Date: Sun, 29 Aug 2010 12:20:12 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Indexer <indexer@internode.on.net> Cc: freebsd-questions@freebsd.org Subject: Re: ISC-DHCP6 does not send replies Message-ID: <4C7A426C.1060305@infracaninophile.co.uk> In-Reply-To: <780515BD-59CE-4507-B472-029578CC9E39@internode.on.net> References: <141EE0AF-42C0-4455-BB4A-85C07ED784C0@internode.on.net> <4C7A04FC.3020301@infracaninophile.co.uk> <780515BD-59CE-4507-B472-029578CC9E39@internode.on.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig97D83C27791F3485ACE1D304 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 29/08/2010 08:44:08, Indexer wrote: > When i change the subnet block to subnet6=20 >=20 > 2001:44b8:7988:c60::/64 { >=20 > The client still sends solicits to the server, but now the server no > longer receives them. Checking wether the client could connect to > ff02::1:2 came back with " UDP connect: No route to host" As far as I can tell, the subnet6 statement was the only error in the config you posted. Hmmm... I'm thinking the problem is perhaps your firewall. ... but you've tried disabling the firewall completely. Probably not that then. Connecting to [ff02::1:2]:547 (link-scoped All_DHCP_Relay_Agents_and_Servers) or [ff05::1:3]:547 (site-scoped All_DHCP_Servers) should get some sort of answer. Check the routing table on server and client -- on a FreeBSD box, I get: % netstat -r | grep ff02 ff02::%re0 fe80::e2cb:4eff:fe U re0 ff02::%fwe0 fe80::1e:8cff:fec2 U fwe0 ff02::%fwip0 fe80::21e:8c00:c2: U fwip0 ff02::%lo0 localhost U lo0 ff02::%gif0 fe80::e2cb:4eff:fe U gif0 (ie. a route for all network interfaces known on the system, whether active or not) The next step in debugging is to start capturing packet traces (tcpdump(1), wireshark(1)) on both client and server and hunting in there for clues. I know some IPv6 traffic won't get through my wireless router, but that device is IPv4 only and the poor thing gets easily confused by all this new-fangled IPv6 stuff... Cheers, Matthew PS. On the off chance that it is the firewall. A good debugging trick with pf is to add a 'log' clause to any rule that has a block or reject action. Eg. in lines like the following: block log all block in log quick from no-route to any block in log quick from urpf-failed to any antispoof log quick for lo0 block in log quick on $ext_if from <ssh-bruteforce> etc. etc. Then run tcpdump on the pflog0 interface: # tcpdump -i pflog0 -vv and make your client request a new lease. In the IPv4 case, the first packets the client sends are not *IP* packets -- they are pure ethernet packets, sent to the broadcast MAC address ff:ff:ff:ff:ff:ff, and don't necessarily have any IP address data (either IPv4 or IPv6) in them at all. If MAC-broadcast fails, then dhcp client will fall back to using the IPv4 link-local address range 169.254.0.0/16 (RFC3927). However, if your dhcp client does that, then it's usually an indication you aren't going to get an address. Now, with IPv6, link-local addresses are always configured, and there are a whole new set of prefixes for local-, site- and global- scope addresses. I don't know if dhcp client tries using MAC-broadcast at all in the IPv6 case (I would think dhcpd should answer if it does) but the link-local address stuff is possibly what's being blocked somewhere. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig97D83C27791F3485ACE1D304 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx6QnEACgkQ8Mjk52CukIwJuACeP/S/GwJkdrFIQ/Dtzu1+z4dK /Z0An0XMX+482Rjbd8ueyiCiIUtjY8Jx =sNcu -----END PGP SIGNATURE----- --------------enig97D83C27791F3485ACE1D304--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C7A426C.1060305>