IPv6 Woes...

Eric F Crist ecrist at secure-computing.net
Mon Jun 25 18:04:21 UTC 2007 

Hello folks!

I've got a few FreeBSD 6.2-STABLE boxes configured for IPv6, with a  
netblock that I obtained from my ISP.  I have a router that doesn't  
support IPv6 yet, so my ISP and I setup a gif tunnel, which is  
working great.  I have a setup similar to this:

ISP <---> ROUTER <---> FBSD FW <----> NETWORK LAN
   \____IPv6 Tunnel_____/

As things are configured, my LAN server can ping one another via IPv6  
just fine.  My FBSD firewall can ping my ISP just fine.  My LAN  
cannot ping my IPv6 address on the firewall, or, of course, my ISP.   
My firewall cannot ping my LAN.

My IPs are setup like so:

My LAN is addressed 2001:4980:1:111:x/64 where x is the last octet of  
my current v4 addressing.  All of these systems have a default ipv6  
route of 2001:4980:1:111::1.

My firewall has two NICs, fxp0 and fxp1, setup with ethernet  
bridging, fxp0 holding all my live IPs.  ifconfig of my firewall is  
as follows:

fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu  
1500
         options=8<VLAN_MTU>
         inet6 fe80::206:5bff:fe05:3019%fxp0 prefixlen 64 scopeid 0x1
         inet xxx.xxx.xxx.xxx netmask 0xfffffff0 broadcast  
xxx.xxx.xxx.xxx
         inet xxx.xxx.xxx.xxx netmask 0xffffffff broadcast  
xxx.xxx.xxx.xxx
         inet6 2001:4980:1:111::145 prefixlen 64
         inet6 2001:4980:1:111::1 prefixlen 128
         ether 00:06:5b:05:30:19
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active
fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu  
1500
         options=8<VLAN_MTU>
         inet6 fe80::206:5bff:fe05:301a%fxp1 prefixlen 64 scopeid 0x2
         ether 00:06:5b:05:30:1a
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
         inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
         tunnel inet xxx.xxx.xxx.xxx --> yyy.yyy.yyy.yyy
         inet6 fe80::206:5bff:fe05:3019%gif0 prefixlen 64 scopeid 0x6
         inet6 2001:4980:1::6 prefixlen 126

Output from a netstat -r -f inet6 shows (truncated for length):
Internet6:
Destination        Gateway            Flags      Netif Expire
::                 localhost.secure-c UGRS        lo0 =>
default            2001:4980:1::5     UGS        gif0
localhost.secure-c localhost.secure-c UHL         lo0
::ffff:0.0.0.0     localhost.secure-c UGRS        lo0
2001:4980:1::4     link#6             UC         gif0
2001:4980:1::5     link#6             UHLW       gif0
2001:4980:1::6     link#6             UHL         lo0
2001:4980:1:111::  link#1             UC         fxp0
2001:4980:1:111::1 00:06:5b:05:30:19  UHL         lo0
2001:4980:1:111::1 00:06:5b:05:30:19  UHL         lo0

I'm think there may possibly be a problem with the bridging code?   
Any ideas would help.  For the record, I have read the FreeBSD  
Handbook, amongst many, many, many other documentation sources.

TIA for the help!
-----
Eric F Crist
Secure Computing Networks

More information about the freebsd-net mailing list