Default gateway on different net

Lasse Brandt lasse at bitmand.com
Tue Sep 21 10:59:31 UTC 2010 

Hi,

I have a server in location that provides ipv6 (not sure the ipv6 part is important, but thats how I stumbled upon this). First a bit of information about the server:

FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010
1 NIC with ipv4 and v6 addresses.

I got an ipv6 subnet (/64) from the hosting provider but the default gateway is not in the same subnet. The recommendation from the provider is simple: Create a static route, that routes all traffic to the subnet with the gateway to the interface. Then create default gateway.

What I have done is this:

ipv6_enable="YES"
ipv6_static_routes="defgw"
ipv6_route_defgw="2a01:xxxx:xxxx:3180::1 -prefixlen 59 -iface re0"
ipv6_defaultrouter="2a01:xxxx:xxxx:3180::1"
ipv6_ifconfig_re0="2a01:xxxx:xxxx:3183::2 prefixlen 64"

( Notice the slight difference in the ip on the nick :3183: and the gateway :3180: )

If I reboot the machine, the following happens:

*) The nic re0 got the ip: 2a01:xxxx:xxxx:3183::2 - ifconfig:
	inet6 2a01:xxxx:xxxx:3183::2 prefixlen 64
*) The static route is in the routing table:
	2a01:xxxx:xxxx:3180::/59   6c:62:6d:0d:9b:e8   US   re0
*) But there is no default route :(

I then stumbled upon line 1057 in /etc/network.subr:
	ipv6_static_routes="default ${ipv6_static_routes}"

If I understand this correctly, the ipv6_defaultrouter is simply added in the static_route configuration (which is added later).
But I also recall that I cannot create a default route to an ip not in my subnet, if the static route is missing. And the above code place the default route as the very first.

If I move default to the "last" position:
	ipv6_static_routes="${ipv6_static_routes} default"

And reboots, the routing table shows my static route and the default route just fine:

Internet6:
Destination              Gateway                Flags Netif Expire 
default                  2a01:xxxx:xxxx:3180::1 UGS   re0
2a01:xxxx:xxxx:3180::/59 6c:62:6d:0d:9b:e8      US    re0

But! I still can't get any ipv6 packets out of the server. Trying to ping6 the gateway (or anything else outside) simply returns a: ping6: sendmsg: Operation not permitted
I have tried tcpdumping ipv6 packets on re0, but absolutely nothing is showing up when either ping6 or telnet to something outside on an ipv6 address (firewall is disabled btw). If I tcpdump while ping6 from outside to 2a01:xxxx:xxxx:3183::2, ipv6 packets is showing just fine.

If you are still reading this email, thanks :)

Now to the actual questions:

1) Is the hosting provider actually forcing me to do something "bad" og plain wrong?

2) Should the default route really be the last route to be added in /etc/network.subr:1057? (not sure if there is a reason to why its first - but I feel guilty messing with that file directly :) )

3) Am I setting this up in a completely wrong way?
( At this point it feels like "everything is right, but I miss _that_ fundamental option/config somewhere )

Any hint, tips or trick is highly appreciated.

Best regards,
Lasse Brandt

More information about the freebsd-net mailing list