From owner-freebsd-questions@FreeBSD.ORG Thu Mar 25 10:11:13 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F7C6106566B for ; Thu, 25 Mar 2010 10:11:12 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 5A3458FC16 for ; Thu, 25 Mar 2010 10:11:12 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o2PAB6t4014355 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 25 Mar 2010 10:11:07 GMT (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4BAB36BA.3050806@infracaninophile.co.uk> Date: Thu, 25 Mar 2010 10:11:06 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: Robert Huff References: <19371.10794.722647.643272@jerusalem.litteratus.org> In-Reply-To: <19371.10794.722647.643272@jerusalem.litteratus.org> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.0 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on happy-idiot-talk.infracaninophile.co.uk Cc: questions@freebsd.org Subject: Re: ipv6 changes in src/UPDATING X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2010 10:11:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25/03/2010 09:17:30, Robert Huff wrote: > > I am updating a system: > > FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64 > > and failing to understand the (practical) consequences of > UPDATING entries 20090926 and 20091202. The system runs ipv6, but > external connectivity is though a v6-over-v4 tunnel (net/gateway6). > rc.conf currently has: > > huff@>>grep v6 /etc/rc.conf > ipv6_gateway_enable="YES" # Set to YES if this host will be a gateway. > ipv6_firewall_enable="YES" # Set to YES to enable IPv6 firewall > ipv6_firewall_type="UNKNOWN" # see /etc/rc.firewall6 > ipv6_firewall_script="/etc/ipfw.v6.set" # Which script to run to set up the IPv6 firewall > ipv6_firewall_flags="" # see /etc/rc.firewall6 > gateway6_enable="YES" > > Um ... er ... ah ... what needs to change? None of the above, probably. As you're using a custom firewall initialisation script, you don't need to worry about the variables for controlling the various pre-canned scripts. The text in UPDATING seems fairly clear to me: for the 20090926 update, various rc.conf variables prefixed by ipv6 are deprecated in favour of similar variables *suffixed* by ipv6 -- this is a simple matter of editing to sort out. There is also a new overall control knob for turning on or off IPv6 capability entirely. The new thing here is that it allows you to make that change per-interface rather than for the whole machine. Given you want IPv6 capability on all interfaces, just use ipv6_prefer="YES" You need to look at the ifconfig_ifX* or ipv6_addrs_ifX variables. Given that you've said your machine is a router for ipv6, you can't use rtsol(8), so you should be manually configuring addresses on your interfaces. You may not need to make any changes there: even so, shouldn't be too hard to debug. For the 20091202 update, again it is pretty much a replacement of variables with an ipv6 prefix, to ones with an ipv6 suffix. All the variables mentioned just detail the local IP addresses and networks, and let you select which firewall script you want to use. As it says, the ipv6 configuration exactly parallels the ipv4 configuration now. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkurNroACgkQ8Mjk52CukIwfGwCfWJ6ZGlerqj3yMNrNaqY/SOyp LIoAn0+dT9Bp3YKnrP6dz9kGV2FZKXUg =kAQt -----END PGP SIGNATURE-----