From nobody Wed Oct 1 14:33:23 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ccHV84ZfDz69kBx for ; Wed, 01 Oct 2025 14:33:36 +0000 (UTC) (envelope-from roy@marples.name) Received: from sender2-of-o58.zoho.eu (sender2-of-o58.zoho.eu [136.143.171.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4ccHV70q9Jz49lc for ; Wed, 01 Oct 2025 14:33:34 +0000 (UTC) (envelope-from roy@marples.name) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=marples.name header.s=zmail header.b=GOqilXnB; dmarc=pass (policy=quarantine) header.from=marples.name; spf=pass (mx1.freebsd.org: domain of roy@marples.name designates 136.143.171.58 as permitted sender) smtp.mailfrom=roy@marples.name; arc=pass ("zohomail.eu:s=zohoarc:i=1") ARC-Seal: i=1; a=rsa-sha256; t=1759329205; cv=none; d=zohomail.eu; s=zohoarc; b=ffKnwJ8u0hAo8SN9Kxfzs7Zw4HFCPujzIKfJ1nZTk/tFjSniRWtu5iYk2zBjNjWaicPhRU3qocVkijTPOnoX45ZDMbp8PF7V3Z1Z03T324H3GFA1f6iKVP0jGOxGcZdHMl4KP4GcbrjxN2DbyYolU+jFTVEJemo93jEJxpW2c9I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1759329205; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=f3a6odkmLkTfAAGRVExFK3yARSneb5L0JiiPdA2b3lI=; b=JXTPZkq7gg+pxedkjw/MJ7eXSQUTBzBP1UZLw1TastBQ3vPm2kcmLOCIIFW72/ZwUsBEgHA6f4/Uk59neD8WzxCONU1mCfONZqoljkZ6cwqdltOdhUA+kf0Lr3YBQh6HoGx8S24/IPQfsuXlFUOpDOQ/l9T2cNZ1F5uIj8n9oeU= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=marples.name; spf=pass smtp.mailfrom=roy@marples.name; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1759329205; s=zmail; d=marples.name; i=roy@marples.name; h=Date:Date:From:From:To:To:Cc:Cc:Message-Id:Message-Id:In-Reply-To:References:Subject:Subject:MIME-Version:Content-Type:Reply-To; bh=f3a6odkmLkTfAAGRVExFK3yARSneb5L0JiiPdA2b3lI=; b=GOqilXnBSRTOI3Y24zImWGAx8XZGswTjvgtozBXOAiEQhfYcDNVfTz4elGTE2uy7 P9+Rmr0VLbQwNh0oMXbW+YFhoOaYVdH0oSfSw2ddgEy1sUv4vf9Zursdkqj3GeQkS01 9LPFAL4OZil+9zlnTGjk1psu2ikUUl0pU5di03I8= Received: from mail.zoho.eu by mx.zoho.eu with SMTP id 1759329203575234.5580162136281; Wed, 1 Oct 2025 16:33:23 +0200 (CEST) Date: Wed, 01 Oct 2025 15:33:23 +0100 From: Roy Marples To: "Tom Pusateri" Cc: "net@freebsd.org" Message-Id: <199a0313575.85dcc22144870.990103410983521718@marples.name> In-Reply-To: References: Subject: Re: IPv6 accept_rtadv for default route and prefix but force host portion of /64 address? List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_410162_1803434830.1759329203573" User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.19 / 15.00]; ARC_ALLOW(-1.00)[zohomail.eu:s=zohoarc:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[marples.name,quarantine]; RWL_MAILSPIKE_EXCELLENT(-0.40)[136.143.171.58:from]; R_DKIM_ALLOW(-0.20)[marples.name:s=zmail]; R_SPF_ALLOW(-0.20)[+ip4:136.143.168.0/22]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[net@FreeBSD.org]; RCPT_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[marples.name:+]; RCVD_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ASN(0.00)[asn:41913, ipnet:136.143.170.0/23, country:CH]; TO_DN_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[136.143.171.58:from] X-Rspamd-Queue-Id: 4ccHV70q9Jz49lc ------=_Part_410162_1803434830.1759329203573 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi You can use dhcpcd from ports for this, rather than the FreeBSD Kernel. https://man.freebsd.org/cgi/man.cgi?query=3Ddhcpcd.conf=20 Example configuration in dhcpcd.conf interface igb0 =C2=A0 =C2=A0 slaac token ::123 Now, dhcpcd will generate SLAAC addresses using the token instead of the ha= rdware address. Fair warning, dhcpcd will take over some stuff on your router so you may wa= nt to limit it to some interfaces only and maybe some protocols only. See t= he fine man page for details. Good luck! Roy =20 =20 =20 ---- On Mon, 29 Sep 2025 22:32:59 +0100 Tom Pusateri wrote ---- Is there a way to change the configuration in /etc/rc.conf to get the pref= ix from the router advertisement but fix the host portion to something like= ::123 so that I can change network cards in the server and never have to w= orry about the IPv6 address changing?=20 =20 I have a DMZ interface on a FreeBSD router with a prefix delegation from my= provider I assign to a downstream interface. I have another FreeBSD server= on the DMZ network and would like it to have a fixed address allocated out= of the assigned prefix from the router.=20 =20 The router (also FreeBSD) is running rtadvd providing SLAAC and router adve= rtisements.=20 =20 The /etc/rc.conf for the DMZ server currently looks like this:=20 =20 ifconfig_igb0_ipv6=3D"inet6 2605:1:2:3::123/64 accept_rtadv=E2=80=9D=20 =20 This works fine and manually assigns the address out of the assigned prefix= range as configured on the router.=20 =20 It also assigns a second IPv6 address via SLAAC that I don=E2=80=99t use.= =20 =20 ifconfig output looks like this:=20 =20 igb0: flags=3D1008843 metr= ic 0 mtu 1500=20 =C2=A0=C2=A0=C2=A0=C2=A0options=3D4e527bb=20 =C2=A0=C2=A0=C2=A0=C2=A0ether ac:1f:6b:1a:04:c0=20 =C2=A0=C2=A0=C2=A0=C2=A0inet 1.2.3.123 netmask 0xfffffff8 broadcast 1.2.3.1= 27=20 =C2=A0=C2=A0=C2=A0=C2=A0inet6 fe80::ae1f:6bff:fe1a:4c0%igb0 prefixlen 64 sc= opeid 0x1=20 =C2=A0=C2=A0=C2=A0=C2=A0inet6 2605:1:2:3::123 prefixlen 64=20 =C2=A0=C2=A0=C2=A0=C2=A0inet6 2605:1:2:3:ae1f:6bff:fe1a:4c0 prefixlen 64 au= toconf pltime 604800 vltime 2592000=20 =C2=A0=C2=A0=C2=A0=C2=A0media: Ethernet autoselect (1000baseT = )=20 =C2=A0=C2=A0=C2=A0=C2=A0status: active=20 =C2=A0=C2=A0=C2=A0=C2=A0nd6 options=3D23=20 =20 I get the correct upstream next hop for a default route:=20 =20 % netstat -nra6=20 Routing tables=20 =20 Internet6:=20 Destination Gateway Flags = Netif Expire=20 ::/96 link#3 URS = lo0=20 default fe80::207:43ff:fe31:7078%igb0 UG = igb0=20 =20 =20 The problem with this is that the IPv6 prefix is configured on the router a= nd configured on the server.=20 =20 Thanks,=20 Tom ------=_Part_410162_1803434830.1759329203573 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =
Hi

You can = use dhcpcd from ports for this, rather than the FreeBSD Kernel.
<= br>
https://man.freebsd.org/cgi/man.cgi?query=3Ddhcpcd.conf

Example configuration in dhcpcd.conf

interface igb0
    slaac token ::123
=
Now, dhcpcd will generate SLAAC addresses using the token in= stead of the hardware address.

Fair warning, dhcpc= d will take over some stuff on your router so you may want to limit it to s= ome interfaces only and maybe some protocols only. See the fine man page fo= r details.

Good luck!

Roy

=

---- On Mon, 29 Sep 2025 22:32:59 +0= 100 Tom Pusateri<pusateri@keehole.org> wrote ----

Is there a way to change the configuration in /etc/rc.conf to get= the prefix from the router advertisement but fix the host portion to somet= hing like ::123 so that I can change network cards in the server and never = have to worry about the IPv6 address changing?

I have a DMZ interf= ace on a FreeBSD router with a prefix delegation from my provider I assign = to a downstream interface. I have another FreeBSD server on the DMZ network= and would like it to have a fixed address allocated out of the assigned pr= efix from the router.

The router (also FreeBSD) is running rtadvd = providing SLAAC and router advertisements.

The /etc/rc.conf for th= e DMZ server currently looks like this:

ifconfig_igb0_ipv6=3D"inet= 6 2605:1:2:3::123/64 accept_rtadv=E2=80=9D

This works fine and man= ually assigns the address out of the assigned prefix range as configured on= the router.

It also assigns a second IPv6 address via SLAAC that = I don=E2=80=99t use.

ifconfig output looks like this:

igb= 0: flags=3D1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> m= etric 0 mtu 1500
    options=3D4e527bb<RXCSUM,TX= CSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,= VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
&nb= sp;   ether ac:1f:6b:1a:04:c0
    in= et 1.2.3.123 netmask 0xfffffff8 broadcast 1.2.3.127
   &= nbsp;inet6 fe80::ae1f:6bff:fe1a:4c0%igb0 prefixlen 64 scopeid 0x1
 = ;   inet6 2605:1:2:3::123 prefixlen 64
   = ; inet6 2605:1:2:3:ae1f:6bff:fe1a:4c0 prefixlen 64 autoconf pltime 604= 800 vltime 2592000
    media: Ethernet autoselect (= 1000baseT <full-duplex>)
    status: active <= br>    nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO= _LINKLOCAL>

I get the correct upstream next hop for a default r= oute:

% netstat -nra6
Routing tables

Internet6:
D= estination Gateway Flags = Netif Expire
::/96 link#3 = URS lo0
default fe80::207= :43ff:fe31:7078%igb0 UG igb0


The problem with thi= s is that the IPv6 prefix is configured on the router and configured on the= server.

Thanks,
Tom




------=_Part_410162_1803434830.1759329203573--