trouble setting up ipv6

Ernie Luzar luzar722 at
Fri Jul 10 17:22:06 UTC 2020

Jon Radel wrote:
> On 7/10/20 11:43, Ernie Luzar wrote:
>> ping6 -c 1
>> responds with this
>> ping6: UDP connect: No route to host
>> Any idea why?
> Leading guess around these parts would be that you don't have IPv6
> configured properly.  Does it work for anything? 
> To narrow it down a bit to something useful, why don't you do the usual
> steps, such as sharing your network configuration and current IPv6
> routing table, the results of pinging your IPv6 gateway, etc., etc.


ifconfig_vtnet0_ipv6="inet6 accept_rtadv"

:/etc#ifconfig -a
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
         ether f2:3c:92:bc:54:37
         inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1
         inet6 2600:3c02::f03c:92ff:febc:5437 prefixlen 64 autoconf
         inet netmask 0xffffff00 broadcast xx.x.xx.xx
         media: Ethernet 10Gbase-T <full-duplex>
         status: active

:/etc#netstat -nr6
Routing tables

Destination                       Gateway         Flags     Netif Expire
::/96                             ::1              UGRS      lo0
::1                               link#2           UH        lo0
::ffff:                 ::1              UGRS      lo0
2600:3c02::/64                    link#1           U         vtnet0
2600:3c02::f03c:92ff:febc:1       link#3           UHS       lo0
2600:3c02::f03c:92ff:febc:5437    link#1           UHS       lo0
fe80::/10                         ::1              UGRS      lo0
fe80::%vtnet0/64                  link#1           U         vtnet0
fe80::f03c:92ff:febc:5437%vtnet0  link#1           UHS       lo0
fe80::%lo0/64                     link#2           U         lo0
fe80::1%lo0                       link#2           UHS       lo0
fe80::%epair0a/64                 link#4           U         epair0a
fe80::ad:7fff:fe8d:820a%epair0a   link             UHS       lo0
fe80::%epair1a/64                 link#5           U         epair1a
fe80::c0:11ff:fee6:990a%epair1a   link#5           UHS       lo0
ff02::/16                         ::1              UGRS      lo0


# There is fixed bug about ipv6 and keep state not working together
# This fixed bug is not included in 12.1.
# No rules with ipv6 and keep state allowed at this time.

pass out quick inet6 proto icmp6 from any to any

# Allow out access to my ISP's Domain name server (dns).
# Get the IP addresses from /etc/resolv.conf file
pass out quick on vtnet0 proto tcp from any to any port = 53 flags S 
keep state
pass out quick on vtnet0 proto udp from any to any port = 53 keep state

# Allow access to ISP's specified DHCP server
pass out quick on vtnet0 proto udp from any to any port = 67 keep state

# Allow out all pings (icmp) to public Internet
pass out quick on vtnet0 proto icmp from any to any keep state

# Block and log everything that's trying to get out.
# This rule enforces the block all by default logic.
block out log quick on vtnet0 all

# allow in ISP dhcp traffic
pass in quick on vtnet0 proto udp from any to any port = 67 keep state

# pass in ipv6 pings. no ipv6 with keep state option allowed
pass in log quick proto icmp6 all

# Block and log all remaining traffic coming into the firewall.
# This rule enforces the block all by default logic.
block in log quick on vtnet0 all

Anything else you want to see post the commands to use.

