From owner-freebsd-questions@freebsd.org Mon Feb 20 09:46:54 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1002FCE6B2A for ; Mon, 20 Feb 2017 09:46:54 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 911271618 for ; Mon, 20 Feb 2017 09:46:53 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id v1K9kOSL081411 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 20 Feb 2017 10:46:24 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id v1K9kNS6081407; Mon, 20 Feb 2017 10:46:23 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Mon, 20 Feb 2017 10:46:23 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Jon Radel cc: Ernie Luzar , "freebsd-questions@freebsd.org" Subject: Re: Questions about local ipv6 setup In-Reply-To: <8e9557c5-291a-8b24-ce09-115f979c15eb@radel.com> Message-ID: References: <58A5D342.1020505@gmail.com> <8e9557c5-291a-8b24-ce09-115f979c15eb@radel.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Feb 2017 09:46:54 -0000 On Thu, 16 Feb 2017 17:23-0500, Jon Radel wrote: > On 2/16/17 11:28 AM, Ernie Luzar wrote: > > > > > Does ipv6 have a range of non-public routeable ipv4 address that are > > reserved for LAN use like 10.0.0.0/8 is for ipv4? > > Yes, several different flavors, some of which are not directly > comparable to anything in ipv4. > > A mandatory address for every ipv6 configured interface is the > link-local address in fe80::/64. As suggested by the name, this is an > address that is only usable on the LAN the interface is attached to, > these addresses are not routed. On most modern ipv6 stacks you'll end > up with one of these automatically, with least significant 64 bits based > on a transformation of the MAC for the interface. You can, however, > assign a different or additional one of these and use that on the LAN. > > Most directly comparable to RFC 1918 addresses would the the unique > local addresses in fc00::/7. > To do it right, you'd use fd00::/8 half of that space, concatenated > with a different 40-bit pseudo-random number for each of your LANs. In my opinion that's overkill, but certainly doable. According to RFC 4193 (https://tools.ietf.org/html/rfc4193), the Unique Local IPv6 Unicast Addresses uses this format: | 7 bits |1| 40 bits | 16 bits | 64 bits | +--------+-+------------+-----------+----------------------------+ | Prefix |L| Global ID | Subnet ID | Interface ID | +--------+-+------------+-----------+----------------------------+ Generating one prefix for your entire network and using the 16-bit field in the middle for your subnet IDs seems more appropriate than generating a set of unique prefixes, one for each subnet. YMMV. Remember to use the fd00::/8 prefix. APNIC has seen the fc00::/8 prefix on the live Internet, https://conference.apnic.net/data/36/apnic-36-ula_1377495768.pdf. > You could route these anywhere in your network, but not globally. > > After that you get into the weird stuff, such as using ipv4-mapped-ipv6 > space for the RFC 1918 numbers. I can't think of why this wouldn't > work, but certainly haven't tried it. > > > > > > Do any of the 3 freebsd firewalls have ability to do ipv6 NAT? > > Consider avoiding NAT entirely. One of the beautiful things about ipv6 > is avoiding NAT and all the breakage that results from NAT. If you're > actually connected to the ipv6 Internet you should have no trouble > getting an address for every device you own many times over. > > > > > Can the default dhcp client handle ipv6? > > I believe not but haven't checked recently if that is still true. But > really, the use case for DHCP is minimal in IPv6. There are better ways > to dynamically assign addresses unless you have special requirements. > See net/dhcp6 and other ports for more. > > > > > On my host I run ipfilter firewall, I have done nothing to enable ipv6, > > but the daily security email shows a list of ipv6 denied packets. Does > > this mean that ipv6 packets are flowing freely on the public internet? > > > > It possibly just means that something else on your LAN is talking ipv6. > However, it is true that there are an awful lot of ipv6 packets on the > ipv6 Internet--frankly it would be extremely sad if there weren't. > There are even a lot of ipv6 packets on the ipv4 Internet, though > they're all encapsulated in some fashion or another. But without the > slightest hint as to whether you're connected to the ipv6 Internet, what > type of packets they are, and what address they're coming from, it's > right hard for us to even guess what it all means. > > It could be that your local gateway is configured to send out RA (router > advertisement) packets routinely. See > https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol for more. > > > My current goal is to configure ipv6 to work only between my gateway and > > LAN nodes. Have been unable to find example on how to accomplish this. > > Can anyone point me to such documentation. > > Things to try when you've got a bit of ipv6 running: > > ndp -a > ndp -an > > which show you everything speaking ipv6 on your LAN(s). > > ping6 > traceroute6 > > should be obvious. > > If during setup you say you want to use ipv6, you should end up with at > very least an fe80:: address, which should be sufficient to talk to > anything else on your LAN that speaks ipv6. Whether you get more > depends on what your router is configured to do in regards to NDP, etc., > etc. -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-questions@freebsd.org Tue Feb 21 10:43:35 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47695CE8220 for ; Tue, 21 Feb 2017 10:43:35 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from BLU004-OMC4S11.hotmail.com (blu004-omc4s11.hotmail.com [65.55.111.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F378217E6 for ; Tue, 21 Feb 2017 10:43:34 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM01-BN3-obe.outbound.protection.outlook.com ([65.55.111.137]) by BLU004-OMC4S11.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 21 Feb 2017 02:42:27 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=l0VdZzQc6FmiwONO5wf7uS+JKqcVN1AKYTwzvKfTq88=; b=aCh/CahY+kL/HPd5IzQM+adXjRGVLmzCSUswVSvAvgbothZ+/rdukWtOffs+hvYPuiyllUpGHL72ZWh8jECn4FUp18dEsyYd2JrKbWjodrAoW9alHnSukhNKI+uHvVGMAr99MXUrDpcG8eiEldzkzBZrbK5bcO9YIxhFkqFmX0EXpXRwhUXwdhQOCdQGr8H2l2XM9yGzAK05JZVNEKwCPq5YdTvPYbuCvaY4Ru9zB/VRZusH9CrATsSFDKY3xwIwPolzpEfCukmHNqC+gVA/2CuXbNlRfOpO1EnixCc3iZEUPA7ktTdUsaM9JzkRGYenLkctpsGPJTdY2vO7n3Eghg== Received: from BN3NAM01FT048.eop-nam01.prod.protection.outlook.com (10.152.66.51) by BN3NAM01HT017.eop-nam01.prod.protection.outlook.com (10.152.67.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.919.10; Tue, 21 Feb 2017 10:42:25 +0000 Received: from CY4PR20MB1397.namprd20.prod.outlook.com (10.152.66.56) by BN3NAM01FT048.mail.protection.outlook.com (10.152.66.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.919.10 via Frontend Transport; Tue, 21 Feb 2017 10:42:25 +0000 Received: from CY4PR20MB1397.namprd20.prod.outlook.com ([10.171.167.147]) by CY4PR20MB1397.namprd20.prod.outlook.com ([10.171.167.147]) with mapi id 15.01.0919.018; Tue, 21 Feb 2017 10:42:25 +0000 From: Gerard Seibert To: "freebsd-questions@freebsd.org" CC: "ericturgeon.bsd@gmail.com" Subject: Running "synth" Thread-Topic: Running "synth" Thread-Index: AQHSjC8wTOvMQ5PkS022HRq1a+d2XQ== Date: Tue, 21 Feb 2017 10:42:25 +0000 Message-ID: Reply-To: "freebsd-questions@freebsd.org" Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=outlook.com; x-incomingtopheadermarker: OriginalChecksum:5C4CF8BAA8CF9DF6C3326D79F71729FAA7ABF55BFBF3B621C3897184BFC5AF41; UpperCasedChecksum:926C04101432426C8F05197525B601752E3F769CCA283CF9167E946DC3F45EFD; SizeAsReceived:7536; Count:36 x-ms-exchange-messagesentrepresentingtype: 1 x-incomingheadercount: 36 x-eopattributedmessage: 0 x-microsoft-exchange-diagnostics: 1; BN3NAM01HT017; 7:ceAN5Jd/WzQLq3ABds968v0SSamW51Id45pMVccSNq0AemrwOU65ifjMDD3agdnD4yC4ZaA2WRHs3FsUScvnpIRYMiBwRRhjLNOgzBB94gnbv4L5DzWnrT7Af1xd3jJ+VC6EvlOWxvQuNPMZ9NrRB7PVb14UjPmZPv6zs8ZVrTh/JaumqENB8jAfnoU6hpCd18pIdhWGS9NtIawoNQHQIPgvQ++RxH8oZNQLkqDQxGjudF1118tATQs5yeX5PeA4W9ildLPMiK/6fcqSsfe8VYy0J9v7EMC4qsQ5jGp/ldOv95aKUyjGoALgAnFWKtSRUiPLB/420mdW2CG0PmMnOw== x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900012); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3NAM01HT017; H:CY4PR20MB1397.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:en; x-ms-office365-filtering-correlation-id: 4d8fd561-d570-47fb-eed7-08d45a465253 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506426)(5061507331)(1603103135)(1601125107)(1603101373)(1701031045); SRVR:BN3NAM01HT017; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015087)(444000031); SRVR:BN3NAM01HT017; BCL:0; PCL:0; RULEID:; SRVR:BN3NAM01HT017; x-forefront-prvs: 0225B0D5BC spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2017 10:42:25.2114 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM01HT017 X-OriginalArrivalTime: 21 Feb 2017 10:42:27.0190 (UTC) FILETIME=[31AC6960:01D28C2F] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2017 10:43:35 -0000 I just installed "synth" on my system. I ran " synth configure" and it exited correctly. I then tried to build a port, and I received this error message: "Stand by, building pkg(8) first ... Failed!! (synth must exit)" This happens every time. I tried Googling and found nothing related to this message. --=20 Carmel