FreeBSD does not reply to IPv6 Neighbor Solicitations
Michael Sierchio
kudzu at tenebras.com
Mon Jan 4 03:42:03 UTC 2021
On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov <vas at sibptus.ru> wrote:
> > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > Neighbor Solicitations from the router?
>
> Any ideas please?
>
>
Are you permitting the required udp and icmp? These could be tighter, but
################################################################################
# dhcp / bootp
$FW add 00128 allow udp from any 67,68,546,547 to any 67,68,546,547
################################################################################
# Neighbor Discovery Protocol
$FW add 00129 allow ipv6-icmp from any to any icmp6types 133,134,135,136,137
The method I have found to be reliable is to use dhcp6c, which requires the
pkg 'dhcp6'
So for a FreeBSD host in ec2, for example:
ifconfig_eth0="SYNCDHCP"
ipv6_activate_all_interfaces="YES"
ifconfig_eth0_ipv6="inet6 accept_rtadv up"
dhcp6c_enable="YES"
dhcp6c_interfaces="eth0"
and /usr/local/etc/dhcp6c.conf is simple
interface eth0 {
send ia-na 1;
send rapid-commit;
};
id-assoc na 1 {
};
For a more complicated example, I have a firewall that gets its addresses
from my cable company:
ipv6_gateway_enable="YES"
ipv6_activate_all_interfaces="YES"
rtadvd_enable="YES"
rtadvd_interfaces="eth1 eth2"
dhcp6c_enable="YES"
dhcp6c_interfaces="eth0"
ipv6_default_interface="eth1"
and
interface eth0 {
send ia-na 1;
send ia-pd 1;
send rapid-commit;
};
id-assoc pd 1 {
prefix ::/64 1800;
prefix-interface eth1 {
sla-id 0;
sla-len 0;
};
prefix-interface eth2 {
sla-id 1;
sla-len 0;
};
};
id-assoc na 1 { };
--
"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-questions
mailing list