Date: Fri, 10 Jul 2020 13:22:02 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Jon Radel <jon@radel.com> Cc: freebsd-questions@freebsd.org Subject: Re: trouble setting up ipv6 Message-ID: <5F08A3BA.8060401@gmail.com> In-Reply-To: <a8339776-478e-2274-428e-5f451c06f0dc@radel.com> References: <5F088CAE.2090400@gmail.com> <a8339776-478e-2274-428e-5f451c06f0dc@radel.com>
index | next in thread | previous in thread | raw e-mail
Jon Radel wrote:
> On 7/10/20 11:43, Ernie Luzar wrote:
>> ping6 -c 1 ipv6.google.com
>>
>> responds with this
>>
>> ping6: UDP connect: No route to host
>>
>>
>> Any idea why?
>>
> Leading guess around these parts would be that you don't have IPv6
> configured properly. Does it work for anything?Â
>
> To narrow it down a bit to something useful, why don't you do the usual
> steps, such as sharing your network configuration and current IPv6
> routing table, the results of pinging your IPv6 gateway, etc., etc.
>
>
rc.conf
ifconfig_vtnet0="DHCP"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
gateway_enable="YES"
ipv6_gateway_enable="YES"
:/etc#ifconfig -a
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether f2:3c:92:bc:54:37
inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1
inet6 2600:3c02::f03c:92ff:febc:5437 prefixlen 64 autoconf
inet xxx.xxx.33.221 netmask 0xffffff00 broadcast xx.x.xx.xx
media: Ethernet 10Gbase-T <full-duplex>
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
:/etc#netstat -nr6
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#2 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2600:3c02::/64 link#1 U vtnet0
2600:3c02::f03c:92ff:febc:1 link#3 UHS lo0
2600:3c02::f03c:92ff:febc:5437 link#1 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%vtnet0/64 link#1 U vtnet0
fe80::f03c:92ff:febc:5437%vtnet0 link#1 UHS lo0
fe80::%lo0/64 link#2 U lo0
fe80::1%lo0 link#2 UHS lo0
fe80::%epair0a/64 link#4 U epair0a
fe80::ad:7fff:fe8d:820a%epair0a link UHS lo0
fe80::%epair1a/64 link#5 U epair1a
fe80::c0:11ff:fee6:990a%epair1a link#5 UHS lo0
ff02::/16 ::1 UGRS lo0
ipf.rules
# There is fixed bug about ipv6 and keep state not working together
# This fixed bug is not included in 12.1.
# No rules with ipv6 and keep state allowed at this time.
pass out quick inet6 proto icmp6 from any to any
# Allow out access to my ISP's Domain name server (dns).
# Get the IP addresses from /etc/resolv.conf file
pass out quick on vtnet0 proto tcp from any to any port = 53 flags S
keep state
pass out quick on vtnet0 proto udp from any to any port = 53 keep state
# Allow access to ISP's specified DHCP server
pass out quick on vtnet0 proto udp from any to any port = 67 keep state
# Allow out all pings (icmp) to public Internet
pass out quick on vtnet0 proto icmp from any to any keep state
# Block and log everything that's trying to get out.
# This rule enforces the block all by default logic.
block out log quick on vtnet0 all
# allow in ISP dhcp traffic
pass in quick on vtnet0 proto udp from any to any port = 67 keep state
# pass in ipv6 pings. no ipv6 with keep state option allowed
pass in log quick proto icmp6 all
# Block and log all remaining traffic coming into the firewall.
# This rule enforces the block all by default logic.
block in log quick on vtnet0 all
Anything else you want to see post the commands to use.
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F08A3BA.8060401>