Date: Fri, 10 Jul 2020 17:07:21 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Jon Radel <jon@radel.com> Cc: freebsd-questions@freebsd.org, david Mehler <dave.mehler@gmail.com> Subject: Re: trouble setting up ipv6 Message-ID: <5F08D889.8080708@gmail.com> In-Reply-To: <f63ed225-5b6a-765e-aee3-259469bd8609@radel.com> References: <5F088CAE.2090400@gmail.com> <a8339776-478e-2274-428e-5f451c06f0dc@radel.com> <5F08A3BA.8060401@gmail.com> <f63ed225-5b6a-765e-aee3-259469bd8609@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Radel wrote: > On 7/10/20 13:22, Ernie Luzar wrote: snip >> > Notable largely for the complete lack of a default route. > > Consider setting your gateway explicitly instead of depending on router > advertisements: > > ipv6_defaultrouter="2600:3c02::dead:dead:dead:beef" Put this ipv6_defaultrouter= in rc.conf? > > or whatever that address is. Otherwise you'll need to figure out what's > broken with router advertisements on your network. My quick read of > your ipf.rules file leads me to believe that you're allowing icmp6 > router advertisements in Let me put into my own words what I think your are saying. 1. That the standard inbound icmpv6 routeradvert is suppose to auto populate the host internal ipv6 default router ipv6 address. 2. That the inbound icmpv6 routeradvert my host is receiving from my ISP is incomplete or being incorrectly populated by my ISP. 3. There are also icmp6 neighborsolicit in bound packets that are not being passed by the same rule that passes the inbound icmpv6 routeradvert packets but get blocked by the default block all rule. I am thinking this is a un-reported bug in ipfilter. > >> # pass in ipv6 pings. no ipv6 with keep state option allowed >> pass in log quick proto icmp6 all > Are you logging advertisements based on that? If you don't see them, > you probably need to figure out what's up with your gateway device. Yes I see router advertisements logged in the ipf.log file. fe80::1 -> ff02::1 PR icmpv6 len 40 104 icmpv6 routeradvert/0 IN multicast Get this log line 2222 times per minute I also see the blocked inbound icmpv6 neighborsolicit packets that get logged by the default block all rule for inbound traffic. > > As a quick check, you can also override the routing table with the -g > option to ping6. The ipv6 address auto assigned to the vtnet0 is what is considered as the default route. Am I understanding this correctly?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F08D889.8080708>