FreeBSD 12, pf, and Dual IP stack?

David Mehler dave.mehler at gmail.com
Thu Jun 6 04:28:51 UTC 2019 

Hello,

Thanks everyone for your help so far. I have several questions. First,
from the numbers:

2001:14f8:0200:0004:  0000:0000:0000:0004
 2001:14f8:0200:0004:  0000:0000:0000:0005

it looks like the address breaks at 4 the system is the first four
segments, and anything after is hostbased, is this true?

If so, my ipv6 address is not like that, it has a double colon in it
and has only three hexes at the end. It is a /64 so how do I split it
and for instance I've got a jail on a cloned interface lo1 I'd like to
put one of the addresses on it then use pf to forward traffic bound to
that ip.

Sorry if these are elementary questions this is new to me.

Thanks.
Dave.


On 6/5/19, Rodney W. Grimes <freebsd-rwg at gndrsh.dnsmgr.net> wrote:
>> Hello,
>>
>> So your setup looks like mine except I only have one ipv4 and one ipv6
>> interface, how do I alias the ipv6 address space I have? I don't know
>> how to hex split.
>>
>> Thanks.
>> Dave.
>>
>>
>> On 6/5/19, Kurt Jaeger <pi at freebsd.org> wrote:
>> > Hi!
>> >
>> >> Yes, an ifconfig on my vtnet0 interface does show the ipv6 address and
>> >> it has prefixlen 64 I'm assuming that's what your refering to? Can you
>> >> clarify your meaning about ipv6 aliases?
>> >
>> > Here's one of my systems, with two IPv6 addresses, so it has an two
>> > IPv6 and two IPv4 addresses:
>> >
>> > igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>> > 1500
>> >
>> > options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
>> >         ether 0c:9d:92:85:0f:7a
>> >         inet 193.105.105.132 netmask 0xffffffc0 broadcast
>> > 193.105.105.191
>> >         inet 193.105.105.133 netmask 0xffffffff broadcast
>> > 193.105.105.133
>> >         inet6 fe80::e9d:92ff:fe85:f7a%igb0 prefixlen 64 scopeid 0x1
>> >         inet6 2001:14f8:200:4::4 prefixlen 64
>> >         inet6 2001:14f8:200:4::5 prefixlen 64
>
> I am not sure if this well help you to understand the IPv6 range
> of addresses, but the two above short form numbers are in long form:
> 2001:14f8:0200:0004:  0000:0000:0000:0004
> 2001:14f8:0200:0004:  0000:0000:0000:0005
>
> I have inserted the space to show you the break at "prefixlen 64, aka /64".
> You actaully have the lower 64 bits to play with other than the 2 that
> have been setup, one being your IP address, and the other being your
> default
> router on this segment.
>
>> >         media: Ethernet autoselect (1000baseT <full-duplex>)
>> >         status: active
>> >         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>> >
>> > --
>> > pi at opsec.eu            +49 171 3101372                    One year to go
>> > !
>
> --
> Rod Grimes
> rgrimes at freebsd.org
>

More information about the freebsd-pf mailing list