On 2011/10/03 23:04, Scott Francis wrote:
> http://www.openbsd.org/faq/faq6.html#Setup.if
>
> in the ifconfig(8) output, fxp0 has no inet address (only inet6), but the
> following paragraph asserts that it does (10.0.0.38).
>
> (apologies for lack of diff; no access to CLI at the moment).
>
> cheers,
> /sf
>
I started working on a diff for this page, updating a few things for
more recent OS and adding a little sprinkling of v6, but haven't
got round to finishing it..starting point if anyone wants to pick it
up :)
Index: faq6.html
===================================================================
RCS file: /cvs/www/faq/faq6.html,v
retrieving revision 1.295
diff -u -p -r1.295 faq6.html
--- faq6.html 28 Jun 2011 08:33:48 -0000 1.295
+++ faq6.html 4 Oct 2011 15:31:38 -0000
@@ -161,6 +161,7 @@ fxp0: flags=8843<UP,BROADCAST,RUNNING
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
+ inet 10.0.0.38 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::204:acff:fedd:396a%fxp0 prefixlen 64 scopeid 0x1
enc0: flags=0<>
priority: 0
@@ -242,18 +243,20 @@ man page.
You will need to read this for less trivial configurations.
<p>
-A typical interface configuration file, configured for an IPv4 address,
-would look like this:
+A typical interface configuration file, configured for IPv4 and
+IPv6 addresses, would look like this:
<blockquote><pre>
$ <b>cat /etc/hostname.fxp0</b>
inet 10.0.0.38 255.255.255.0 NONE
+inet6 2001:db8::51
</pre></blockquote>
<p>
In this case, we have defined an IPv4 (inet) address, with an IP address of
10.0.0.38, a subnet mask of 255.255.255.0 and no specific broadcast address
-(which will default to 10.0.0.255 in this case).
+(which will default to 10.0.0.255 in this case), and an IPv6 (inet6) address,
+with an IP address of 2001:db8::51 (using the default prefix length, 64 bits).
<p>
You could also specify media types for Ethernet, say, if you wanted to
@@ -284,17 +287,18 @@ inet 172.21.0.31 255.255.255.0 NONE vlan
Put the IP of your gateway in the file <i>
<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=mygate&sektion=5";>/etc/mygate</a></i>.
This will allow for your gateway to be set upon boot.
-This file consists of one line, with just the address of this machine's
-gateway address:
+This file consists of one or two lines, with the IPv4 and/or IPv6
+address of this machine's gateway:
<blockquote><pre>
10.0.0.1
+2001:db8::1
</pre></blockquote>
-It is possible to use a symbolic name there, but be careful: you can't
-assume things like the resolver are fully configured or even reachable
-until AFTER the default gateway is configured.
-In other words, it had better be an IP address or something that is
+It is possible to use symbolic names here, but be careful: you can't
+assume that the resolver is available until AFTER the default gateway has
+been configured.
+In other words, it should either be an IP address or something that is
defined in the <i>/etc/hosts</i> file.
<p>
@@ -308,13 +312,14 @@ Here is an example of a <i>/etc/resolv.c
search example.com
nameserver 125.2.3.4
nameserver 125.2.3.5
+nameserver 2620:0:ccc::2
lookup file bind
</pre></blockquote>
In this case, the default domain name will be <tt>example.com</tt>,
-there are two DNS resolvers, <tt>125.2.3.4</tt> and <tt>125.2.3.5</tt>
-specified, and the <i>/etc/hosts</i> file will be consulted before the
-DNS resolvers are.
+three DNS resolvers (<tt>125.2.3.4</tt>, <tt>125.2.3.5</tt> and
+<tt>2620:0:ccc::2</tt>) are specified, and the <i>/etc/hosts</i>
+file will be consulted before the DNS resolvers.
<p>
As with virtually all Unix (and many non-Unix) systems, there is an
@@ -381,40 +386,27 @@ available, so the configuration will fai
You can check your routes via
<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1";>netstat(1)</a>
or <a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8";>route(8)</a>.
-If you are having routing problems, you may want to use the -n flag to
-route(8) which prints the IP addresses rather than doing a DNS lookup
-and displaying the hostname. Here is an example of viewing your routing
-tables using both programs.
+Here is an example of viewing routing tables; the -n flag is used
+which prints IP addresses rather than doing a DNS lookup and displaying
+the hostname.
<blockquote><pre>
$ <b>netstat -rn</b>
Routing tables
Internet:
-Destination Gateway Flags Refs Use Mtu Interface
-default 10.0.0.1 UGS 0 86 - fxp0
-127/8 127.0.0.1 UGRS 0 0 - lo0
-127.0.0.1 127.0.0.1 UH 0 0 - lo0
-10.0.0/24 link#1 UC 0 0 - fxp0
-10.0.0.1 aa:0:4:0:81:d UHL 1 0 - fxp0
-10.0.0.38 127.0.0.1 UGHS 0 0 - lo0
-224/4 127.0.0.1 URS 0 0 - lo0
-
-Encap:
-Source Port Destination Port Proto SA(Address/SPI/Proto)
-
-$ <b>route show</b>
-Routing tables
-
-Internet:
-Destination Gateway Flags
-default 10.0.0.1 UG
-127.0.0.0 LOCALHOST UG
-localhost LOCALHOST UH
-10.0.0.0 link#1 U
-10.0.0.1 aa:0:4:0:81:d UH
-10.0.0.38 LOCALHOST UGH
-BASE-ADDRESS.MCA LOCALHOST U
+Destination Gateway Flags Refs Use Mtu Prio Iface
+default 10.0.0.1 UGS 0 86 - 8 fxp0
+127/8 127.0.0.1 UGRS 0 0 33200 8 lo0
+127.0.0.1 127.0.0.1 UH 3 2300 33200 4 lo0
+10.0.0/24 link#1 UC 0 0 - 4 fxp0
+10.0.0.1 aa:0:4:0:81:d UHL 1 0 - 4 fxp0
+10.0.0.38 127.0.0.1 UHLc 0 1845 - 4 lo0
+224/4 127.0.0.1 URS 0 0 33160 8 lo0
+
+Internet6:
+Destination Gateway Flags Refs
Use Mtu Prio Iface
+...<!-- XXX fill in -->
</pre></blockquote>
<p>
@@ -963,14 +955,15 @@ mode, it is possible to enable this and
packets to a machine running PPPoE software (see below).
<p>
-The main software interface to PPPoE/PPPoA on OpenBSD is
-<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppoe&sektion=8";>pppoe(8)</a>,
-which is a userland implementation (in much the same way that we described
+The usual software interface to PPPoE on OpenBSD is the kernel
+implementation,
+<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppoe&sektion=4";>pppoe(4)</a>.
+Alternatively
+<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppoe&sektion=8";>pppoe(8)</a>
+is also available, this is a userland implementation (in much the same way
+that we described
<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8";>ppp(8)</a>,
above).
-A kernel PPPoE implementation,
-<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppoe&sektion=4";>pppoe(4)</a>,
-has been incorporated into OpenBSD.
<p>
<h3>PPTP</h3>
@@ -1403,13 +1396,12 @@ pass out quick on ep0 all
block in on fxp0 all
block out on fxp0 all
-pass in quick on fxp0 proto tcp from any to any port {22, 80} \
- flags S/SA keep state
+pass in quick on fxp0 proto tcp to port {22, 80}
</pre></blockquote>
<p>
Note that this rule set will prevent anything but incoming HTTP and SSH
-traffic from reaching either the bridge machine or any of the other
+traffic from reaching either the bridge machine or any of the other
nodes "behind" it. Other results could be had by filtering the other
interface.
@@ -1964,7 +1956,7 @@ Aironet Communications 4500/4800.
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=ath&sektion=4";>ath(4)</a>
driver for Atheros 802.11a/b/g. <sup>(AP)</sup>
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=athn&sektion=4";>athn(4)</a>
-driver for Atheros 80211/a/g/n devices.
+driver for Atheros 80211/a/g/n devices. <sup>(AP)</sup>
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=atu&sektion=4";>atu(4)</a>
Atmel AT76C50x USB 802.11b
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=atw&sektion=4";>atw(4)</a>
@@ -1972,7 +1964,7 @@ ADMtek ADM8211.
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=awi&sektion=4";>awi(4)</a>
AMD 802.11 PCnet Mobile.
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwi&sektion=4";>bwi(4)</a>
-Broadcom AirForce 802.11b/g
+Broadcom AirForce 802.11b/g <sup>(NFF)</sup>
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=cnw&sektion=4";>cnwi(4)</a>
Xircom CreditCard Netwave
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipw&sektion=4";>ipw(4)</a>
@@ -1982,9 +1974,9 @@ Intel PRO/Wireless 2200BG/2225BG/2915ABG
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=iwn&sektion=4";>iwn(4)</a>
Intel WiFi Link 4965/5100/5300 802.11a/b/g/Draft-N wireless.
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=malo&sektion=4";>malo(4)</a>
-Marvell Libertas 802.11b/g
+Marvell Libertas 802.11b/g <sup>(NFF)</sup>
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=pgt&sektion=4";>pgt(4)</a>
-Conexant/Intersil Prism GT Full-MAC 802.11a/b/g
+Conexant/Intersil Prism GT Full-MAC 802.11a/b/g <sup>(NFF)</sup>
<li><a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=ral&sektion=4";>ral(4)</a>
and <a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=ural&sektion=4";>ural(4)</a>
[USB]
Ralink Technology RT25x0 802.11a/b/g. <sup>(AP)</sup>
@@ -2071,15 +2063,28 @@ The <tt>-mpath</tt> argument is used whe
Verify the routes:
<blockquote><pre>
-# <b>netstat -rnf inet | grep default</b>
-default 10.130.128.1 UGS 2 134 - fxp1
-default 10.132.0.1 UGS 0 172 - fxp2
+# <b>netstat -rnf inet | grep -e default -e Dest</b>
+Destination Gateway Flags Refs Use Mtu Prio Iface
+default 10.130.128.1 UGS 2 134 - 8 fxp1
+default 10.132.0.1 UGS 0 172 - 8 fxp2
</pre></blockquote>
<p>
In this example we can see that one default route points to 10.130.128.1
which is accessible via the fxp1 interface, and the other points
to 10.132.0.1 which is accessible via fxp2.
+In this case both routes are using the default priority 8.
+If you would like to use a route as a lower-priority backup
+without load-balancing, you can adjust as follows:
+
+<blockquote><pre>
+# <b>route delete -mpath default 10.132.0.1</b>
+# <b>route add -mpath -priority 10 default 10.132.0.1</b>
+# <b>netstat -rnf inet | grep -e default -e Dest</b>
+Destination Gateway Flags Refs Use Mtu Prio Iface
+default 10.130.128.1 UGS 2 134 - 8 fxp1
+default 10.132.0.1 UGS 0 172 - 10 fxp2
+</pre></blockquote>
<p>
Since the
@@ -2139,14 +2144,20 @@ For more information about how the route
Equal-Cost Multi-Path Algorithm".
<p>
-It's worth noting that if an interface used by a multipath route goes
-down (i.e., loses carrier), the kernel will still try to
-forward packets using the route that points to that interface.
+Link status is detected, so if an interface loses carrier it
+will no longer be used, however if the interface stays up
+but the router cannot forward packets (for example, a
+failed ADSL or leased line connection) the kernel will still try
+to forward packets using the route that points to that interface.
This traffic will of course be blackholed and end up going nowhere.
It's highly recommended to use
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8";
+>relayd(8)</a>
+<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd.conf&sektion=5#ROUTERS";>
+routers</a> to check for unavailable interfaces and adjust the
+routing table accordingly.
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifstated&sektion=8";
->ifstated(8)</a> to check for unavailable interfaces and adjust the routing
-table accordingly.
+>ifstated(8)</a> may also be useful in some cases.
<p>
