Default gateway on different net
Lasse Brandt
lasse at bitmand.com
Tue Sep 21 10:59:31 UTC 2010
Hi,
I have a server in location that provides ipv6 (not sure the ipv6 part is important, but thats how I stumbled upon this). First a bit of information about the server:
FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010
1 NIC with ipv4 and v6 addresses.
I got an ipv6 subnet (/64) from the hosting provider but the default gateway is not in the same subnet. The recommendation from the provider is simple: Create a static route, that routes all traffic to the subnet with the gateway to the interface. Then create default gateway.
What I have done is this:
ipv6_enable="YES"
ipv6_static_routes="defgw"
ipv6_route_defgw="2a01:xxxx:xxxx:3180::1 -prefixlen 59 -iface re0"
ipv6_defaultrouter="2a01:xxxx:xxxx:3180::1"
ipv6_ifconfig_re0="2a01:xxxx:xxxx:3183::2 prefixlen 64"
( Notice the slight difference in the ip on the nick :3183: and the gateway :3180: )
If I reboot the machine, the following happens:
*) The nic re0 got the ip: 2a01:xxxx:xxxx:3183::2 - ifconfig:
inet6 2a01:xxxx:xxxx:3183::2 prefixlen 64
*) The static route is in the routing table:
2a01:xxxx:xxxx:3180::/59 6c:62:6d:0d:9b:e8 US re0
*) But there is no default route :(
I then stumbled upon line 1057 in /etc/network.subr:
ipv6_static_routes="default ${ipv6_static_routes}"
If I understand this correctly, the ipv6_defaultrouter is simply added in the static_route configuration (which is added later).
But I also recall that I cannot create a default route to an ip not in my subnet, if the static route is missing. And the above code place the default route as the very first.
If I move default to the "last" position:
ipv6_static_routes="${ipv6_static_routes} default"
And reboots, the routing table shows my static route and the default route just fine:
Internet6:
Destination Gateway Flags Netif Expire
default 2a01:xxxx:xxxx:3180::1 UGS re0
2a01:xxxx:xxxx:3180::/59 6c:62:6d:0d:9b:e8 US re0
But! I still can't get any ipv6 packets out of the server. Trying to ping6 the gateway (or anything else outside) simply returns a: ping6: sendmsg: Operation not permitted
I have tried tcpdumping ipv6 packets on re0, but absolutely nothing is showing up when either ping6 or telnet to something outside on an ipv6 address (firewall is disabled btw). If I tcpdump while ping6 from outside to 2a01:xxxx:xxxx:3183::2, ipv6 packets is showing just fine.
If you are still reading this email, thanks :)
Now to the actual questions:
1) Is the hosting provider actually forcing me to do something "bad" og plain wrong?
2) Should the default route really be the last route to be added in /etc/network.subr:1057? (not sure if there is a reason to why its first - but I feel guilty messing with that file directly :) )
3) Am I setting this up in a completely wrong way?
( At this point it feels like "everything is right, but I miss _that_ fundamental option/config somewhere )
Any hint, tips or trick is highly appreciated.
Best regards,
Lasse Brandt
More information about the freebsd-net
mailing list