From owner-freebsd-pf@freebsd.org Thu Jun 6 04:28:51 2019 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B6F815C209B for ; Thu, 6 Jun 2019 04:28:51 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E328E83B54; Thu, 6 Jun 2019 04:28:49 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wm1-x334.google.com with SMTP id g135so888234wme.4; Wed, 05 Jun 2019 21:28:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yYadYXLZ+GJQgnbEle404kFbYcEuKr9x4oa64ghw7wk=; b=Qq3RABO3pM+FRfFyo2xNuzPcZs3mCbO6VkRA4nsUQaYr4LiIn9t49Hl3+wtipH5YOv mJSIQYHmcNrtIhLIbumN09RF/WtwK7n2XwaEYxxLduqYeN85pJ/A5LNMnQbSjVBfRsQR CYOQxypChpJIWpgY9VBewndaZhT+h4kVoXXJiKCqK0INbWs5qQt0gg2QACkTE77pyHne VBM5/+9wl7Y83sz4XAa+Xf2yWtn9pG7mXUyCw4yuPbQVggYrLNkv5BMXJ3edssazye/a HJgzV+gda+rLuSyH1vhvZLPb8ZRzM5Op8DbTCS1vu5dZZ1oO5rapBigl2WrUcq6jHFS2 vJsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yYadYXLZ+GJQgnbEle404kFbYcEuKr9x4oa64ghw7wk=; b=iAmf9uxECdn6k6dzMzKo1REDo01YpoFhjoeATkj3KJGPWorloELvgu/qkTaJoJgkDE Pn+wneEmjZM1ivG1MFw2wI0yuV9fEdTsLSE7n+UgM6hVYjZj/Vc9tBQj23re4mNkqH4J mCWQGX6SSbc2qzjoQFsVqJ9/YTgpG+tiMo4fqLuD9ZS0x9WNiQgN+Cbrh0VLu/7gVUXg ATlQ7HJUl3buDLHxq5FaJxXo/HXM2vYUTYD4U3CZgBQaDFES3n7WBcUv+Xf02vgO4Nai MNQ4LIATam+j5uCp9bjm10A/k0CuEpy5IRHPecWPk6nayAH5L3eVWWOYQ4fmXkSgetmZ gelA== X-Gm-Message-State: APjAAAXmn9cKDs1Dk7SOFX5U4ecrfun5KGZwLwFT5u+SAW4Gz5ND1JOH KI30AwGqkKPRM2T++bFf2fehnzcke2HlSwDsiM/qR23I X-Google-Smtp-Source: APXvYqwlmVKi8Ei9Hp0tzpIarDXxr1OOVz5XDPTn/0B2LZMnnlpokWTXm23oecuTnGI2sr955BbvO3SjG+AnJoIdrlk= X-Received: by 2002:a1c:6154:: with SMTP id v81mr24002500wmb.92.1559795328697; Wed, 05 Jun 2019 21:28:48 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:a709:0:0:0:0:0 with HTTP; Wed, 5 Jun 2019 21:28:47 -0700 (PDT) In-Reply-To: <201906051544.x55FiqJf053437@gndrsh.dnsmgr.net> References: <201906051544.x55FiqJf053437@gndrsh.dnsmgr.net> From: David Mehler Date: Thu, 6 Jun 2019 00:28:47 -0400 Message-ID: Subject: Re: FreeBSD 12, pf, and Dual IP stack? To: "Rodney W. Grimes" Cc: Kurt Jaeger , freebsd-pf Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: E328E83B54 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Qq3RABO3; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2a00:1450:4864:20::334 as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-5.73 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.93)[-0.928,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-2.79)[ip: (-9.28), ipnet: 2a00:1450::/32(-2.33), asn: 15169(-2.30), country: US(-0.06)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[4.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; SUBJECT_ENDS_QUESTION(1.00)[] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jun 2019 04:28:51 -0000 Hello, Thanks everyone for your help so far. I have several questions. First, from the numbers: 2001:14f8:0200:0004: 0000:0000:0000:0004 2001:14f8:0200:0004: 0000:0000:0000:0005 it looks like the address breaks at 4 the system is the first four segments, and anything after is hostbased, is this true? If so, my ipv6 address is not like that, it has a double colon in it and has only three hexes at the end. It is a /64 so how do I split it and for instance I've got a jail on a cloned interface lo1 I'd like to put one of the addresses on it then use pf to forward traffic bound to that ip. Sorry if these are elementary questions this is new to me. Thanks. Dave. On 6/5/19, Rodney W. Grimes wrote: >> Hello, >> >> So your setup looks like mine except I only have one ipv4 and one ipv6 >> interface, how do I alias the ipv6 address space I have? I don't know >> how to hex split. >> >> Thanks. >> Dave. >> >> >> On 6/5/19, Kurt Jaeger wrote: >> > Hi! >> > >> >> Yes, an ifconfig on my vtnet0 interface does show the ipv6 address and >> >> it has prefixlen 64 I'm assuming that's what your refering to? Can you >> >> clarify your meaning about ipv6 aliases? >> > >> > Here's one of my systems, with two IPv6 addresses, so it has an two >> > IPv6 and two IPv4 addresses: >> > >> > igb0: flags=8843 metric 0 mtu >> > 1500 >> > >> > options=e527bb >> > ether 0c:9d:92:85:0f:7a >> > inet 193.105.105.132 netmask 0xffffffc0 broadcast >> > 193.105.105.191 >> > inet 193.105.105.133 netmask 0xffffffff broadcast >> > 193.105.105.133 >> > inet6 fe80::e9d:92ff:fe85:f7a%igb0 prefixlen 64 scopeid 0x1 >> > inet6 2001:14f8:200:4::4 prefixlen 64 >> > inet6 2001:14f8:200:4::5 prefixlen 64 > > I am not sure if this well help you to understand the IPv6 range > of addresses, but the two above short form numbers are in long form: > 2001:14f8:0200:0004: 0000:0000:0000:0004 > 2001:14f8:0200:0004: 0000:0000:0000:0005 > > I have inserted the space to show you the break at "prefixlen 64, aka /64". > You actaully have the lower 64 bits to play with other than the 2 that > have been setup, one being your IP address, and the other being your > default > router on this segment. > >> > media: Ethernet autoselect (1000baseT ) >> > status: active >> > nd6 options=21 >> > >> > -- >> > pi@opsec.eu +49 171 3101372 One year to go >> > ! > > -- > Rod Grimes > rgrimes@freebsd.org >