Eric F Crist
ecrist at secure-computing.net
Wed Jun 27 00:28:20 UTC 2007
On Jun 26, 2007, at 7:08 PMJun 26, 2007, Bruce A. Mah wrote:
> If memory serves me right, Eric F Crist wrote:
>> On Jun 26, 2007, at 4:32 PMJun 26, 2007, Bruce A. Mah wrote:
> [big snip]
>>> I wonder if the problem I've seen with bridge(4) might be related to
>>> your IPv6 problems (since you're terminating the tunnel on your
>>> firewall). If so, maybe switching to if_bridge(4) as I've described
>>> above might help things.
>>> In any case, good luck!
>> Bruce! Thanks for all the help! That did the trick! Only one more
>> thing that's holding me up.
> Cool...I was half-guessing on this one.
> This is a little odd. If you switched to using if_bridge for
> I would have expected to see bridge0 as one of your links. Is it not
> configured for IPv6? In my setup, the physical interfaces in the
> are also unnumbered with respect to IPv6 as well (and the gateway
> machine's IPv6 address gets assigned to the bridge0 interface).
The bridge0 interface is there (not in routing table), but it doesn't
have anything assigned. Seems to be working great for IPv4 and IPv6
right now, aside from not being able to connect to that aliased v6
> I'm not sure what bearing this has on the question you really asked,
> which was about assigning another IPv6 address to an interface. It's
> not real obvious to me what the problem is there...at least from the
> routing table everything looks OK.
> What about the neighbor table ("ndp -a")? On the gateway, ndp -a
> show entries for the two IPv6 addresses you assigned. On one of your
> LAN hosts (which I'm assuming are some *nix flavor), if you ping
> the two
> addresses of your gateway machine, you should then get entries in the
> NDP table for both those addresses as well.
Here's the output of the command you asked for. I pinged the hosts
on my network so there was more data to review:
> ndp -a
Neighbor Linklayer Address Netif
Expire S Flags
2001:4980:1::5 (incomplete) gif0
23h51m15s S R
2001:4980:1::6 (incomplete) gif0
2001:4980:1:111::1 0:6:5b:5:30:19 fxp0
2001:4980:1:111::145 0:6:5b:5:30:19 fxp0
2001:4980:1:111::147 0:6:5b:38:2e:82 fxp0
2001:4980:1:111::148 0:12:17:51:f6:e9 fxp0
2001:4980:1:111::149 0:12:17:4d:da:87 fxp0
2001:4980:1:111::150 0:6:5b:8b:8:d3 fxp0
fe80::206:5bff:fe05:3019%fxp0 0:6:5b:5:30:19 fxp0
fe80::206:5bff:fe05:301a%fxp1 0:6:5b:5:30:1a fxp1
fe80::1%lo0 (incomplete) lo0
fe80::206:5bff:fe05:3019%gif0 (incomplete) gif0
fe80::206:5bff:fe05:3019%tun0 (incomplete) tun0
Eric F Crist
Secure Computing Networks
More information about the freebsd-net