IPv6 prefix delegation over a freebsd router that sits between internet router and local network
Jon Radel
jon at radel.com
Wed Jul 8 20:46:17 UTC 2015
On 7/8/15 2:38 PM, Matthias Fechner wrote:
> I'm using an internet connection from mnet (a German internet provider).
>
> The fritzbox 7490 will get an /56 IPv6 prefix that changes every 24 hours.
Yuck, that doesn't exactly seem to be in keeping with the spirit of
IPv6. Out of complete curiosity, rather than of any utility in solving
your problem (unless you convince them to stop doing that and give you a
permanent /56), do they say why they won't give you permanent
addresses? I'd hazard a guess that either they don't know what they're
doing and/or they're deliberately crippling things in order to encourage
you to pay for a higher tier of service......
>
> Behind the fritzbox I have a FreeBSD router with two network interfaces.
>
> Internet
> |
> Fritzbox 7490 internet interface
> Fritzbox 7490 local interface
|
in a normal IPv6 network you'd want a /64 here; right now the FreeBSD
box is likely learning either the /56 or a /64 in it via Router
Advertisements (RAs) from the Fritzbox. "ifconfig re0" would tell you
which.
|
> |
> Freebsd interface re0
> Freebsd interface em0
|
and in a normal network (if routing) you'd want a different /64 here;
right now it looks like you have only the Link-Local addresses on this
segment, which FreeBSD will quite correctly refuse to route to the Internet
|
> |
> Internal lan
>
> The network interface in the fritzbox is configured to forward the prefix.
> If I check the interfaces the re0 (interface to fritzbox) is getting an
> ipv6 address and I can ping6 from the freebsd machine without problems.
Good.
>
> But if I try to to ping from a computer in "Internal lan" it fails.
> The internal pc resolves the hostname to ipv6 adress
Presumably using IPv4 for name resolution.....unless you're running a
resolver on the FreeBSD box. Or I'm very confused.
> but the freebsd
> machine shows in /var/log/messages:
> Jul 8 20:33:01 server kernel: cannot forward src
> fe80:1::88d:dbdc:2c49:ac3a, dst <target-ipv6-address-i-ping>, nxt 58,
> rcvif em0, outif re0
FE80::/10, Link Local, addresses are good only in a single collision
domain and can't be routed. So if the second device on the internal LAN
has only that address, this is as it should be.
Things I'd consider:
1) Use the FreeBSD box as a bridge instead of a router and let the
Fritzbox hand out addresses to the internal LAN using RA/SLAAC, DHCPv6
or whatever it's actually doing.
2) Have a chat with your ISP
3) Build some horrible kludge to assign a /64 out of the /56 to the em0
interface every time the ISP changes the /56...
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3890 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150708/fdf53018/attachment.bin>
More information about the freebsd-questions
mailing list