priv >=20 > resolv-file=3D/usr/local/etc/dnsmasq-resolv.conf >=20 >=20 > # >=20 > # serve up our own name >=20 > # >=20 > interface-name=3Daticusjr,re1 >=20 >=20 >=20 > # >=20 > # enable DNSSEC >=20 > # >=20 > conf-file=3D/usr/local/share/dnsmasq/trust-anchors.conf >=20 > dnssec >=20 > dnssec-check-unsigned >=20 >=20 > # >=20 > # do IPv6 router advertisements for internal network >=20 > # >=20 > dhcp-range=3D::,constructor:re1,ra-only >=20 > enable-ra >=20 >=20 > Any help would be greatly appreciated. >=20 >=20 > thanks >=20 > Chris > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Rui Paulo