NPTv6: prefix doesn't change in IPFW when prefix changes on dynamic interface

Reply: Andrey V. Elsukov: "Re: NPTv6: prefix doesn't change in IPFW when prefix changes on dynamic interface"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: FreeBSD User <freebsd_at_walstatt-de.de>
Date: Thu, 24 Nov 2022 15:27:18 UTC

Hello,

running a small routing/firewall applicance based on 13-STABLE and IPFW, I face a problem with
NPTv6. The external IPv6 is changing dynamically. While ipfw in-kernel NAT catch up with
dynamical changes of the IPv4, NPTv6 doesn't seem so.

I'm neither an expert in networking nor IPFW.

After a couple of days tun0 (the exterior PPP interface, uplink connection managed via mpd5)
has a lot of IPV6 addresses, all but one are marked "deprecated".
When restarting every 24 hours mpd5, only one official IPv6 address/prefix is assigned to tun0
(I'm neglecting the ULA and link-local, they are allways present). Since a couple of weeks for
now, restarting mpd5 results in a crash of FreeBSD 13-STABLE, so my ISP is changing the IPv6
and this results in the "deprecated" prefixes.

I was wondering if the IPFW NPTv6 facility isn't getting automatically the new, non-deprecated
prefix or do I have to trigger this by restart ipfw as well?

In case nor mpd5 is restarted or the exterior interface is assigned with several IPv6
addresses of which all but one are marked deprecated, pinging the outside world via IPv6 will
take the wrong IPv6 - IPFW doesn't seem to catch up with the changes.

How to fix this?

Thank yo very much in advance,

O. Hartmann


-- 
O. Hartmann