From owner-freebsd-net@FreeBSD.ORG Mon Jun 25 18:04:21 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1797416A469 for ; Mon, 25 Jun 2007 18:04:21 +0000 (UTC) (envelope-from ecrist@secure-computing.net) Received: from snipe.secure-computing.net (snipe.secure-computing.net [209.240.66.149]) by mx1.freebsd.org (Postfix) with ESMTP id DAD7A13C4BD for ; Mon, 25 Jun 2007 18:04:20 +0000 (UTC) (envelope-from ecrist@secure-computing.net) Received: from [10.0.0.14] (unknown [74.95.66.25]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ecrist@secure-computing.net) by snipe.secure-computing.net (Postfix) with ESMTP id A97891702D for ; Mon, 25 Jun 2007 12:46:51 -0500 (CDT) Mime-Version: 1.0 (Apple Message framework v752.3) Content-Transfer-Encoding: 7bit Message-Id: <39D6F9D8-3A2C-4AD7-9FA4-0024E304194A@secure-computing.net> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-net@freebsd.org From: Eric F Crist Date: Mon, 25 Jun 2007 12:46:49 -0500 X-Mailer: Apple Mail (2.752.3) Subject: IPv6 Woes... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2007 18:04:21 -0000 Hello folks! I've got a few FreeBSD 6.2-STABLE boxes configured for IPv6, with a netblock that I obtained from my ISP. I have a router that doesn't support IPv6 yet, so my ISP and I setup a gif tunnel, which is working great. I have a setup similar to this: ISP <---> ROUTER <---> FBSD FW <----> NETWORK LAN \____IPv6 Tunnel_____/ As things are configured, my LAN server can ping one another via IPv6 just fine. My FBSD firewall can ping my ISP just fine. My LAN cannot ping my IPv6 address on the firewall, or, of course, my ISP. My firewall cannot ping my LAN. My IPs are setup like so: My LAN is addressed 2001:4980:1:111:x/64 where x is the last octet of my current v4 addressing. All of these systems have a default ipv6 route of 2001:4980:1:111::1. My firewall has two NICs, fxp0 and fxp1, setup with ethernet bridging, fxp0 holding all my live IPs. ifconfig of my firewall is as follows: fxp0: flags=8943 mtu 1500 options=8 inet6 fe80::206:5bff:fe05:3019%fxp0 prefixlen 64 scopeid 0x1 inet xxx.xxx.xxx.xxx netmask 0xfffffff0 broadcast xxx.xxx.xxx.xxx inet xxx.xxx.xxx.xxx netmask 0xffffffff broadcast xxx.xxx.xxx.xxx inet6 2001:4980:1:111::145 prefixlen 64 inet6 2001:4980:1:111::1 prefixlen 128 ether 00:06:5b:05:30:19 media: Ethernet autoselect (100baseTX ) status: active fxp1: flags=8943 mtu 1500 options=8 inet6 fe80::206:5bff:fe05:301a%fxp1 prefixlen 64 scopeid 0x2 ether 00:06:5b:05:30:1a media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff000000 gif0: flags=8051 mtu 1280 tunnel inet xxx.xxx.xxx.xxx --> yyy.yyy.yyy.yyy inet6 fe80::206:5bff:fe05:3019%gif0 prefixlen 64 scopeid 0x6 inet6 2001:4980:1::6 prefixlen 126 Output from a netstat -r -f inet6 shows (truncated for length): Internet6: Destination Gateway Flags Netif Expire :: localhost.secure-c UGRS lo0 => default 2001:4980:1::5 UGS gif0 localhost.secure-c localhost.secure-c UHL lo0 ::ffff:0.0.0.0 localhost.secure-c UGRS lo0 2001:4980:1::4 link#6 UC gif0 2001:4980:1::5 link#6 UHLW gif0 2001:4980:1::6 link#6 UHL lo0 2001:4980:1:111:: link#1 UC fxp0 2001:4980:1:111::1 00:06:5b:05:30:19 UHL lo0 2001:4980:1:111::1 00:06:5b:05:30:19 UHL lo0 I'm think there may possibly be a problem with the bridging code? Any ideas would help. For the record, I have read the FreeBSD Handbook, amongst many, many, many other documentation sources. TIA for the help! ----- Eric F Crist Secure Computing Networks