Re: IPv6 && getaddrinfo(3C)

[Matthias Apitz]

El día Thursday, July 12, 2012 a las 09:01:50PM -0500, Robert Bonomi escribió:

> > >  req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST; 
> > >  req.ai_family = AF_INET6;/* Same as AF_INET6. */ 
> 
> Isn't the setting of 'req.ai_family', above, going to guarantee that
> something that "looks like"  an IPv4 address will not be considered valid?
> 
> After all, what *POSSIBLE* _IPv6_info_ is there about an IPv4 address?
> 
> Per the manpage example, try PF_UNSPEC.

With PF_UNSPEC it works fine now, thanks for the hint; I'm attaching the
code for the client and as well one for a server creating LISTEN on IPv6
and IPv4 at the same time and handling the connections on both ports;

HIH

matthias


/* IPv6 client code using getaddrinfo */

#include 
#include 
#include 
#include 
#include 
#include 
#include 


main(int argc, char **argv)
{

struct addrinfo req, *ans;
int code, s, n;
char buf[1024];

memset(&req, 0, sizeof(req));
req.ai_flags = 0;   /* may be restricted to 
AI_ADDRCONFIG|AI_NUMERICHOST|... */
/* req.ai_family = AF_INET6;/* validates only AF_INET6 */
/* req.ai_family = AF_INET; /* validates only AF_INET, i.e. IPv4 */
req.ai_family = PF_UNSPEC;  /* validates IPv4 and IPv6. */
req.ai_socktype = SOCK_STREAM;

/* Use protocol TCP */

req.ai_protocol = IPPROTO_TCP;  /* 0: any, IPPROTO_UDP: UDP */

printf("host: %s\n", argv[1]);
if ((code = getaddrinfo(argv[1], "ssh", &req, &ans)) != 0) {
fprintf(stderr, "ssh: getaddrinfo failed code %d: %s\n", code, 
gai_strerror(code));
exit(1);
}
 
/* 'ans' must contain at least one addrinfo, use the first */ 

s = socket(ans->ai_family, ans->ai_socktype, ans->ai_protocol);
if (s < 0) {
perror("ssh: socket");
exit(3);
}

/* Connect does the bind for us */

if (connect(s, ans->ai_addr, ans->ai_addrlen) < 0) {
perror("ssh: connect");
exit(5);
}

/* just for test: read in SSH' good morning message */

n = read(s, buf, 1024);
printf ("read: %s", buf);

/*
 Free answers after use
 */ 
freeaddrinfo(ans);

exit(0);
}





/* IPv6 server code using getaddrinfo */

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#include 


void doit()
{
printf("child forked end ended\n");
}

main(int argc, char **argv)
{
struct sockaddr_in6 from;
struct addrinfo req, *ans, *ans2;
intcode, sockFd1, sockFd2, len;

/* Set ai_flags to AI_PASSIVE to indicate that return addres s is 
suitable for bind() */

memset(&req, 0, sizeof(req));
req.ai_flags = AI_PASSIVE;
req.ai_family = PF_UNSPEC;  /* IPv6+IPv4: PF_UNSPEC, IPv4: 
PF_INET */
req.ai_socktype = SOCK_STREAM;
req.ai_protocol = IPPROTO_TCP;

#define SLNP "3025"

if ((code = getaddrinfo(NULL, SLNP, &req, &ans)) != 0) {
fprintf(stderr, "SLNP (%s): getaddrinfo failed code %d: %s\n", 
SLNP, code, gai_strerror(code));
exit(1);
}

/* 'ans' must contain at least one addrinfo and we use the first. */
/* it seems(!) that 1st one is the IPv6 when we use PF_UNSPEC */

if( (sockFd1 = socket(ans->ai_family, ans->ai_socktype, 
ans->ai_protocol)) < 0) {
perror("socket");
exit(-1);
}

if (bind(sockFd1, ans->ai_addr, ans->ai_addrlen) < 0) {
perror("bind");
close(sockFd1);
exit(-1);
}

/* create the 1st LISTEN */

printf("1st (IPv6) LISTEN...\n");
listen(sockFd1, 5);

/* if there is a 2nd addrinfo provided by getaddrinfo(3C) and we will 
create 2nd socket... */

ans2 = NULL;
if( ans->ai_next != NULL )
ans2 = ans->ai_next;

sockFd2 = -1;   /* set to -1 to be used as this in poll, see below 
*/
if( ans2 != NULL ) {
if( (sockFd2 = socket(ans2->ai_family, ans2->ai_socktype, 
ans2->ai_protocol)) < 0) {
perror("socket");
exit(-1);
}
if (bind(sockFd2, ans2->ai_addr, ans2->ai_addrlen) < 0) {
perror("bind");
close(sockFd2);
exit(-1);
}
printf("2nd (IPv4) LISTEN...\n");
listen(sockFd2, 5);
}


for (;;) {
int newsockFd, len = sizeof(from), readyFd, polled;
struct pollfd fds[2];

/* we poll both fds for events and accept the one which is 
ready */

fds[0].fd = sockFd1;
fds[0].events = POLLIN | POLLPRI;
fds[0].revent

Re: IPv6 && getaddrinfo(3C)

[Robert Bonomi]

> From: Doug Hardie 
> Date: Thu, 12 Jul 2012 14:21:38 -0700
> Subject: Re: IPv6 && getaddrinfo(3C)
>
> On 12 July 2012, at 07:24, Matthias Apitz wrote:
>
> > Hello,
> >
> > I'm playing around with IPv6 code on a FreeBSD 9 system and can't get 
> > getaddrinfo(3C) to do what it should do as stated in its man page: 
> > accept an IPv6 and IPv4 IP addr, it only works with the IPv6 form:
> >
> > $ ./a.out ::1
> > host: ::1 read: SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
> > $ ./a.out 127.0.0.1
> > host: 127.0.0.1 ssh: getaddrinfo failed code 8: hostname nor servname 
> > provided, or not known
> > $ telnet 127.0.0.1 22
> > Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 
> > SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
> >
> > the used C-code is attached below; what I'm doing wrong in the code?
> >
> > Thanks
> >
> >  matthias
> >
> > /* IPv6 client code using getaddrinfo */
> >
> > #include 
> > #include 
> > #include 
> > #include 
> > #include 
> > #include 
> > #include 
> >
> >
> > main(argc, argv)/* client side */
> >  intargc; char   *argv[];
> > {
> >
> >  struct addrinforeq, *ans; int  code, s, n; char buf[1024];
> >
> >  memset(&req, 0, sizeof(req));
> >  req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST; 
> >  req.ai_family = AF_INET6;  /* Same as AF_INET6. */ 

Isn't the setting of 'req.ai_family', above, going to guarantee that
something that "looks like"  an IPv4 address will not be considered valid?

After all, what *POSSIBLE* _IPv6_info_ is there about an IPv4 address?

Per the manpage example, try PF_UNSPEC.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 && getaddrinfo(3C)

[Doug Hardie]

On 12 July 2012, at 07:24, Matthias Apitz wrote:

> 
> Hello,
> 
> I'm playing around with IPv6 code on a FreeBSD 9 system and can't get
> getaddrinfo(3C) to do what it should do as stated in its man page:
> accept an IPv6 and IPv4 IP addr, it only works with the IPv6 form:
> 
> $ ./a.out ::1
> host: ::1
> read: SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
> $ ./a.out 127.0.0.1
> host: 127.0.0.1
> ssh: getaddrinfo failed code 8: hostname nor servname provided, or not known
> $ telnet 127.0.0.1 22
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
> 
> the used C-code is attached below; what I'm doing wrong in the code?
> 
> Thanks
> 
>   matthias
> 
> /* IPv6 client code using getaddrinfo */
> 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> 
> 
> main(argc, argv)  /* client side */
>   int argc;
>   char   *argv[];
> {
> 
>   struct addrinfo req, *ans;
>   int code, s, n;
>   char buf[1024];
> 
>   memset(&req, 0, sizeof(req));
>   req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST;
>   req.ai_family = AF_INET6;   /* Same as AF_INET6. */
>   req.ai_socktype = SOCK_STREAM;
> 
>   /* */
>   /* Use default protocol (in this case tcp) */
>   /* */
> 
>   req.ai_protocol = 0;
> 
>   printf("host: %s\n", argv[1]);
>   if ((code = getaddrinfo(argv[1], "ssh", &req, &ans)) != 0) {
>   fprintf(stderr, "ssh: getaddrinfo failed code %d: %s\n", code, 
> gai_strerror(code));
>   exit(1);
>   }
>
>
>   /* */
>   /* ans must contain at least one addrinfo, use */
>   /* the first.  */
>   /* */ 
>   
>   s = socket(ans->ai_family, ans->ai_socktype, ans->ai_protocol);
>   if (s < 0) {
>   perror("ssh: socket");
>   exit(3);
>   }
> 
>   /* Connect does the bind for us */
>   
>   if (connect(s, ans->ai_addr, ans->ai_addrlen) < 0) {
>   perror("ssh: connect");
>   exit(5);
>   }
> 
>   n = read(s, buf, 1024);
>   printf ("read: %s", buf);
>   
>   /* */
>   /* Free answers after use */
>   /* */ 
>   freeaddrinfo(ans);
> 
>   exit(0);
> }
> 
>  

I won't claim to be an expert on this, but I have used getaddrinfo successfully 
in servers.  The only thing I see that might be an issue is the use of zero for 
ai_protocol.  The comment in the man page implies that value is for servers and 
not clients.  I suspect you have to set the specific protocol you want.  You 
haven't included AI_PASSIVE so I suspect its expecting you to use the address 
to contact a server.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 default-route - gone

[John]

On 03/04/2012 18:40, Ewald Jenisch wrote:
> Hi,
> 
> After installing a new machine under FreeBSD9 I discovered that the
> IPv6-configuration I had in place with FreeBSD8 does no longer work.
> 
> Here's what I've got in /etc/rc.conf:
> ipv6_enable="YES"
> ipv6_ifconfig_em0="2001:76c:2218:2009::11/64"
> ipv6_defaultrouter="2001:76c:2218:2009::1"
> 
> The interface address correctly shows up under "ifconfig" however the
> default route doesn't seem to be installed, so I'm basically cut off
> the Internet in terms of IPv6.
> 
> Please note that the above config has worked unser FreeBSD8 - in fact
> I've got a couple of boxes under FreeBSD8 with this exact same config.
> 
> Has the IPv6-related config changed from FBSD 8 -> FBSD 9?
> 
> Thanks much in advance for any help,
> -ewald

Hi,

Yeah it's changed in 9. Here's what I have, for autoconfig use with a
tunnel:

ipv6_network_interfaces="re0"
ifconfig_re0_ipv6="inet6 accept_rtadv"
ip6addrctl_policy="ipv6_prefer"

...and it works

For static I'd have:

#ipv6_network_interfaces="re0"
#ifconfig_re0_ipv6="my_end_of_tunnel_ipv6_ip prefixlen 64"
#ipv6_defaultrouter="their_end_of_tunnel_ipv6_ip"
#ip6addrctl_policy="ipv6_prefer"

but I've not tried it static yet.
-- 
freebsd at growveg dot net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 VM

[Robert Boyer]

Oh also if you would like to relay smtp mail give me a shout right now it's 
restricted to the IPv6 64 blog that the machine manages - heck if you want an 
IPv6 address I could give you one and it SHOULD work anywhere you are connected 
as long as your IP can deal with IPv6

RB

On Jan 27, 2012, at 10:45 AM, Steve Bertrand wrote:

> On 2012.01.26 23:12, Robert Boyer wrote:
>> just an FYI - that VM that you logged into tonight now has verified access 
>> via IPv6 from anywhere, is serving up the /64 block to my local devices vi 
>> route adverts, has route6d running and appears to work locally (resolves 
>> IPv6 name servers from other local machines via dig) nginx is now listing 
>> and serving pages via IPv6, and "should" also work have a working IPv6 email 
>> server (not tested yet). Shouldn't be a big deal bringing up named and dhcp6 
>> if you want to do that.
> 
> Thanks Robert!
> 
> Is there any chance that I could get some sudo access to be able to install 
> things globally, and if necessary, make certain global config changes?
> 
> I'll be happy to set you up a v6 email server if you wish. Nice to see others 
> interested and knowlegeable about v6. I have about five years experience. I 
> was the 17th entity in Canada to have a v6 prefix advertised into the global 
> IPv6 routing table, and the 1132nd globally :)
> 
> Steve

Re: IPv6 VM

[Robert Boyer]

IPv6 fully operational - named/bind9 resolving all dns and works fine for IPv6 
only hosts…. ipcloud.ws is IPv6 only to the external internet and works fine 
via www, ssh, smtp mail, etc as long as you are on another IPv6 capable host. 
Pretty nice. I am glad you brought this up. If you need a database I will stick 
one on there for you or choose your own.

Now moving on to local dhcp serving up IPv6 only stuff - I like how you can 
delegate dhcp services amongst various dhcpd's in v6 very cool.

RB


Ps. anyone else that wants to mess around is welcome to grab a shell account 
just hit me via email or this list…


On Jan 26, 2012, at 4:03 PM, Robert Boyer wrote:

> I can probably arrange for a tunneled v6 address - should be the same thing 
> at the end of the day…. how much time/mem you need?
> 
> RB
> 
> On Jan 26, 2012, at 2:10 PM, Steve Bertrand wrote:
> 
>> Hi all!
>> 
>> I've been away for some time, but I'm now getting back into the full swing 
>> of things.
>> 
>> I'm wondering if there is anyone out there who can let me temporarily borrow 
>> a CLI-only clean install FBSD virtual machine with a publicly facing IPv4 
>> and native IPv6 address. It will be extremely low bandwidth (almost none at 
>> all) for testing some v6 DNS software and other v6 statistical programs I'm 
>> writing.
>> 
>> Please contact off list.
>> 
>> Thanks!
>> 
>> Steve
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
> 

Re: IPv6 VM

[Steve Bertrand]

On 2012.01.26 16:03, Robert Boyer wrote:

I can probably arrange for a tunneled v6 address - should be the same thing at 
the end of the day…. how much time/mem you need?


Thanks Robert,

As far as time/mem, I'm not all too sure as it has been some time since 
I've run anything virtualized, so anything deemed standard, even minimum 
requirements is perfect.


Regarding a v6 tunnel, I have a couple tunnel accounts (both end-user 
and BGP peering) over at he.net. One of the individual ones could be 
easily redirected.


Cheers,

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 VM

[Robert Boyer]

I can probably arrange for a tunneled v6 address - should be the same thing at 
the end of the day…. how much time/mem you need?

RB

On Jan 26, 2012, at 2:10 PM, Steve Bertrand wrote:

> Hi all!
> 
> I've been away for some time, but I'm now getting back into the full swing of 
> things.
> 
> I'm wondering if there is anyone out there who can let me temporarily borrow 
> a CLI-only clean install FBSD virtual machine with a publicly facing IPv4 and 
> native IPv6 address. It will be extremely low bandwidth (almost none at all) 
> for testing some v6 DNS software and other v6 statistical programs I'm 
> writing.
> 
> Please contact off list.
> 
> Thanks!
> 
> Steve
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 in FreeBSD 9

[Marco Beishuizen]

On Sun, 15 Jan 2012, the wise Erik Nørgaard wrote:


Don't use ipv6, but reading above: Did you replace ipv6_enable with
ipv6_activate_all_interfaces? because the error seems to tell you that
you must keep ipv6_enable


I replaced it with the new lines because according to the manpage
ipv6_enable is deprecated. But why shouldn't I use ipv6?


Sorry, meant to say, I don't use ipv6 so I can't do much debugging.


Aaah, :-), perhaps I should have read better.


Or, maybe there was an error with mergemaster? old scripts, new kernel
variables?


I ran mergemaster, but didn't get any error messages. Afaik all scripts
in /etc are new.


OK, in the error messages you posted it seems that some script checks or use 
these variables. Maybe try to run the different networking scripts manually 
and see where it fails.


Thanks for the tip. I'll do some trial and error and dig deeper.

--
Paul's Law:
You can't fall off the floor.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 in FreeBSD 9

[Erik Nørgaard]

On 15/01/2012 21:41, Marco Beishuizen wrote:

On Sun, 15 Jan 2012, the wise Erik Nørgaard wrote:


Don't use ipv6, but reading above: Did you replace ipv6_enable with
ipv6_activate_all_interfaces? because the error seems to tell you that
you must keep ipv6_enable


I replaced it with the new lines because according to the manpage
ipv6_enable is deprecated. But why shouldn't I use ipv6?


Sorry, meant to say, I don't use ipv6 so I can't do much debugging.


Or, maybe there was an error with mergemaster? old scripts, new kernel
variables?


I ran mergemaster, but didn't get any error messages. Afaik all scripts
in /etc are new.


OK, in the error messages you posted it seems that some script checks or 
use these variables. Maybe try to run the different networking scripts 
manually and see where it fails.


BR, Erik

--
M: +34 666 334 818
T: +34 915 211 157
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 in FreeBSD 9

[Marco Beishuizen]

On Sun, 15 Jan 2012, the wise Erik Nørgaard wrote:

Don't use ipv6, but reading above: Did you replace ipv6_enable with 
ipv6_activate_all_interfaces? because the error seems to tell you that you 
must keep ipv6_enable


I replaced it with the new lines because according to the manpage 
ipv6_enable is deprecated. But why shouldn't I use ipv6?


Or, maybe there was an error with mergemaster? old scripts, new kernel 
variables?


I ran mergemaster, but didn't get any error messages. Afaik all scripts in 
/etc are new.


Regards,
Marco

--
Kin, n.:
An affliction of the blood.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 in FreeBSD 9

[Erik Nørgaard]

On 14/01/2012 18:07, Marco Beishuizen wrote:

Hi,

In 8.2 ipv6 was enabled by adding ipv6_enable="YES" in rc.conf, and all
worked fine. In FreeBSD 9 that changed to
ipv6_activate_all_interfaces="YES". But now there are still some error
messages at boot time, and ipv6 doesn't seem to work correctly:

...
root: /etc/rc: WARNING: $ipv6_firewall_enable is not set properly - see
rc.conf(5).
root: /etc/rc: WARNING: $ipv6_enable is not set properly - see rc.conf(5).
...

I do not use a static IP adress, but DHCP. Wat do I need to do more to
enable ipv6?


Don't use ipv6, but reading above: Did you replace ipv6_enable with 
ipv6_activate_all_interfaces? because the error seems to tell you that 
you must keep ipv6_enable


Or, maybe there was an error with mergemaster? old scripts, new kernel 
variables?


BR, Erik

--
M: +34 666 334 818
T: +34 915 211 157
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 in FreeBSD 9

[Marco Beishuizen]

On Sat, 14 Jan 2012, the wise Yuri Pankov wrote:


In 8.2 ipv6 was enabled by adding ipv6_enable="YES" in rc.conf, and all
worked fine. In FreeBSD 9 that changed to
ipv6_activate_all_interfaces="YES". But now there are still some error
messages at boot time, and ipv6 doesn't seem to work correctly:

...
root: /etc/rc: WARNING: $ipv6_firewall_enable is not set properly - see
rc.conf(5).
root: /etc/rc: WARNING: $ipv6_enable is not set
properly - see rc.conf(5).
...

I do not use a static IP adress, but DHCP. Wat do I need to do more
to enable ipv6?


This works for me:

ifconfig_em0_ipv6="inet6 accept_rtadv"
ip6addrctl_policy="ipv6_prefer"

No other IPv6-related settings done anywhere else.


No didn't work. Still the same error messages.

Marco

--
Kamikazes do it once.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 in FreeBSD 9

[Yuri Pankov]

On Sat, Jan 14, 2012 at 06:07:01PM +0100, Marco Beishuizen wrote:
> Hi,
> 
> In 8.2 ipv6 was enabled by adding ipv6_enable="YES" in rc.conf, and all 
> worked fine. In FreeBSD 9 that changed to 
> ipv6_activate_all_interfaces="YES". But now there are still some error 
> messages at boot time, and ipv6 doesn't seem to work correctly:
> 
> ...
> root: /etc/rc: WARNING: $ipv6_firewall_enable is not set properly - see 
> rc.conf(5).
> root: /etc/rc: WARNING: $ipv6_enable is not set 
> properly - see rc.conf(5).
> ...
> 
> I do not use a static IP adress, but DHCP. Wat do I need to do more 
> to enable ipv6?

This works for me:

ifconfig_em0_ipv6="inet6 accept_rtadv"
ip6addrctl_policy="ipv6_prefer"

No other IPv6-related settings done anywhere else.


Yuri
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 spam

[Chris Brennan]

On Sat, May 21, 2011 at 9:28 AM, Robert Simmons  wrote:

I have begun receiving ipv6 spam from this mailing list, and I was
> wondering how to determine who the owner of a particular ipv6 address
> is.


A whois may tell you who the block has been given too (ISP wise) ... that
may start you in the right direction

For example:

I have a valid IPv6 address from my hosting provider (they gets used for IRC
on occasion ..)

NetRange:   2610:1E8:: - 2610:1E8::::::
CIDR:   2610:1E8::/32
OriginAS:   AS14595
NetName:NET-THINKTEL6-1
NetHandle:  NET6-2610-1E8-1
Parent: NET6-2610-1
NetType:Direct Allocation
RegDate:2007-05-04
Updated:2007-05-04
Ref:http://whois.arin.net/rest/net/NET6-2610-1E8-1

As you can see, a whois of that ip reveals the block provided to my hosts
provider, from there you could start asking questions. Spam sent to the
list, I tend to ignore, spam sent to me, I investigate and make go away. I'v
also run a tracert(6) to find a general geographic region of the spam, if
it's origin was reasonably local then I fire e-mails off to those locations
as best I can.

An interesting story here ... I actually knew one of my spammers,
personally, a pseudofriend who always tried to show off to me, he had money
and was always buying gadgets that he had no use for or how to use. When I
figured it out I almost laughed meself stupid. I then took all my proof to
his Mom and it all stopped, all his gadgets mysteriously disappeared from
his house and he stopped calling ... coincidentally, all of that
mysteriously disappeared junk, magically appeared in my bedroom :D

Anywho there are ways, just takes patience and persistence...

-- 
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 problem

[pepe]

On 3.2.2011 17:53, Thomas Sandford wrote:

On 01/02/2011 07:29, pepe wrote:

I have 2001:14b8:10:402::/64 ipv6 from my isp and I cant get it working.
Ifconfig should be ok:
backup# ifconfig rl0 inet6

rl0: flags=8843 metric 0 mtu 1500
options=8
inet6 2001:14b8:10:402:2::1 prefixlen 64


Looks a bit odd - I would expect to see a link-local address too - eg

%ifconfig bge0 inet6
bge0: flags=8843 metric 0 mtu 1500

options=8009b
inet6 fe80::20b:cdff:fef2:9a57%bge0 prefixlen 64 scopeid 0x1
inet6 2001:8b0:cae3:1:20b:cdff:fef2:9a57 prefixlen 64 autoconf


default gateway is set to 2001:14b8:10:402:1::1.


That sounds a slightly odd comment, since in general IPv6 routing is
done with auto-discovery. Especially given the fact that the default
route quoted lies within the same subnet (2001:14b8:10:402:: prefixlen
64) as the host in question.

When I try to traceroute

irc server for example
I get this:

traceroute6: Warning: irc.cc.tut.fi has multiple addresses; using
2001:708:310:4952:4320:5365:7276:6572


I get this message too - because the host irc.cc.tut.fi DOES have
multiple addresses:

%dig irc.cc.tut.fi 

; <<>> DiG 9.6.2-P2 <<>> irc.cc.tut.fi 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24710
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;irc.cc.tut.fi. IN 

;; ANSWER SECTION:
irc.cc.tut.fi. 3134 IN  2001:708:310:4952:4320:5365:7276:6572
irc.cc.tut.fi. 3134 IN  2001:708:310:4952:4320:436c:6965:6e74

;; AUTHORITY SECTION:
cc.tut.fi. 172334 IN NS ns-secondary.funet.fi.
cc.tut.fi. 172334 IN NS kaustinen.cc.tut.fi.
cc.tut.fi. 172334 IN NS ressu.cc.tut.fi.

;; Query time: 0 msec
;; SERVER: 81.187.228.6#53(81.187.228.6)
;; WHEN: Thu Feb 3 15:34:06 2011
;; MSG SIZE rcvd: 164



traceroute6 to irc.cc.tut.fi (2001:708:310:4952:4320:5365:7276:6572) from
2001:14b8:10:402:2::1, 64 hops max, 12 byte packets
1 2001:14b8:10:402:2::1 2026.908 ms !A 2999.587 ms !A 3000.423 ms !A


 From the traceroute6 manpage
!A Destination Unreachable - Address Unreachable.

It also appears that your first hop address is the same as your source
address, which does suggest that routing is more than a little bit screwy.

On my system I get:

%traceroute6 -n irc.cc.tut.fi
traceroute6: Warning: irc.cc.tut.fi has multiple addresses; using
2001:708:310:4952:4320:436c:6965:6e74
traceroute6 to irc.cc.tut.fi (2001:708:310:4952:4320:436c:6965:6e74)
from 2001:8b0:cae3:1:20b:cdff:fef2:9a57, 64 hops max, 12 byte packets
1 2001:8b0:cae3:1:21a:a2ff:fe34:e50b 1.349 ms 0.969 ms 1.011 ms
2 2001:8b0:0:53:203:97ff:fe05:8000 129.118 ms 143.449 ms 119.622 ms
3 2001:7f8:4::50e8:1 132.075 ms 119.009 ms 117.983 ms
4 2001:7f8:4::1b1b:1 123.832 ms 114.424 ms 119.675 ms
5 2001:7f8:4::a2b:1 114.905 ms 119.009 ms 118.030 ms
6 2001:948:1:8::3 134.205 ms 143.579 ms 130.875 ms
7 2001:948:1:2::3 145.068 ms 145.049 ms 156.321 ms
8 2001:948:3:2::3 165.258 ms 171.228 ms 156.591 ms
9 2001:708:0:f000:0:60:3060:2 233.114 ms 163.319 ms 158.668 ms
10 2001:708:310::2 67.252 ms 58.513 ms 59.656 ms
11 2001:708:310:4952:4320:436c:6965:6e74 58.906 ms 58.310 ms 58.045 ms

(I ran it with -n as I think in this case the raw IPv6 addresses are
more informative than the rDNS lookups).


So. Could this be problem in my configs or is this because of something
wrong at the isp side?


It does look as though there is something a little odd with your
configs. It's difficult to be more specific because you've given very
little information.

If things at the router (whether yours or at the isp) are set up
correctly then the single line in /etc/rc.conf

ipv6_enable="YES"

should be sufficient to autoconfigure BOTH ipv6 address and routing
using Router Discovery. This is all that I had to do on the machine I
generated the above config dumps & traces from.

In my case my ISP (AAISP in the UK) have allocated me a /48 2001:8b0:cae3::

Traffic comes to me over a 6to4 tunnel from the ISP terminated on a
Cisco router (though I tested it on a FreeBSD host before I got the 6to4
tunnel set up on the router). The LAN side interface of the router has
Router Advertisements enabled which means that the above rc.conf line is
all that is required for everything to "just work".



This one got solved at freebsd-net already with more information about 
my configs and system... It is problem at isp side instead of my configs...

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 problem

[Thomas Sandford]

On 01/02/2011 07:29, pepe wrote:

I have 2001:14b8:10:402::/64 ipv6 from my isp and I cant get it working.
Ifconfig should be ok:
backup# ifconfig rl0 inet6

rl0: flags=8843  metric 0 mtu 1500
 options=8
 inet6 2001:14b8:10:402:2::1 prefixlen 64


Looks a bit odd - I would expect to see a link-local address too - eg

%ifconfig bge0 inet6
bge0: flags=8843 metric 0 mtu 1500

options=8009b
inet6 fe80::20b:cdff:fef2:9a57%bge0 prefixlen 64 scopeid 0x1
inet6 2001:8b0:cae3:1:20b:cdff:fef2:9a57 prefixlen 64 autoconf


default gateway is set to 2001:14b8:10:402:1::1.


That sounds a slightly odd comment, since in general IPv6 routing is 
done with auto-discovery. Especially given the fact that the default 
route quoted lies within the same subnet (2001:14b8:10:402:: prefixlen 
64) as the host in question.


 When I try to traceroute

irc server for example
I get this:

traceroute6: Warning: irc.cc.tut.fi has multiple addresses; using
2001:708:310:4952:4320:5365:7276:6572


I get this message too - because the host irc.cc.tut.fi DOES have 
multiple addresses:


%dig irc.cc.tut.fi 

; <<>> DiG 9.6.2-P2 <<>> irc.cc.tut.fi 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24710
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;irc.cc.tut.fi. IN  

;; ANSWER SECTION:
irc.cc.tut.fi.  3134IN   
2001:708:310:4952:4320:5365:7276:6572
irc.cc.tut.fi.  3134IN   
2001:708:310:4952:4320:436c:6965:6e74


;; AUTHORITY SECTION:
cc.tut.fi.  172334  IN  NS  ns-secondary.funet.fi.
cc.tut.fi.  172334  IN  NS  kaustinen.cc.tut.fi.
cc.tut.fi.  172334  IN  NS  ressu.cc.tut.fi.

;; Query time: 0 msec
;; SERVER: 81.187.228.6#53(81.187.228.6)
;; WHEN: Thu Feb  3 15:34:06 2011
;; MSG SIZE  rcvd: 164



traceroute6 to irc.cc.tut.fi (2001:708:310:4952:4320:5365:7276:6572) from
2001:14b8:10:402:2::1, 64 hops max, 12 byte packets
  1  2001:14b8:10:402:2::1  2026.908 ms !A  2999.587 ms !A  3000.423 ms !A


From the traceroute6 manpage
!A  Destination Unreachable - Address Unreachable.

It also appears that your first hop address is the same as your source 
address, which does suggest that routing is more than a little bit screwy.


On my system I get:

%traceroute6 -n irc.cc.tut.fi
traceroute6: Warning: irc.cc.tut.fi has multiple addresses; using 
2001:708:310:4952:4320:436c:6965:6e74
traceroute6 to irc.cc.tut.fi (2001:708:310:4952:4320:436c:6965:6e74) 
from 2001:8b0:cae3:1:20b:cdff:fef2:9a57, 64 hops max, 12 byte packets

 1  2001:8b0:cae3:1:21a:a2ff:fe34:e50b  1.349 ms  0.969 ms  1.011 ms
 2  2001:8b0:0:53:203:97ff:fe05:8000  129.118 ms  143.449 ms  119.622 ms
 3  2001:7f8:4::50e8:1  132.075 ms  119.009 ms  117.983 ms
 4  2001:7f8:4::1b1b:1  123.832 ms  114.424 ms  119.675 ms
 5  2001:7f8:4::a2b:1  114.905 ms  119.009 ms  118.030 ms
 6  2001:948:1:8::3  134.205 ms  143.579 ms  130.875 ms
 7  2001:948:1:2::3  145.068 ms  145.049 ms  156.321 ms
 8  2001:948:3:2::3  165.258 ms  171.228 ms  156.591 ms
 9  2001:708:0:f000:0:60:3060:2  233.114 ms  163.319 ms  158.668 ms
10  2001:708:310::2  67.252 ms  58.513 ms  59.656 ms
11  2001:708:310:4952:4320:436c:6965:6e74  58.906 ms  58.310 ms  58.045 ms

(I ran it with -n as I think in this case the raw IPv6 addresses are 
more informative than the rDNS lookups).



So. Could this be problem in my configs or is this because of something
wrong at the isp side?


It does look as though there is something a little odd with your 
configs. It's difficult to be more specific because you've given very 
little information.


If things at the router (whether yours or at the isp) are set up 
correctly then the single line in /etc/rc.conf


ipv6_enable="YES"

should be sufficient to autoconfigure BOTH ipv6 address and routing 
using Router Discovery. This is all that I had to do on the machine I 
generated the above config dumps & traces from.


In my case my ISP (AAISP in the UK) have allocated me a /48 2001:8b0:cae3::

Traffic comes to me over a 6to4 tunnel from the ISP terminated on a 
Cisco router (though I tested it on a FreeBSD host before I got the 6to4 
tunnel set up on the router). The LAN side interface of the router has 
Router Advertisements enabled which means that the above rc.conf line is 
all that is required for everything to "just work".


--
Thomas Sandford
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 rtadv on FreeBSD 8.1?

[Neil Long]

Not specifically related but I just worked around an issue with a Dell  
laptop with the xl0 interface which has problems with 8.1.


I was experimenting with a IPv6 setup and used an old PC (big and  
noisy) with the smallest install of 8.1. It worked fine as the tunnel  
server and ipv6 gateway (using rtadvd). I have an old laptop which is  
quieter and smaller and again installed the minimum 8.1 and used the  
same config (with rl0 changed to xl0). It worked fine for its own ipv6  
traffic but another test box failed to get packets routed. After much  
head scratching I gave up on 8.1 and installed 7.3 ( I have all the  
FreeBSD Mall subscriptions going back years) and no more problems with  
xl0. Something changed with 8.1 which xl0 does not like while rl0 or  
re0 interfaces are happy it seems (on the other box). I haven't tried  
any debugging, sorry.


Just thought I would mention it in case someone else has issues :-)

Thanks
Neil

On 30 Jul 2010, at 18:48, Carl Johnson wrote:


I have running versions of 7.3 and 8.0, so I tried experimenting with
8.1 in VirtualBox, but I ran into a couple of problems.  I have an 8.0
system that is running a IPv6 tunnel to sixxs.net, and it is running
rtadvd to act as the gatway for my network.  On the 8.1 system I
enabled IPv6 in rc.conf, but it is not picking up the advertised
address.  I can add it manually, and have put it in rc.local for now,
but it seems it should work automatically as my others do.  I noticed
that the ifconfig output shows a new line that is not in 8.0:
   nd6 options=3

Is there something that has changed in 8.1 that I have to enable, or
is there a problem with 8.1?  IPv6 is working to the extent that it
did assign a link-local address, and I can use that address as long as
I specify the interface.  My configuration is the same, and I didn't
have to enable anything on the others to get the global address
assigned automatically.

Thanks for any advice.
--
Carl Johnsonca...@peak.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org 
"




--
Neil Long, Team Cymru
http://www.cymru.com | +1 630 230 5422 | n...@cymru.com

Re: Gnus issue in FreeBSD (was: Re: IPv6 rtadv on FreeBSD 8.1?)

[Carl Johnson]

ash...@freebsd.org (Ashish SHUKLA) writes:

> Carl Johnson writes:
>
> [...]
>
>
>> Now if I could just figure out why gnus doesn't work right under emacs
>> I could finish migrating from Linux to FreeBSD.
>
> I use same .gnus in both GNU/Linux and FreeBSD and keep the mailboxen on the
> $HOME of both boxen sync-ed with each other, and works great for me.

I posted that in another thread and replied later when I discovered
the problem.  It appears that I had somehow put gnus-agent in offline
mode, so it worked once I realized that and put it back online.

How do you sync the mailboxes together?  That sounds like something
that could be useful for my configuration.  Actually I am trying to
move my old mail from Linux to FreeBSD, but syncing might be an easier
way to handle moving it.

-- 
Carl Johnsonca...@peak.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Gnus issue in FreeBSD (was: Re: IPv6 rtadv on FreeBSD 8.1?)

[Ashish SHUKLA]

Carl Johnson writes:

[...]


> Now if I could just figure out why gnus doesn't work right under emacs
> I could finish migrating from Linux to FreeBSD.

I use same .gnus in both GNU/Linux and FreeBSD and keep the mailboxen on the
$HOME of both boxen sync-ed with each other, and works great for me.

-- 
Ashish SHUKLA  | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
freebsd.org!ashish | http://people.freebsd.org/~ashish/

“If builders built buildings the way programmers wrote programs, then
the first woodpecker that came along would destroy civilization.”
(Weinberg's Second Law)


pgp4sLdZSMtuM.pgp
Description: PGP signature

Re: IPv6 rtadv on FreeBSD 8.1?

[Carl Johnson]

Carl Johnson  writes:

> I have running versions of 7.3 and 8.0, so I tried experimenting with
> 8.1 in VirtualBox, but I ran into a couple of problems.  I have an 8.0
> system that is running a IPv6 tunnel to sixxs.net, and it is running
> rtadvd to act as the gatway for my network.  On the 8.1 system I
> enabled IPv6 in rc.conf, but it is not picking up the advertised
> address.  I can add it manually, and have put it in rc.local for now,
> but it seems it should work automatically as my others do.  I noticed
> that the ifconfig output shows a new line that is not in 8.0:
> nd6 options=3
>
> Is there something that has changed in 8.1 that I have to enable, or
> is there a problem with 8.1?  IPv6 is working to the extent that it
> did assign a link-local address, and I can use that address as long as
> I specify the interface.  My configuration is the same, and I didn't
> have to enable anything on the others to get the global address
> assigned automatically.

This is a followup to note that it does work when I run it on native
hardware instead of under VirtualBox.  My version of VirtualBox is an
old one (2.1.4) running under Linux, so maybe it has some bugs. I had
installed FreeBSD under VirtualBox, but installed to a primary
partition specifically so that I could later boot directly into it.
The odd thing is that I have a similar FreeBSD 7.3 installation which
does work properly under VirtualBox.

Now if I could just figure out why gnus doesn't work right under emacs
I could finish migrating from Linux to FreeBSD.
-- 
Carl Johnsonca...@peak.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 rtadv on FreeBSD 8.1?

[Carl Johnson]

Vincent Hoffman  writes:

> On 30/07/2010 18:48, Carl Johnson wrote:
>> I have running versions of 7.3 and 8.0, so I tried experimenting with
>> 8.1 in VirtualBox, but I ran into a couple of problems.  I have an 8.0
>> system that is running a IPv6 tunnel to sixxs.net, and it is running
>> rtadvd to act as the gatway for my network.  On the 8.1 system I
>> enabled IPv6 in rc.conf, but it is not picking up the advertised
>> address.  I can add it manually, and have put it in rc.local for now,
>> but it seems it should work automatically as my others do.  I noticed
>> that the ifconfig output shows a new line that is not in 8.0:
>> nd6 options=3
>>
>> Is there something that has changed in 8.1 that I have to enable, or
>> is there a problem with 8.1?  IPv6 is working to the extent that it
>> did assign a link-local address, and I can use that address as long as
>> I specify the interface.  My configuration is the same, and I didn't
>> have to enable anything on the others to get the global address
>> assigned automatically.
>>
>> Thanks for any advice.
>>   
> I dont knw if its expected or not but try running
> sysctl net.inet6.ip6.accept_rtadv=1
>
> (to make it persistent  echo "net.inet6.ip6.accept_rtadv=1" >>
> /etc/sysctl.conf )

I had already checked that and it is enabled by default, but thanks
for the suggestion anyways.  It also turns out that I was wrong about
it working with manual configuration.  I forgot that the automatic
configuration sets up the external routing, and I haven't figured out
how to do that manually.  So it works for my internal network, but
nowhere else.
-- 
Carl Johnsonca...@peak.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 rtadv on FreeBSD 8.1?

[Vincent Hoffman]

On 30/07/2010 18:48, Carl Johnson wrote:
> I have running versions of 7.3 and 8.0, so I tried experimenting with
> 8.1 in VirtualBox, but I ran into a couple of problems.  I have an 8.0
> system that is running a IPv6 tunnel to sixxs.net, and it is running
> rtadvd to act as the gatway for my network.  On the 8.1 system I
> enabled IPv6 in rc.conf, but it is not picking up the advertised
> address.  I can add it manually, and have put it in rc.local for now,
> but it seems it should work automatically as my others do.  I noticed
> that the ifconfig output shows a new line that is not in 8.0:
> nd6 options=3
>
> Is there something that has changed in 8.1 that I have to enable, or
> is there a problem with 8.1?  IPv6 is working to the extent that it
> did assign a link-local address, and I can use that address as long as
> I specify the interface.  My configuration is the same, and I didn't
> have to enable anything on the others to get the global address
> assigned automatically.
>
> Thanks for any advice.
>   
I dont knw if its expected or not but try running
sysctl net.inet6.ip6.accept_rtadv=1

(to make it persistent  echo "net.inet6.ip6.accept_rtadv=1" >>
/etc/sysctl.conf )


Vince
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 changes in src/UPDATING

[Matthew Seaman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 25/03/2010 09:17:30, Robert Huff wrote:
> 
>   I am updating a system:
> 
> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009  amd64
> 
>   and failing to understand the (practical) consequences of
> UPDATING entries 20090926 and 20091202.  The system runs ipv6, but
> external connectivity is though a v6-over-v4 tunnel (net/gateway6).
>   rc.conf currently has:
> 
> huff@>>grep v6 /etc/rc.conf
> ipv6_gateway_enable="YES"   # Set to YES if this host will be a gateway.
> ipv6_firewall_enable="YES"  # Set to YES to enable IPv6 firewall
> ipv6_firewall_type="UNKNOWN"# see /etc/rc.firewall6
> ipv6_firewall_script="/etc/ipfw.v6.set" # Which script to run to set up the 
> IPv6 firewall
> ipv6_firewall_flags=""  # see /etc/rc.firewall6
> gateway6_enable="YES"
> 
>Um ... er ... ah ... what needs to change?

None of the above, probably.  As you're using a custom firewall
initialisation script, you don't need to worry about the variables for
controlling the various pre-canned scripts.

The text in UPDATING seems fairly clear to me: for the 20090926 update,
various rc.conf variables prefixed by ipv6 are deprecated in favour of
similar variables *suffixed* by ipv6 -- this is a simple matter of
editing to sort out.

There is also a new overall control knob for turning on or off IPv6
capability entirely.  The new thing here is that it allows you to make
that change per-interface rather than for the whole machine.  Given you
want IPv6 capability on all interfaces, just use ipv6_prefer="YES"

You need to look at the ifconfig_ifX* or ipv6_addrs_ifX variables.
Given that you've said your machine is a router for ipv6, you can't use
rtsol(8), so you should be manually configuring addresses on your
interfaces.  You may not need to make any changes there: even so,
shouldn't be too hard to debug.

For the 20091202 update, again it is pretty much a replacement of
variables with an ipv6 prefix, to ones with an ipv6 suffix.  All the
variables mentioned just detail the local IP addresses and networks, and
let you select which firewall script you want to use.  As it says, the
ipv6 configuration exactly parallels the ipv4 configuration now.

Cheers,

Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkurNroACgkQ8Mjk52CukIwfGwCfWJ6ZGlerqj3yMNrNaqY/SOyp
LIoAn0+dT9Bp3YKnrP6dz9kGV2FZKXUg
=kAQt
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6: rtsol must be run a second time after boot to pick up default route

[Brian Conway]

On Wed, 3 Feb 2010, Brian Conway wrote:


I recently set up an HE.net tunnel using the following guides:

http://www.freebsd.org/doc/handbook/network-ipv6.html

http://www.freebsddiary.org/ipv6.php

FreeBSD 7.2-p5 is used for the router and the host, and it works beautifully, 
except that the host will only pick up the IPv6 prefix on boot and set its IP 
accordingly (local network functions), but will NOT set the default route 
unless I wait up to 10 minutes for the advertisement, or manually run rtsol. 
The same problem happens with OS X 10.6.2, but not with Win7 (and Linux 2.6 
remains untested at this time). The host has no firewall running currently, 
and there's no firewalling between the router and the host.  Running rtsol 
with debugging doesn't show anything out of the ordinary, either during boot 
or after.  Rtadvd is running on the router and my setup is identical to the 
guides other than device name:


$ cat /etc/rtadvd.conf
vr1:\
   :addrs#1:addr="2001:470::::":prefixlen#64:tc=ether:

Any suggestions?  I've tried a few variations of rtadvd.conf without any 
changes in behavior.  I'm inclined to think it's router-related, given the 
issue on multiple OSes, but I suppose it could go either way.  I'd much 
prefer not to add in extra calls of rtsol in /etc/rc.local.  Thanks.


Brian Conway



A few more (unusual) details as follow-up:

- The missing route doesn't happen on Win7 or Linux 2.6 (Debian 5.0/Lenny)
- The missing route still happens on both OS X 10.6.2 and FreeBSD 7.2-p5
- This ONLY happens after a warm reboot.  Neither FreeBSD nor OS X have 
the issue with a cold boot.  The boot-up's rtsol picks up the default 
route immediately.  Weird.


Brian Conway
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 static route.

[Peter Ankerstål]

On Jan 25, 2010, at 6:59 PM, Brian A. Seklecki (CFI NOC) wrote:

> On 1/25/2010 12:15 PM, Peter Ankerstål wrote:
>> How do I set a static ipv6 route in rc.conf?
>> 
>> This command works: route add -inet6 -net 2003:16c8:dc1e:2:: -prefixlen 64 
>> 2003:16c8:dc1e::2
>> 
>> and I use this in rc.conf:
>> ipv6_static_routes="2003:16c8:dc1e:2:: -prefixlen 64 2003:16c8:dc1e::2"
>> 
> 
> Do it like IPv4 static routes with an itemized/serialized list:
> 
> ipv6_static_routes="pitbpa0_0 pitbpa0_1 faith_0 faith_1"
> ipv6_route_pitbpa0_0="2607:f000:0010:0100::/56 2607:f000:10::4000"
> ipv6_route_pitbpa0_1="2607:f000:0010:0200::/56 2607:f000:10::4000"
> ipv6_route_faith_0="2607:f000:10:0::: -prefixlen 96 ::1"
> ipv6_route_faith_1="2607:f000:10:0::: -prefixlen 96 -ifp faith0"
> 
> Keep the faith, yea?
> 
> ~BAS
> 
Thanks, I just figured it out too! 

--
Peter Ankerstål
pe...@pean.org
http://www.pean.org/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 static route.

[Brian A. Seklecki (CFI NOC)]

On 1/25/2010 12:15 PM, Peter Ankerstål wrote:

How do I set a static ipv6 route in rc.conf?

This command works: route add -inet6 -net 2003:16c8:dc1e:2:: -prefixlen 64 
2003:16c8:dc1e::2

and I use this in rc.conf:
ipv6_static_routes="2003:16c8:dc1e:2:: -prefixlen 64 2003:16c8:dc1e::2"



Do it like IPv4 static routes with an itemized/serialized list:

 ipv6_static_routes="pitbpa0_0 pitbpa0_1 faith_0 faith_1"
 ipv6_route_pitbpa0_0="2607:f000:0010:0100::/56 2607:f000:10::4000"
 ipv6_route_pitbpa0_1="2607:f000:0010:0200::/56 2607:f000:10::4000"
 ipv6_route_faith_0="2607:f000:10:0::: -prefixlen 96 ::1"
 ipv6_route_faith_1="2607:f000:10:0::: -prefixlen 96 -ifp faith0"

Keep the faith, yea?

~BAS



but it does not set the correct routes.
--
Peter Ankerstål
pe...@pean.org
http://www.pean.org/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6-only host and portupgrade

[Lowell Gilbert]

$witch  writes:

> have done a "best effort" to avoid useless question, am posting after
> various faq-research and tests.
>
> having an IPv6-ONLY (FreeBSD 7.0) host that needs to perform a "portsnap
> fetch" there is NO LIST of portsnap-IPv6-capable servers.
>
> maybe they don't exists or i am "too blind" to find them; is there anybody
> that can post hostnames or links to souch kind of servers?
>
> obviously i can "workaround" using an IPv4-&-IPv6 intermediate-host,
> but the goal is a "pure" IPv6 FreeBSD farm.

You could ask Colin Percival...

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IPv6 FreeBSD servers

[Craig Butler]

 

On Sun, 2009-07-19 at 17:56 +1000, Brett Wiggins wrote:
> Hi,
> 
> I am looking to rent a FreeBSD server that has access to an IPv6
> address. I have previously rented a FreeBSD server from theplanet.com
> but they only offer IPv4 and I would like my server to be on the IPv6
> network. Does anyone have any knowledge of companies that offer this?
> 
> thanks,
> 
> Brett.
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Hi Brett

What about using a ipv4 - ipv6 tunnel broker like sixxs, should just be
a case of setting up an account then running the aiccu connectivity
client on your server.

Regards

Craig B

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 aliases in rc.conf

[Steve Bertrand]

> Reinhard Haller wrote:
>> Hi,
>>
>> I'm trying to add ipv6 aliases for my jails (7.1) in rc.conf.
>>
>> ifconfig_lo0_alias0="inet 192.168.64.1 netmask 255.255.255.0"
>> ifconfig_lo0_alias1="inet 192.168.64.2 netmask 255.255.255.255"
>> ipv6_ifconfig_lo0_alias0="inet6 fd08:2548:a3e8:40::1 prefixlen 48"
>> ipv6_ifconfig_lo0_alias1="inet6 fd08:2548:a3e8:40::2 prefixlen 128"
>
> ifconfig_lo0="inet 192.168.64.1 netmask 255.255.255.0"
> ifconfig_lo0_alias0="inet 192.168.64.2 netmask 255.255.255.255"
> ifconfig_lo0_alias1="inet6 fd08:2548:a3e8:40::1 prefixlen 48"
> ifconfig_lo0_alias2="inet6 fd08:2548:a3e8:40::2 prefixlen 128"
>
> ...works for me.

I want to add to my post that it is not advisable to use your primary
loopback interface for anything other than localhost.

Keep lo0 as is, and use loN interfaces instead.

To add new loopback interfaces, in rc.conf add:

cloned_interfaces="lo1 lo2 lo3" #etc

...and then, add an 'UP' entry to ifconfig prior to interface use:

ifconfig_lo1="UP"
ifconfig_lo1="inet ..."
ifconfig_lo1_alias0="inet6 ..."
# etc.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 aliases in rc.conf

[Steve Bertrand]

Reinhard Haller wrote:
> Hi,
> 
> I'm trying to add ipv6 aliases for my jails (7.1) in rc.conf.
> 
> ifconfig_lo0_alias0="inet 192.168.64.1 netmask 255.255.255.0"
> ifconfig_lo0_alias1="inet 192.168.64.2 netmask 255.255.255.255"
> ipv6_ifconfig_lo0_alias0="inet6 fd08:2548:a3e8:40::1 prefixlen 48"
> ipv6_ifconfig_lo0_alias1="inet6 fd08:2548:a3e8:40::2 prefixlen 128"

ifconfig_lo0="inet 192.168.64.1 netmask 255.255.255.0"
ifconfig_lo0_alias0="inet 192.168.64.2 netmask 255.255.255.255"
ifconfig_lo0_alias1="inet6 fd08:2548:a3e8:40::1 prefixlen 48"
ifconfig_lo0_alias2="inet6 fd08:2548:a3e8:40::2 prefixlen 128"

...works for me.

Technically, IPv6 is designed for multiple addresses on each interface,
so the secondary (alias) parameter should not be needed at all. However,
using ifconfig, we must abide by it's methods of usage.

IPv6 addresses should be put inline with the IPv4 addresses under the
alias numbering scheme, and things will hold together.

Out of curiosity, why are you using a /48 prefixlen? I understand the
/128 (when it is not inside of another assigned prefix), but IMHO, you
should only use a /64 on an interface.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[gahn]

Steve:

Thanks for the help.

well i find the problem: on the juniper routers, the configuration missed the 
statement of "prefix fec0::" under the clause of "router-advertisement". 
Once i set that right, it works as it should be.

best


--- On Thu, 2/12/09, Steve Bertrand  wrote:

> From: Steve Bertrand 
> Subject: Re: ipv6 and freebsd
> To: ipfr...@yahoo.com
> Cc: "freebsd general questions" 
> Date: Thursday, February 12, 2009, 6:20 AM
> gahn wrote:
> > Thanks Steve:
> > 
> > the router that sending RA is juniper and the protocol
> router-advertisement has been activated:
> > 
> > g...@lab_1> show interfaces fe-0/0/3
> > ...
> > 
> >   Logical interface fe-0/0/3.170 (Index 70) (SNMP
> ifIndex 59) 
> > ...
> >   Addresses, Flags: Is-Preferred
> > Destination: fe80::/64, Local:
> fe80::214:f600:aa2c:d403
> >   Addresses, Flags: Is-Preferred Is-Primary
> > Destination: fec0:10:5::/64, Local:
> fec0:10:5:0:214:f600:aa2c:d403
> 
> fec0::/10 was deprecated per RFC3879. Perhaps the Juniper
> unit is
> obeying this and just not sending the prefix in the
> advertisement?
> 
> Everything else looks good, so lets test that possibility
> (as remote as
> it is). Take your tcpdump one step further:
> 
> > lab# tcpdump -n -i bge1 ip6
> > tcpdump: verbose output suppressed, use -v or -vv for
> full protocol decode
> > listening on bge1, link-type EN10MB (Ethernet),
> capture size 96 bytes
> > 17:55:44.027565 IP6 fe80::214:f600:aa2c:3c03 >
> ff02::1: ICMP6, router advertisement, length 24
> > 18:02:46.283353 IP6 fe80::214:f600:aa2c:d403 >
> ff02::1: ICMP6, router advertisement, length 24
> 
> # tcpdump -n -i bge1 -s 0 -w /path/to/file.pcap ip6
> 
> After a time of that running (there won't be any STDOUT
> output), stop
> the capture, and open the file in Wireshark. (I've
> never figured out
> how to get tcpdump to read the data portion of the packets
> from a file).
> 
> With the -s0, it will capture the headers and the data of
> each packet,
> so you should be able to tell whether the RA announcements
> do actually
> contain the prefix you are trying to get configured.
> 
> Something that I should have asked from the get-go...do you
> have any
> sort of firewall running on the box?
> 
> I'll set this up in my lab here today. Although we
> don't have any
> Juniper units, I'll see if I can recreate the problem
> with Cisco
> hardware. You may also want to test using a non-deprecated
> address
> space. The documentation address may work for instance.
> 
> Steve
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscr...@freebsd.org"


  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:

> What shall I do to accomplish this on FreeBSD?

For clarification and completeness, here is exactly what I did:

First, config the router (Cisco):

interface FastEthernet0/0
 ip address 192.168.3.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2607:F118:A::1/64
 ipv6 address FEC0:10::1/64
 ipv6 nd ra-lifetime 210
 ipv6 nd prefix 2607:F118:A::/64
 ipv6 nd prefix FEC0:10::/64

Next, on the host, ensure we are properly prepared:

# sysctl -a net.inet6.ip6.accept_rtadv
net.inet6.ip6.accept_rtadv: 1

# ndp -i fxp0
linkmtu=1500, maxmtu=1500, curhlim=64, basereachable=30s0ms,
reachable=39s, retrans=1s0ms
Flags: nud accept_rtadv

Ensure there is not a blanket ICMP filter on the host, by pinging the
link local address from the router (even if you can ping, it is still
possible that ICMP type 9 are being blocked):

# ping fe80::20d:60ff:fe4c:81ca
Output Interface: FastEthernet0/0
Packet sent with a source address of FE80::20A:F4FF:FE0B:B109
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

Ensure we see RAs on the wire:

# tcpdump -n -i fxp0 ip6
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
09:30:50.820717 IP6 fe80::20a:f4ff:fe0b:b109 > ff02::1: ICMP6, router
advertisement, length 96

Capture the entire packet with the RA information to make sure that the
router is actually sending the prefixes we want to autoconf. Dump this
info into a file, so we can scp it to our workstation to read it into
Wireshark:

# tcpdump -n -i fxp0 -s 0 -w /var/log/test.pcap ip6

What does Wireshark tell us about the advertisement:

ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0xc0
1...  = Onlink
.1..  = Auto
..0.  = Not router address
...0  = Not site prefix
Valid lifetime: 2592000
Preferred lifetime: 604800
Prefix: 2607:f118:a:: <***

ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0xc0
1...  = Onlink
.1..  = Auto
..0.  = Not router address
...0  = Not site prefix
Valid lifetime: 2592000
Preferred lifetime: 604800
Prefix: fec0:10:: <***

So by this point, we've confirmed that everything is in order. I don't
know if FreeBSD will autoconf if the 'L' bit (Onlink) flag is set to 0,
so check that too.

Let's see our ifconfig output:

# ifconfig fxp0
inet6 fe80::20d:60ff:fe4c:81ca%fxp0 prefixlen 64 scopeid 0x1
inet 192.168.3.1 netmask 0xff00 broadcast 192.168.3.255
inet6 2607:f118:a:0:20d:60ff:fe4c:81ca prefixlen 64 autoconf
inet6 fec0:10::20d:60ff:fe4c:81ca prefixlen 64 autoconf

The last thing to try, is to ping6 the known IPv6 address of the router
from the host. Perhaps ifconfig is not displaying the learnt addressing
information until it is used. (This situation did come up for me, but it
may have been a coincidence in timing. I haven't been able to reproduce it).

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
> Thanks Steve:
> 
> We use fec0::... as global unique IPv6 address in the lab environment. the 
> IPv6 routers in our lab uses fec0:0:5::/64 with eui-64 addressing scheme (for 
> testing).
> 
>>From the host "lab" (freebsd) machine, it clearly sees two link-local 
>>addresses for two IPv6 routers via RA messages. the IP routers also sent But 
>>why not the host "lab" configure itself with global unique address with 
>>prefix fec0:0:5:0::/64 (provided by the routers)?
> 
> What shall I do to accomplish this on FreeBSD?

Well, I got this working with no issues. The router I used is an old
Cisco 2651XM, and my box is FreeBSD 7.1. I even went as far to use space
out of fec0::/10.

Were you able to get a full pcap to ensure your "global" prefix is
within the RA messages?

If the global accept_rtadv is set to 1, and the interface is also told
to accept the advertisements, then I can't explain why this is not
working for you, other than a firewall on the host blocking inbound ICMP
(which is very bad for IPv6, for this reason, and due to the havoc
breaking PMTUd can cause).

Remember that tcpdump will capture the RA's on the wire before they are
dropped by any packet filter.

Can you ping6 the lab host from the router, using its link-local address?

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[gahn]

Thanks Steve:

We use fec0::... as global unique IPv6 address in the lab environment. the IPv6 
routers in our lab uses fec0:0:5::/64 with eui-64 addressing scheme (for 
testing).

>From the host "lab" (freebsd) machine, it clearly sees two link-local 
>addresses for two IPv6 routers via RA messages. the IP routers also sent But 
>why not the host "lab" configure itself with global unique address with prefix 
>fec0:0:5:0::/64 (provided by the routers)?

What shall I do to accomplish this on FreeBSD?



--- On Thu, 2/12/09, Steve Bertrand  wrote:

> From: Steve Bertrand 
> Subject: Re: ipv6 and freebsd
> To: ipfr...@yahoo.com
> Cc: "freebsd general questions" 
> Date: Thursday, February 12, 2009, 6:20 AM
> gahn wrote:
> > Thanks Steve:
> > 
> > the router that sending RA is juniper and the protocol
> router-advertisement has been activated:
> > 
> > g...@lab_1> show interfaces fe-0/0/3
> > ...
> > 
> >   Logical interface fe-0/0/3.170 (Index 70) (SNMP
> ifIndex 59) 
> > ...
> >   Addresses, Flags: Is-Preferred
> > Destination: fe80::/64, Local:
> fe80::214:f600:aa2c:d403
> >   Addresses, Flags: Is-Preferred Is-Primary
> > Destination: fec0:10:5::/64, Local:
> fec0:10:5:0:214:f600:aa2c:d403
> 
> fec0::/10 was deprecated per RFC3879. Perhaps the Juniper
> unit is
> obeying this and just not sending the prefix in the
> advertisement?
> 
> Everything else looks good, so lets test that possibility
> (as remote as
> it is). Take your tcpdump one step further:
> 
> > lab# tcpdump -n -i bge1 ip6
> > tcpdump: verbose output suppressed, use -v or -vv for
> full protocol decode
> > listening on bge1, link-type EN10MB (Ethernet),
> capture size 96 bytes
> > 17:55:44.027565 IP6 fe80::214:f600:aa2c:3c03 >
> ff02::1: ICMP6, router advertisement, length 24
> > 18:02:46.283353 IP6 fe80::214:f600:aa2c:d403 >
> ff02::1: ICMP6, router advertisement, length 24
> 
> # tcpdump -n -i bge1 -s 0 -w /path/to/file.pcap ip6
> 
> After a time of that running (there won't be any STDOUT
> output), stop
> the capture, and open the file in Wireshark. (I've
> never figured out
> how to get tcpdump to read the data portion of the packets
> from a file).
> 
> With the -s0, it will capture the headers and the data of
> each packet,
> so you should be able to tell whether the RA announcements
> do actually
> contain the prefix you are trying to get configured.
> 
> Something that I should have asked from the get-go...do you
> have any
> sort of firewall running on the box?
> 
> I'll set this up in my lab here today. Although we
> don't have any
> Juniper units, I'll see if I can recreate the problem
> with Cisco
> hardware. You may also want to test using a non-deprecated
> address
> space. The documentation address may work for instance.
> 
> Steve
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscr...@freebsd.org"


  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
> Thanks Steve:
> 
> the router that sending RA is juniper and the protocol router-advertisement 
> has been activated:
> 
> g...@lab_1> show interfaces fe-0/0/3
> ...
> 
>   Logical interface fe-0/0/3.170 (Index 70) (SNMP ifIndex 59) 
> ...
>   Addresses, Flags: Is-Preferred
> Destination: fe80::/64, Local: fe80::214:f600:aa2c:d403
>   Addresses, Flags: Is-Preferred Is-Primary
> Destination: fec0:10:5::/64, Local: fec0:10:5:0:214:f600:aa2c:d403

fec0::/10 was deprecated per RFC3879. Perhaps the Juniper unit is
obeying this and just not sending the prefix in the advertisement?

Everything else looks good, so lets test that possibility (as remote as
it is). Take your tcpdump one step further:

> lab# tcpdump -n -i bge1 ip6
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on bge1, link-type EN10MB (Ethernet), capture size 96 bytes
> 17:55:44.027565 IP6 fe80::214:f600:aa2c:3c03 > ff02::1: ICMP6, router 
> advertisement, length 24
> 18:02:46.283353 IP6 fe80::214:f600:aa2c:d403 > ff02::1: ICMP6, router 
> advertisement, length 24

# tcpdump -n -i bge1 -s 0 -w /path/to/file.pcap ip6

After a time of that running (there won't be any STDOUT output), stop
the capture, and open the file in Wireshark. (I've never figured out
how to get tcpdump to read the data portion of the packets from a file).

With the -s0, it will capture the headers and the data of each packet,
so you should be able to tell whether the RA announcements do actually
contain the prefix you are trying to get configured.

Something that I should have asked from the get-go...do you have any
sort of firewall running on the box?

I'll set this up in my lab here today. Although we don't have any
Juniper units, I'll see if I can recreate the problem with Cisco
hardware. You may also want to test using a non-deprecated address
space. The documentation address may work for instance.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[gahn]

Thanks Steve:

the router that sending RA is juniper and the protocol router-advertisement has 
been activated:

g...@lab_1> show interfaces fe-0/0/3
...

  Logical interface fe-0/0/3.170 (Index 70) (SNMP ifIndex 59) 
...
  Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::214:f600:aa2c:d403
  Addresses, Flags: Is-Preferred Is-Primary
Destination: fec0:10:5::/64, Local: fec0:10:5:0:214:f600:aa2c:d403


g...@lab_r2> show interfaces fe-0/0/3 
...
  Logical interface fe-0/0/3.170 (Index 70) (SNMP ifIndex 32)
  Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::214:f600:aa2c:3c03
  Addresses, Flags: Is-Preferred Is-Primary
Destination: fec0:0:5::/64, Local: fec0:0:5:0:214:f600:aa2c:3c03

g...@lab:~:$ sysctl -a net.inet6.ip6.accept_rtadv
net.inet6.ip6.accept_rtadv: 1
g...@lab:~:$ ndp -i bge1
linkmtu=0, maxmtu=1500, curhlim=64, basereachable=30s0ms, reachable=36s, 
retrans=1s0ms
Flags: nud accept_rtadv 
g...@lab:~:$ ifconfig bge1
bge1: flags=8943 metric 0 mtu 
1500
options=9b
ether 00:06:5b:f0:7d:21
inet6 fe80::206:5bff:fef0:7d21%bge1 prefixlen 64 scopeid 0x2 
inet 10.0.5.10 netmask 0xff00 broadcast 10.0.5.255
media: Ethernet autoselect (100baseTX )
status: active


lab# tcpdump -n -i bge1 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bge1, link-type EN10MB (Ethernet), capture size 96 bytes
17:55:44.027565 IP6 fe80::214:f600:aa2c:3c03 > ff02::1: ICMP6, router 
advertisement, length 24
18:02:46.283353 IP6 fe80::214:f600:aa2c:d403 > ff02::1: ICMP6, router 
advertisement, length 24




--- On Tue, 2/10/09, Steve Bertrand  wrote:

> From: Steve Bertrand 
> Subject: Re: ipv6 and freebsd
> To: ipfr...@yahoo.com
> Cc: "freebsd general questions" 
> Date: Tuesday, February 10, 2009, 10:35 AM
> gahn wrote:
> > Thanks for the tips.
> > 
> > But i still only see the fe80::..., link-local
> address, not the fec0:... something as I expected.
> 
> Provide the output to:
> 
> # sysctl -a net.inet6.ip6.accept_rtadv
> # ndp -i fxp0
> # ifconfig fxp0
> 
> ...and, run a tcpdump on fxp0 capturing only IPv6 packets.
> Eventually
> you should see the router advertisements:
> 
> # tcpdump -n -i fxp0 ip6
> 
> If you don't see them, check your router config. What
> type of router is
> it? Most routers have RAs disabled by default.
> 
> Steve


  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
> Thanks for the tips.
> 
> But i still only see the fe80::..., link-local address, not the fec0:... 
> something as I expected.

Provide the output to:

# sysctl -a net.inet6.ip6.accept_rtadv
# ndp -i fxp0
# ifconfig fxp0

...and, run a tcpdump on fxp0 capturing only IPv6 packets. Eventually
you should see the router advertisements:

# tcpdump -n -i fxp0 ip6

If you don't see them, check your router config. What type of router is
it? Most routers have RAs disabled by default.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[gahn]

Thanks for the tips.

But i still only see the fe80::..., link-local address, not the fec0:... 
something as I expected.

--- On Tue, 2/10/09, Steve Bertrand  wrote:

> From: Steve Bertrand 
> Subject: Re: ipv6 and freebsd
> To: ipfr...@yahoo.com
> Cc: "freebsd general questions" 
> Date: Tuesday, February 10, 2009, 6:28 AM
> gahn wrote:
> > Ok, i meant the configuration of
> "ipv6_network_interface="fxp0"" alone
> doesn't seem to be working:
> 
> [...]
> 
> > how could I enable IPv6 only on the interface fxp0
> instead of every interface?
> 
> It is possible to completely disable IPv6 on an interface,
> but man (8)
> ndp recommends against doing this manually.
> 
> However, you can pretty well achieve the same effect by
> informing the
> interfaces to not accept RAs.
> 
> First (and to answer your next question), enable 'auto
> config'. You can
> put the next line in /etc/sysctl.conf to enable it at boot
> (without the
> word 'sysctl'):
> 
> pearl# sysctl net.inet6.ip6.accept_rtadv=1
> 
> Now, you can disable acceptance of rtadv messages on
> individual
> interfaces by:
> 
> pearl# ndp -i fxp1 -- -accept_rtadv
> 
> ...or re-enable:
> 
> pearl# ndp -i fxp1 -- accept_rtadv
> 
> So, I think that this will suit your requirements. The only
> difference
> being is that although the unused interfaces won't
> accept RAs, they will
> still have a link-local address.
> 
> Steve


  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[Steve Bertrand]

gahn wrote:
> Ok, i meant the configuration of "ipv6_network_interface="fxp0"" alone 
> doesn't seem to be working:

[...]

> how could I enable IPv6 only on the interface fxp0 instead of every interface?

It is possible to completely disable IPv6 on an interface, but man (8)
ndp recommends against doing this manually.

However, you can pretty well achieve the same effect by informing the
interfaces to not accept RAs.

First (and to answer your next question), enable 'auto config'. You can
put the next line in /etc/sysctl.conf to enable it at boot (without the
word 'sysctl'):

pearl# sysctl net.inet6.ip6.accept_rtadv=1

Now, you can disable acceptance of rtadv messages on individual
interfaces by:

pearl# ndp -i fxp1 -- -accept_rtadv

...or re-enable:

pearl# ndp -i fxp1 -- accept_rtadv

So, I think that this will suit your requirements. The only difference
being is that although the unused interfaces won't accept RAs, they will
still have a link-local address.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipv6 and freebsd

[gahn]

Ok, i meant the configuration of "ipv6_network_interface="fxp0"" alone doesn't 
seem to be working:

for /etc/rc.conf:

#ipv6_enable="YES"
ipv6_network_interface="fxp0"

u...@lab:~:$ ifconfig fxp0

fxp0: flags=8843 metric 0 mtu 1500
options=9b
ether 00:06:5b:f0:7d:21
inet 10.0.0.1 netmask 0xff80 broadcast 10.0.0.127
media: Ethernet autoselect (100baseTX )
status: active

then I modified the file /etc/rc.conf:

ipv6_enable="YES"
ipv6_network_interface="fxp0"

then it enabled the IPv6 on every interface.

how could I enable IPv6 only on the interface fxp0 instead of every interface?

Also how could I enable the feature of "auto configuration"? I have a router 
configured on the same subnet on the interface fxp0 as eui-64 and sending out 
router-advertisement. so far i don't see the automatically configured IPv6 
address on the interface fxp0 except the link-local address (the one starts 
with fe80::). why is that?


--- On Mon, 2/9/09, gahn  wrote:

> From: gahn 
> Subject: ipv6 and freebsd
> To: "freebsd general questions" 
> Date: Monday, February 9, 2009, 2:53 PM
> Hi all:
>  
> Free questions with FreeBSD and IPV6. I am running 7.1.
>  
> 1) My machine has multiple interfaces and some of
> interfaces I would like to run IP v6 but not all of them.
> How could I do that? Currently
> "ipv6_enable="YES" enables every interface of
> this machine, and
> "ipv6_network_interface="fxp0""
> doesn't seem to do anything.
> 2) I have a router that is running IPv6
> router-advertisement. How could I run autoconfiguration mode
> on the interface of my FreeBSD machine?
> 
> Thanks.
> 
> 
> 
>   
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscr...@freebsd.org"


  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

RE: ipv6

[Michael K. Smith - Adhost]

> 
> Excuse me for jumping in on this thread, I'm only just starting to look
> into IPv6 for myself.
> 
> My ISP has informed me that it doesn't support IPv6 yet, and won't for
> some time. I have a DNS server and sites on IPv4, but I'd like to be
> able to support IPv6- does the fact that my ISP doesn't support it stop
> me from serving on IPv6? I'd think it does, but some clarity from
> experts might help...
> 
You could use a tunnel broker like Hurricane Electric for free.  Check out 
http://tunnelbroker.net/

Regards,

Mike


PGP.sig
Description: PGP signature

Re: ipv6

[Da Rock]

On Mon, 2008-09-22 at 08:25 -0400, Steve Bertrand wrote:
> Da Rock wrote:
> 
> > Excuse me for jumping in on this thread, I'm only just starting to look
> > into IPv6 for myself.
> > 
> > My ISP has informed me that it doesn't support IPv6 yet, and won't for
> > some time. I have a DNS server and sites on IPv4, but I'd like to be
> > able to support IPv6- does the fact that my ISP doesn't support it stop
> > me from serving on IPv6? I'd think it does, but some clarity from
> > experts might help...
> 
> If you only need IPv6 essentially for testing (ie. low bandwidth
> requirements && no SLA), then I can provide you a tunnel into our
> network, and provide you with as much IPv6 space to play with as you like.
> 
> You will need a router (Cisco, FreeBSD, Juniper etc) at your edge in
> order to establish an IPv6IP tunnel to one of my routers.
> 
> Email me off-list if you are interested in further details.
> 
> BTW, to answer your question, no... even if your ISP is not IPv6
> compliant, that does not stop you from implementing IPv6 on your public
> servers.

Well, thats interesting on both counts. To the first, I don't have the
hardware yet, but I was making some investigations to explore what I
should be getting to implement IPv6.

To the second, can you recommend any material on how this is possible? I
have a pretty good knowledge of IPv4, but I haven't had the chance to
look at IPv6 yet. That said, from what I do know I wasn't sure about the
routing and how my ISP was going to forward the packets. And from my
understanding, IPv6 is going to be a whole lot more fun than the
previous era... :)

Thanks again for clearing that up.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6

[Steve Bertrand]

Da Rock wrote:

> Excuse me for jumping in on this thread, I'm only just starting to look
> into IPv6 for myself.
> 
> My ISP has informed me that it doesn't support IPv6 yet, and won't for
> some time. I have a DNS server and sites on IPv4, but I'd like to be
> able to support IPv6- does the fact that my ISP doesn't support it stop
> me from serving on IPv6? I'd think it does, but some clarity from
> experts might help...

If you only need IPv6 essentially for testing (ie. low bandwidth
requirements && no SLA), then I can provide you a tunnel into our
network, and provide you with as much IPv6 space to play with as you like.

You will need a router (Cisco, FreeBSD, Juniper etc) at your edge in
order to establish an IPv6IP tunnel to one of my routers.

Email me off-list if you are interested in further details.

BTW, to answer your question, no... even if your ISP is not IPv6
compliant, that does not stop you from implementing IPv6 on your public
servers.

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6

[Mike Bristow]

Da Rock wrote:

My ISP has informed me that it doesn't support IPv6 yet, and won't for
some time. I have a DNS server and sites on IPv4, but I'd like to be
able to support IPv6- does the fact that my ISP doesn't support it stop
me from serving on IPv6? I'd think it does, but some clarity from
experts might help...
  


If you have static IPv4, then you can setup stf tunnels easily enough.  
See stf(4), although if you want to set it up then it may be a good idea 
to look at the way that rc.conf can set it up.


If you don't have static IPv4, then other tunneling techniques can be used.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6

[Da Rock]

On Sun, 2008-09-21 at 09:18 +, beni wrote:
> On Saturday 20 September 2008 23:13:33 David Horn wrote:
> > On Sat, Sep 20, 2008 at 11:35 AM, beni <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > I have a question about IPv6.
> > > I installed /net/freenet6 and edited the /usr/local/etc/gw6c.conf file
> > > with the login and password given by Go6.net.
> > > I added freenet6_enable="YES", ipv6_enable="YES" and
> > > ipv6_network_interfaces="vr0 tun0" to my /etc/rc.conf.
> > > An ifconfig shows this :
> > > bsdaddict# ifconfig vr0
> > > vr0: flags=8843 metric 0 mtu 1500
> > >options=2808
> > >ether 00:0c:76:c2:2c:b7
> > >inet6 fe80::20c:76ff:fec2:2cb7%vr0 prefixlen 64 scopeid 0x1
> > >inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255
> > >media: Ethernet autoselect (100baseTX )
> > >status: active
> > > bsdaddict#
> > > So I think the installation of ipv6 is ok : surfing to
> > > http://go6.net/4105/freenet.asp says "You are using IPv6 from ...". But
> > > in X-chat, when connecting to Freenode p.ex., I get this :
> > >
> > >  FreebsdBeni n=FreeBSD 213.219.143.49.adsl.dyn.edpnet.net :You are now
> > > logged in. (id FreebsdBeni, username n=FreeBSD, hostname
> > > 213.219.143.49.adsl.dyn.edpnet.net)
> >
> > Even if you have properly setup/configured a tunnel to provide IPv6,
> > does not mean that IPv4 goes away.  You are running in dual stack mode
> > (both IPv4, and IPv6 active)  You may want to read up a little bit on
> > IPv6 details and background in the FreeBSD handbook
> >
> > http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html
> >
> > and in the go6.net wiki (among lots of other good IPv6 articles.
> > Google is your friend here.)
> >
> > http://wiki.go6.net/index.php?title=IPv6_transition_mechanisms
> >
> > Most applications that are IPv6 aware will default to using IPv6 if
> > everything is setup properly.  This includes giving an IPv6 capable
> > DNS name to your IRC client. (ipv6.chat.us.freenode.net and
> > ipv6.chat.eu.freenode.net are a few that are IPv6)
> >
> > I'm not much of an IRC user myself, but I see that several of the
> > ports of xchat are IPv6 enabled.  You did not specify what version of
> > Xchat you are using, so I can't comment further there.  Make sure you
> > are using a version of xchat that supports IPv6, and that you are
> > using the appropriate IPv6 freenode DNS name.
> >
> > You can also find a listing of IPv6 capable application ports over on
> > http://www.freshports.org/ipv6/
> >
> > > And that is not a ipv6 address. So what am I missing here ? Is it my
> > > config or is my isp converting my ipv6 back to ipv4 ?
> >
> > It is your config.  An ISP can not really "automagically" change you
> > from IPv6 to IPv4 when you have a tunnel active.  You do not provide
> > an ifconfig for your tunnel interface (tun0), so it is hard to tell
> > what your configuration looks like.
> >
> > Can you ping6 the site in question ? (ie:  ping6 ipv6.chat.us.freenode.net)
> >
> > > Thanks for any hints on this.
> > > --
> > > Beni.
> >
> 
> It seems that I was, indeed using the wrong server to connect me to : 
> the "normal" IPv6 instead of the ipv6-servers (the ping6 works). So now all 
> seems ok.
> Didn't know about those IPv6 capable application port on Freshports though. 
> Will definitely check those, thanks for the link and your explications !
> 

Excuse me for jumping in on this thread, I'm only just starting to look
into IPv6 for myself.

My ISP has informed me that it doesn't support IPv6 yet, and won't for
some time. I have a DNS server and sites on IPv4, but I'd like to be
able to support IPv6- does the fact that my ISP doesn't support it stop
me from serving on IPv6? I'd think it does, but some clarity from
experts might help...

Cheers

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6

[beni]

On Saturday 20 September 2008 23:13:33 David Horn wrote:
> On Sat, Sep 20, 2008 at 11:35 AM, beni <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I have a question about IPv6.
> > I installed /net/freenet6 and edited the /usr/local/etc/gw6c.conf file
> > with the login and password given by Go6.net.
> > I added freenet6_enable="YES", ipv6_enable="YES" and
> > ipv6_network_interfaces="vr0 tun0" to my /etc/rc.conf.
> > An ifconfig shows this :
> > bsdaddict# ifconfig vr0
> > vr0: flags=8843 metric 0 mtu 1500
> >options=2808
> >ether 00:0c:76:c2:2c:b7
> >inet6 fe80::20c:76ff:fec2:2cb7%vr0 prefixlen 64 scopeid 0x1
> >inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255
> >media: Ethernet autoselect (100baseTX )
> >status: active
> > bsdaddict#
> > So I think the installation of ipv6 is ok : surfing to
> > http://go6.net/4105/freenet.asp says "You are using IPv6 from ...". But
> > in X-chat, when connecting to Freenode p.ex., I get this :
> >
> >  FreebsdBeni n=FreeBSD 213.219.143.49.adsl.dyn.edpnet.net :You are now
> > logged in. (id FreebsdBeni, username n=FreeBSD, hostname
> > 213.219.143.49.adsl.dyn.edpnet.net)
>
> Even if you have properly setup/configured a tunnel to provide IPv6,
> does not mean that IPv4 goes away.  You are running in dual stack mode
> (both IPv4, and IPv6 active)  You may want to read up a little bit on
> IPv6 details and background in the FreeBSD handbook
>
> http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html
>
> and in the go6.net wiki (among lots of other good IPv6 articles.
> Google is your friend here.)
>
> http://wiki.go6.net/index.php?title=IPv6_transition_mechanisms
>
> Most applications that are IPv6 aware will default to using IPv6 if
> everything is setup properly.  This includes giving an IPv6 capable
> DNS name to your IRC client. (ipv6.chat.us.freenode.net and
> ipv6.chat.eu.freenode.net are a few that are IPv6)
>
> I'm not much of an IRC user myself, but I see that several of the
> ports of xchat are IPv6 enabled.  You did not specify what version of
> Xchat you are using, so I can't comment further there.  Make sure you
> are using a version of xchat that supports IPv6, and that you are
> using the appropriate IPv6 freenode DNS name.
>
> You can also find a listing of IPv6 capable application ports over on
> http://www.freshports.org/ipv6/
>
> > And that is not a ipv6 address. So what am I missing here ? Is it my
> > config or is my isp converting my ipv6 back to ipv4 ?
>
> It is your config.  An ISP can not really "automagically" change you
> from IPv6 to IPv4 when you have a tunnel active.  You do not provide
> an ifconfig for your tunnel interface (tun0), so it is hard to tell
> what your configuration looks like.
>
> Can you ping6 the site in question ? (ie:  ping6 ipv6.chat.us.freenode.net)
>
> > Thanks for any hints on this.
> > --
> > Beni.
>

It seems that I was, indeed using the wrong server to connect me to : 
the "normal" IPv6 instead of the ipv6-servers (the ping6 works). So now all 
seems ok.
Didn't know about those IPv6 capable application port on Freshports though. 
Will definitely check those, thanks for the link and your explications !

-- 
Beni.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6

[David Horn]

On Sat, Sep 20, 2008 at 11:35 AM, beni <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have a question about IPv6.
> I installed /net/freenet6 and edited the /usr/local/etc/gw6c.conf file with
> the login and password given by Go6.net.
> I added freenet6_enable="YES", ipv6_enable="YES" and
> ipv6_network_interfaces="vr0 tun0" to my /etc/rc.conf.
> An ifconfig shows this :
> bsdaddict# ifconfig vr0
> vr0: flags=8843 metric 0 mtu 1500
>options=2808
>ether 00:0c:76:c2:2c:b7
>inet6 fe80::20c:76ff:fec2:2cb7%vr0 prefixlen 64 scopeid 0x1
>inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255
>media: Ethernet autoselect (100baseTX )
>status: active
> bsdaddict#
> So I think the installation of ipv6 is ok : surfing to
> http://go6.net/4105/freenet.asp says "You are using IPv6 from ...". But in
> X-chat, when connecting to Freenode p.ex., I get this :
>
>  FreebsdBeni n=FreeBSD 213.219.143.49.adsl.dyn.edpnet.net :You are now logged
> in. (id FreebsdBeni, username n=FreeBSD, hostname
> 213.219.143.49.adsl.dyn.edpnet.net)

Even if you have properly setup/configured a tunnel to provide IPv6,
does not mean that IPv4 goes away.  You are running in dual stack mode
(both IPv4, and IPv6 active)  You may want to read up a little bit on
IPv6 details and background in the FreeBSD handbook

http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html

and in the go6.net wiki (among lots of other good IPv6 articles.
Google is your friend here.)

http://wiki.go6.net/index.php?title=IPv6_transition_mechanisms

Most applications that are IPv6 aware will default to using IPv6 if
everything is setup properly.  This includes giving an IPv6 capable
DNS name to your IRC client. (ipv6.chat.us.freenode.net and
ipv6.chat.eu.freenode.net are a few that are IPv6)

I'm not much of an IRC user myself, but I see that several of the
ports of xchat are IPv6 enabled.  You did not specify what version of
Xchat you are using, so I can't comment further there.  Make sure you
are using a version of xchat that supports IPv6, and that you are
using the appropriate IPv6 freenode DNS name.

You can also find a listing of IPv6 capable application ports over on
http://www.freshports.org/ipv6/

>
> And that is not a ipv6 address. So what am I missing here ? Is it my config or
> is my isp converting my ipv6 back to ipv4 ?

It is your config.  An ISP can not really "automagically" change you
from IPv6 to IPv4 when you have a tunnel active.  You do not provide
an ifconfig for your tunnel interface (tun0), so it is hard to tell
what your configuration looks like.

Can you ping6 the site in question ? (ie:  ping6 ipv6.chat.us.freenode.net)

>
> Thanks for any hints on this.
> --
> Beni.
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 portsnap servers

[Ashish Shukla आशीष शुक्ल]

Chuck Swiger writes:
> On Aug 17, 2008, at 11:10 PM, R Dicaire wrote:
>> Hi folks, I searched google and this mailing list and could find no
>> specific mention of ipv6 support for portsnap. I also checked for 
>> records for the three portsnap mirrors portsnap1, 2, and
>> 4.freebsd.org, no .
>> I have an ipv6 only install, and wondering what other means I can use
>> to maintain ports via ipv6.

> Obtain IPv4 connectivity?  Very few of the FTP/HTTP servers providing
> ports source tarballs are going to be IPv6 only...

OR use csup for updating ports. There're few cvsup servers at least.

Ashish
-- 
·-- ·-  ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --


pgpCMOfHPA4r9.pgp
Description: PGP signature

Re: ipv6 portsnap servers

[Chuck Swiger]

On Aug 17, 2008, at 11:10 PM, R Dicaire wrote:

Hi folks, I searched google and this mailing list and could find no
specific mention of ipv6 support for portsnap. I also checked for 
records for the three portsnap mirrors portsnap1, 2, and
4.freebsd.org, no .
I have an ipv6 only install, and wondering what other means I can use
to maintain ports via ipv6.


Obtain IPv4 connectivity?  Very few of the FTP/HTTP servers providing  
ports source tarballs are going to be IPv6 only...


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Auto Discovery

[Doug Hardie]

On Jul 11, 2008, at 05:47, Steve Bertrand wrote:


Doug Hardie wrote:
Mac OS-X does a form of auto discovery on IPv6 where the machines  
on a local network add the machine name to the ndp table when they  
see activity from that machine.


...FreeBSD does this as well (Neighbor Discovery).

pearl# ndp -a
NeighborLinklayer Address  Netif ExpireS Flags
lanx.eagle.ca   0:b:46:3e:f3:41 fxp0 23h59m41s S R
vandetta.ibctech.ca 0:f:b5:80:58:77 fxp0 15s   R
v6.ibctech.ca   0:e:c:6c:e9:62  fxp0 permanent R
v6.ibctech.ca   0:e:c:6c:e9:62  fxp0 permanent R
...etc, etc.

If you don't have DNS configured, or you do not have reverse DNS  
entries for the host IPs you are talking to, then only the IP will  
be listed above.


So far I only have a rudimentary IPv6 configuration on FreeBSD 7  
running and it only sees the IP address, and then only after I ping  
the other end.


What you see above is normal functionality of the IPv6 Neighbor  
Discovery Protocol (RFC-4861). The 'neighbor cache' only gets  
populated with entries when IP communication takes place, or you  
receive/accept a router advertisement with a list of prefixes (ndp - 
p).


The fact that names are not appearing is due to (mis|non)  
configuration of DNS either for the resolver on the box itself, or  
reverse DNS missing for the LAN IPs as stated above.


To add a DNS server in FreeBSD, simply:

# echo "nameserver ip.of.name.server" >> /etc/resolv.conf

I couldn't find anything in /etc/defaults that seems to address  
auto discovery.  Is this something I have missed or what?


Perhaps you are referring to 'Auto Configuration' (RFC-4862)?  
Neighbor Discovery and Auto Configuration perform different tasks,  
but the former is required by the latter.


Can you describe exactly what you want to achieve? Is it only the  
name resolution problem you described above?


I originally thought it was a DNS issue also.  There is no DNS server  
on the network.  However, that doesn't seem to bother the Macs as they  
quickly pick up the names of the machines and disseminate them to each  
other without a DNS server.  This is a test setup and systems come and  
go frequently.  I don't want the hassle of having to maintain a DNS  
server that would require modes several times a day.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Auto Discovery

[Steve Bertrand]

Doug Hardie wrote:
Mac OS-X does a form of auto discovery on IPv6 where the machines on a 
local network add the machine name to the ndp table when they see 
activity from that machine.  


...FreeBSD does this as well (Neighbor Discovery).

pearl# ndp -a
NeighborLinklayer Address  Netif ExpireS Flags
lanx.eagle.ca   0:b:46:3e:f3:41 fxp0 23h59m41s S R
vandetta.ibctech.ca 0:f:b5:80:58:77 fxp0 15s   R
v6.ibctech.ca   0:e:c:6c:e9:62  fxp0 permanent R
v6.ibctech.ca   0:e:c:6c:e9:62  fxp0 permanent R
...etc, etc.

If you don't have DNS configured, or you do not have reverse DNS entries 
for the host IPs you are talking to, then only the IP will be listed above.


So far I only have a rudimentary IPv6 
configuration on FreeBSD 7 running and it only sees the IP address, and 
then only after I ping the other end.  


What you see above is normal functionality of the IPv6 Neighbor 
Discovery Protocol (RFC-4861). The 'neighbor cache' only gets populated 
with entries when IP communication takes place, or you receive/accept a 
router advertisement with a list of prefixes (ndp -p).


The fact that names are not appearing is due to (mis|non) configuration 
of DNS either for the resolver on the box itself, or reverse DNS missing 
for the LAN IPs as stated above.


To add a DNS server in FreeBSD, simply:

# echo "nameserver ip.of.name.server" >> /etc/resolv.conf

I couldn't find anything in 
/etc/defaults that seems to address auto discovery.  Is this something I 
have missed or what? 


Perhaps you are referring to 'Auto Configuration' (RFC-4862)? Neighbor 
Discovery and Auto Configuration perform different tasks, but the former 
is required by the latter.


Can you describe exactly what you want to achieve? Is it only the name 
resolution problem you described above?


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Wojciech Puchar]

attached working patch against this:

FreeBSD wojtek.tensor.gdynia.pl 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue Jun 
10 10:49:47 CEST 2008 
[EMAIL PROTECTED]:/usr2/src/sys/i386/compile/p234  i386



(cvsup'em <2 weeks ago, should work for present date)

jailpatch.gz
Description: Binary data
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Steve Bertrand]

Daniel Gerzo wrote:

Tuesday, June 3, 2008, 8:27:56 PM, you wrote:


does patch exist for it?


http://sources.zabbadoz.net/freebsd/jail.html


Trying to apply the aforementioned patches, I ran into this during 
buildkernel. I'll remove src, re csup and rebuild and try again. If 
there is a more appropriate list for this, please let me know...


build# uname -a
FreeBSD build.ibctech.ca 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Feb 29 
11:53:16 EST 2008 root@:/usr/obj/usr/src/sys/GENERIC  i386



/usr/src/sys/kern/kern_jail.c: In function 'jail':
/usr/src/sys/kern/kern_jail.c:174: error: 'ip4' undeclared (first use in 
this function)
/usr/src/sys/kern/kern_jail.c:174: error: (Each undeclared identifier is 
reported only once

/usr/src/sys/kern/kern_jail.c:174: error: for each function it appears in.)
/usr/src/sys/kern/kern_jail.c:179: error: 'ip6' undeclared (first use in 
this function)

cc1: warnings being treated as errors
/usr/src/sys/kern/kern_jail.c:227: warning: label 'e_free_ip' defined 
but not used

*** Error code 1

Stop in /usr/obj/usr/src/sys/GENERIC.
*** Error code 1

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Steve Bertrand]

Wojciech Puchar wrote:

exist in FreeBSD 6.*, everything else patched

we will see after compiling.


Did it work? Did it work? Did it work?

(Or is the absence of a giant WOOOHOOO! the indicator that it didn't
work at all?)


unfortunately not with 6.*, i was unable to complete patching by hand.

but it works in 7.*


WOH!!!

;)

(running off to try it) This is a HUGE step in aiding with 
implementing/debugging software that needs to be patched for IPv6 
conformance (for me anyway).


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Wojciech Puchar]

exist in FreeBSD 6.*, everything else patched

we will see after compiling.


Did it work? Did it work? Did it work?

(Or is the absence of a giant WOOOHOOO! the indicator that it didn't
work at all?)


unfortunately not with 6.*, i was unable to complete patching by hand.

but it works in 7.*
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Edwin Groothuis]

> well it applied almost clean to FreeBSD 6.3!
> 
> almost means i have to skip 2 patches to sctp_* files, as sctp doesn't
> exist in FreeBSD 6.*, everything else patched
>  
> we will see after compiling.

Did it work? Did it work? Did it work?

(Or is the absence of a giant WOOOHOOO! the indicator that it didn't
work at all?)

Edwin

-- 
Edwin Groothuis  |Personal website: http://www.mavetju.org
[EMAIL PROTECTED]|  Weblog: http://www.mavetju.org/weblog/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Wojciech Puchar]

well it applied almost clean to FreeBSD 6.3!

almost means i have to skip 2 patches to sctp_* files, as sctp doesn't 
exist in FreeBSD 6.*, everything else patched


we will see after compiling.


On Tue, 3 Jun 2008, Daniel Gerzo wrote:


Hello Wojciech,

Tuesday, June 3, 2008, 8:27:56 PM, you wrote:


does patch exist for it?


http://sources.zabbadoz.net/freebsd/jail.html

--
Best regards,
Danielmailto:[EMAIL PROTECTED]



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails for FreeBSD (6.* preferably)

[Daniel Gerzo]

Hello Wojciech,

Tuesday, June 3, 2008, 8:27:56 PM, you wrote:

> does patch exist for it?

http://sources.zabbadoz.net/freebsd/jail.html

-- 
Best regards,
 Danielmailto:[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 6to4

[Ofloo]

Lowell Gilbert wrote:
> 
> Ofloo <[EMAIL PROTECTED]> writes:
> 
>> When using 6to4 extensively the system crashes I've never had this with
>> gif
>> tunnels though every since I've started using 6to4 and stf interface this
>> happens especially when the v6 gateway is unreachable for short time, ..
>>
>> I haven't seen the error yet but I do know i had this before,  well it's
>> not
>> showing in the /var/log/all.log nor /var/log/messages, however I do
>> remember
>> something about non-sleeping thread or something..
>>
>> If anyone needs more info let me know I'll be more then happy to provide
>> a
>> system to test on if required currently i have 3 exact systems which have
>> this issue.
> 
> See the kernel debugging section in the Developers' Handbook.
> 
> You don't mention what version you're running, but you may want to
> update to something recent.
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 
> 

It doesn't matter, I've had it since 6.0 and it is still present in version
6.3,.. not sure about 5.3 though from the point I've started using IPv6 and
SMP FreeBSD has been letting me down.
-- 
View this message in context: 
http://www.nabble.com/IPv6-6to4-tp15921128p15936498.html
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 6to4

[Lowell Gilbert]

Ofloo <[EMAIL PROTECTED]> writes:

> When using 6to4 extensively the system crashes I've never had this with gif
> tunnels though every since I've started using 6to4 and stf interface this
> happens especially when the v6 gateway is unreachable for short time, ..
>
> I haven't seen the error yet but I do know i had this before,  well it's not
> showing in the /var/log/all.log nor /var/log/messages, however I do remember
> something about non-sleeping thread or something..
>
> If anyone needs more info let me know I'll be more then happy to provide a
> system to test on if required currently i have 3 exact systems which have
> this issue.

See the kernel debugging section in the Developers' Handbook.

You don't mention what version you're running, but you may want to
update to something recent.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 address persistent configuration thru ifconfig

[Prabhu Hariharan]

Is this behavior exists from the beginning of KAME integration or available
in latest freebsd code?  Because I was using a box which derives its ipv6
code from KAME project and the behavior was different from this.  Also, in a
host which uses Red Hat Enterprise Linux AS release 4 (Nahant Update 4),
I've seen the ipv6 addresses get removed when I do an interface down.
Please let me know, if you have any thoughts on the same.

Regards,
Prabhu H

On Jan 22, 2008 6:08 PM, Wojciech Puchar <[EMAIL PROTECTED]>
wrote:

> > In host implementation, if I manually configure global ipv6 address via
> > ifconfig command then those addresses are not persistent after making
> the
> > interface DOWN and again UP, which is not the case for IPv4 addresses.
>  Is
> > this an intentional behavior that all ipv6 address needs to be removed
> from
> > interface if it goes DOWN?  I feel the configurations that have been
> made
>
> nothing gets removed
> [EMAIL PROTECTED] ~]# ifconfig fxp0
> fxp0: flags=8843 mtu 1500
> options=8
> inet6 fe80::2d0:59ff:febe:fadc%fxp0 prefixlen 64 scopeid 0x1
> inet 10.255.245.1 netmask 0xff00 broadcast 10.255.245.255
> inet6 2001:4070:101:2::1 prefixlen 64
> ether 00:d0:59:be:fa:dc
> media: Ethernet autoselect (none)
> status: no carrier
> [EMAIL PROTECTED] ~]# ifconfig fxp0 down
> [EMAIL PROTECTED] ~]# ifconfig fxp0
> fxp0: flags=8802 mtu 1500
> options=8
> inet6 fe80::2d0:59ff:febe:fadc%fxp0 prefixlen 64 scopeid 0x1
> inet 10.255.245.1 netmask 0xff00 broadcast 10.255.245.255
> inet6 2001:4070:101:2::1 prefixlen 64
> ether 00:d0:59:be:fa:dc
> media: Ethernet autoselect (none)
> status: no carrier
> [EMAIL PROTECTED] ~]# ifconfig fxp0 up
> [EMAIL PROTECTED] ~]# ifconfig fxp0
> fxp0: flags=8843 mtu 1500
> options=8
> inet6 fe80::2d0:59ff:febe:fadc%fxp0 prefixlen 64 scopeid 0x1
> inet 10.255.245.1 netmask 0xff00 broadcast 10.255.245.255
> inet6 2001:4070:101:2::1 prefixlen 64
> ether 00:d0:59:be:fa:dc
> media: Ethernet autoselect (none)
> status: no carrier
>
>
> > manually, needs to get unconfigured manually and not programatically.
> >
> > Regards,
> > Prabhu H
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
> >
> >
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 address persistent configuration thru ifconfig

[Wojciech Puchar]

In host implementation, if I manually configure global ipv6 address via
ifconfig command then those addresses are not persistent after making the
interface DOWN and again UP, which is not the case for IPv4 addresses.  Is
this an intentional behavior that all ipv6 address needs to be removed from
interface if it goes DOWN?  I feel the configurations that have been made


nothing gets removed 
[EMAIL PROTECTED] ~]# ifconfig fxp0

fxp0: flags=8843 mtu 1500
options=8
inet6 fe80::2d0:59ff:febe:fadc%fxp0 prefixlen 64 scopeid 0x1
inet 10.255.245.1 netmask 0xff00 broadcast 10.255.245.255
inet6 2001:4070:101:2::1 prefixlen 64
ether 00:d0:59:be:fa:dc
media: Ethernet autoselect (none)
status: no carrier
[EMAIL PROTECTED] ~]# ifconfig fxp0 down
[EMAIL PROTECTED] ~]# ifconfig fxp0
fxp0: flags=8802 mtu 1500
options=8
inet6 fe80::2d0:59ff:febe:fadc%fxp0 prefixlen 64 scopeid 0x1
inet 10.255.245.1 netmask 0xff00 broadcast 10.255.245.255
inet6 2001:4070:101:2::1 prefixlen 64
ether 00:d0:59:be:fa:dc
media: Ethernet autoselect (none)
status: no carrier
[EMAIL PROTECTED] ~]# ifconfig fxp0 up
[EMAIL PROTECTED] ~]# ifconfig fxp0
fxp0: flags=8843 mtu 1500
options=8
inet6 fe80::2d0:59ff:febe:fadc%fxp0 prefixlen 64 scopeid 0x1
inet 10.255.245.1 netmask 0xff00 broadcast 10.255.245.255
inet6 2001:4070:101:2::1 prefixlen 64
ether 00:d0:59:be:fa:dc
media: Ethernet autoselect (none)
status: no carrier



manually, needs to get unconfigured manually and not programatically.

Regards,
Prabhu H
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPV6 NTP

[Matthew Seaman]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

[EMAIL PROTECTED] wrote:

> I am running FreeBSD 6.2 in a totally IPV6-only aware environment. I
> want to set up an NTP server by pointing to an IPV6 stratum 1
> address. Can I just add an IPV6 address in the NTP.conf file just as
> I would do for an IPV4 server?

Yes.  In fact, just put in the host name and NTP will default to using
the IPv6  address.

Cheers,

Matthew

PS.  Please don't hijack other e-mail threads by replying to a message
and changing the subject.  It's considered rude at best, and it tends
to cause your message to be hidden amongst all the traffic of the other
thread.




- -- 
Dr Matthew J Seaman MA, D.Phil.   Flat 3
  7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW, UK
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHRqDa3jDkPpsZ+VYRAwPpAKC4Bw1JOt4fA49RiZv3Krg6oCbsHACgjEi0
fAcaLOw7eQo11FhPck822k8=
=MZ6k
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 confusion

[Byung-Hee HWANG]

Wojciech,

On Tue, 2007-11-06 at 09:03 +0100, Wojciech Puchar wrote:
> >
> > AFAIK, IPv6 setup is much more difficult than IPv4 setup. Still i don't
> 
> i don't think so. it is no more difficult, or even easier.
> 
> more difficult is to put rev-dns entries but still not a problem

You won! Because you already had r-dns ipv6 smtp! Perfect!

...
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
[IPv6:2001:4070:101:2::1]) by mx1.freebsd.org (Postfix) ...

Respect,
Byung-Hee

-- 
"I trust these two men with my life. They are my two right arms. I cannot
insult them by sending them away."
-- Vito Corleone, "Chapter 1", page 29

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 confusion

[Wojciech Puchar]

AFAIK, IPv6 setup is much more difficult than IPv4 setup. Still i don't


i don't think so. it is no more difficult, or even easier.

more difficult is to put rev-dns entries but still not a problem
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 confusion

[Bob Johnson]

On 11/5/07, Aryeh M. Friedman <[EMAIL PROTECTED]> wrote:
> I want to set my machine up to be on both IPv4 and IPv6.   I have read
> the stuff on 6over4 and such and still a little confused on a few things:
>
> 1. The machine I want to do the tunneling on is behind a NAT'ed firewall
> how do I reliabelly obtain the external IP of the firewall (dhcp
> assigned from cable company)?

Probably the easiest method is to go to a web site that tells you what
IP you are coming from, e.g. http://www.go6.net (just below the top
banner). Or if you log in to your firewall it will be able to tell you
its external IP number.

>
> 2. If the machine I want to do the tunneling with is the DMZ host for
> the above FW do I need to add anything special to the FW's routing tables?

6to4 tunneling uses IP protocol type 41, so you need to tell your FW
to permit protocol 41 traffic. TCP, UDP, ICMP, etc. are all different
protocol types, so the syntax used to allow TCP traffic might work if
you use "41" instead of "TCP". You may also need a way to tell your
firewall to route all protocol 41 traffic to your IPv6 gateway system
so it can receive all of your incoming IPv6 traffic.

>
> 3. I am a little confused on how to pick the other end of the tunnel and
> how do I configure it once the first 2 items are solved?... The
> confusion comes from how is an arbitary (by me [with in the restrictions
> in stf(4)]) selected IPv6 IP supposed to be routable when IPv4 forces
> me to use the one assigned to me by my upstream router?

Pick the tunnel with the least delay!

The other restrictions only mean that if you have more than one IPv6
system on your local network, they must have unique IPv6 addresses. At
least, I think that's what they mean. This is the part of IPv6 over
IPv4 that I haven't directly experimented with yet, so I can tell you
what I think I understand, not what I've proven I understand, but here
it is:  You will run stf(4) on only one system on your LAN. That
system becomes your gateway to the IPv6 world. Other systems on your
LAN get other IPv6 addresses, all with the same initial 48 bits (I.E.
they all use the same IPv4 address to construct their IPv6 address,
but the rest of the address has to be different for each system in
your LAN). Outside systems will send traffic for your LAN to the
gateway system (the one running stf) and it will forward it
accordingly. You will need to tell the stf system that it is supposed
to perform that role, which for FreeBSD I think is accomplished by
adding rtadvd_enable="YES" to /etc/rc.conf. You may (or may not) find
it informative to read rtadvd(8). On all the other systems in your
LAN, you just need to enable IPv6, and they will talk to rtadvd and
configure themselves appropriately. At least, that's my understanding.

So far I have not used stf -- instead I have used tunneling via the
gw6c client and Freenet6 (i.e. http://www.go6.net). First install the
net/gateway6 port. Edit /usr/local/etc/gw6c.conf and change the
appropriate parts for an anonymous connection (the comments explain
them - in fact that may be the default). Also set gw6c.conf so your
system will be a router if you have other IPv6 systems on your LAN.
Then run gw6c and it will set up the tunnel, and run rtadvd for you if
appropriate. That should be all you have to do. Again, this is needed
only on your gateway system, so all the other systems on your network
need only have IPv6 enabled. It should also be obvious that both of
these methods completely bypass your existing IPv4 firewall, so every
system on your LAN will have unfirewalled exposure to the Internet,
unless you run an IPv6 firewall as well.

One advantage of using gw6c is that it can build a tunnel over
protocol 41, over TCP, or over UDP. So if your firewall prevents you
from getting a 6to4/stf tunnel working, try  gw6c. I also found it
easier to set up than figuring out what I needed to make stf work, but
I'm about to set up an stf system so I can directly compare the two.

If you like the gw6c method, go to http://www.go6.net and register for
a free account. Then edit gw6c.conf with your account info and other
appropriate changes, and restart it. You will be issued a permanent
IPv6 address tied to your account, so that if your external IPv4
address changes your IPv6 addresses do not change.


- Bob
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 confusion

[Byung-Hee HWANG]

Hi,

On Mon, 2007-11-05 at 03:16 -0500, Aryeh M. Friedman wrote:
> I want to set my machine up to be on both IPv4 and IPv6.   I have read
> the stuff on 6over4 and such and still a little confused on a few things:
> 
> 1. The machine I want to do the tunneling on is behind a NAT'ed firewall
> how do I reliabelly obtain the external IP of the firewall (dhcp
> assigned from cable company)?
> 
> 2. If the machine I want to do the tunneling with is the DMZ host for
> the above FW do I need to add anything special to the FW's routing tables?
> 
> 3. I am a little confused on how to pick the other end of the tunnel and
> how do I configure it once the first 2 items are solved?... The
> confusion comes from how is an arbitary (by me [with in the restrictions
> in stf(4)]) selected IPv6 IP supposed to be routable when IPv4 forces 
> me to use the one assigned to me by my upstream router?

AFAIK, IPv6 setup is much more difficult than IPv4 setup. Still i don't
know well what IPv6 is. Let's go easy.. you need some practice with 6to4
setup. The 6to4 setup is very simple if you have the native IPv4
address(es). Then you can try the 6over4 (more difficult than 6to4) with
gif(4).

At first, here is good reference for 6to4 setup:
http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html

As fas as i can tell, you need practice and practice and practice, one
by one, then you can obtain what you want..

Sincerely,
  
-- 
$LUG: projects/mp3/the-godfather,v 1.6 2007/10/11 09:37:50 bh Exp $

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: IPv6 Display - Multiple Applications

[Mike Sweetser - Adhost]

Have you tried using -W on netstat?  "In certain displays, avoid
truncating addresses even if this causes some fields to overflow."  I
tested it on my own IPv6 server after establishing a connection and
reproduced your behavior with the truncated IPv6 addresses; however,
once I added the -W flag, it displayed the entire address.

Unfortunately, I do not see a similar flag available for the who
command...maybe a patch is in order?

--
Mike Sweetser | Systems Administrator

Adhost Internet
140 Fourth Avenue North, Suite 360, Seattle, Washington 98109 USA
P 206.404.9023T 888.234.6781 (ADHOST-1)F 206.404.9050
E [EMAIL PROTECTED]W adhost.com

Our brand new Adhost West data center is open - contact us for a tour at
1-888-234-6781 (ADHOST-1)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael K.
Smith - Adhost
Sent: Tuesday, October 16, 2007 1:37 PM
To: freebsd-questions@freebsd.org
Subject: IPv6 Display - Multiple Applications

Hello All:

I'm curious if there is any timeline for the correct display of IPv6
addresses in various displays.  In particular, I'm interested in being
able to see a full address in 'who' and 'netstat' so I can track
connections to the server.  Presently, the display shows:

[EMAIL PROTECTED] ~]$ who
mksmith  ttyp0Oct 16 13:26 (2001:468:1420:f:)

[EMAIL PROTECTED] ~]$ netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address
(state)
tcp6   0 52  www6.ssh   2001:468:1420:f:.52619
ESTABLISHED
t

The full address includes another 64 bits or the whole host portion.  Is
this a bug, something in progress, or by design?

Regards,

Mike

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel Brokers?

[Eric Crist]

On Aug 1, 2007, at 4:41 PMAug 1, 2007, Javier Henderson wrote:


On Wed, August 1, 2007 16:12, Christopher Hilton wrote:

Javier Henderson wrote:

On Wed, 1 Aug 2007 09:52:45 -0500, Eric Crist wrote:

Hey list,

While my ISP is rather geeky and more than willing to give me an  
IPv6

tunnel to the internet, there seems to be a large number of routing
problems upstream from them that prevent us from accessing the
majority of the IPv6 net.

So, I ask two things really.

1) Does anyone know of an ISP that'll give me a /48 or /64 they'll
route across a gif tunnel?


http://www.tunnelbroker.net/

I use them and seem to be quite good.



I second that recommendation. The ISP in question is Hurricane  
Electric
and the process is 100% web driven. It took me less than a day to  
get a

gif tunnel up and an ipv6 /64 assignment.


I was up and running in a few hours!

I'm using a Cisco rouer on my end, it was very easy to set up and  
get going.


-jav (disclaimer: I work at Cisco)


Thanks for the pointer to he.net!  I signed up, and my tunnel was  
approved within a half hour.  I've already setup reverse DNS and the  
tunnel, and, 2 hours after signing up, I'm routed and operational!


What's weird, is that from the he.net tunnel, I can ping6  
www.kame.net, and I can ping6 my other ip6 addresse (my other  
tunnel).  But, from my old tunnel, I cannot ping6 www.kame.net.


Must be a routing issue somewhere between...

Thanks for the pointer guys!

Eric Crist

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel Brokers?

[Javier Henderson]

On Wed, August 1, 2007 16:12, Christopher Hilton wrote:
> Javier Henderson wrote:
>> On Wed, 1 Aug 2007 09:52:45 -0500, Eric Crist wrote:
>>> Hey list,
>>>
>>> While my ISP is rather geeky and more than willing to give me an IPv6
>>> tunnel to the internet, there seems to be a large number of routing
>>> problems upstream from them that prevent us from accessing the
>>> majority of the IPv6 net.
>>>
>>> So, I ask two things really.
>>>
>>> 1) Does anyone know of an ISP that'll give me a /48 or /64 they'll
>>> route across a gif tunnel?
>>
>> http://www.tunnelbroker.net/
>>
>> I use them and seem to be quite good.
>>
>
> I second that recommendation. The ISP in question is Hurricane Electric
> and the process is 100% web driven. It took me less than a day to get a
> gif tunnel up and an ipv6 /64 assignment.

I was up and running in a few hours!

I'm using a Cisco rouer on my end, it was very easy to set up and get going.

-jav (disclaimer: I work at Cisco)


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel Brokers?

[Tuc at T-B-O-H.NET]

> 
> I second that recommendation. The ISP in question is Hurricane Electric 
> and the process is 100% web driven. It took me less than a day to get a 
> gif tunnel up and an ipv6 /64 assignment.
> 
>
They are FAIRLY response to service issues (I had problems getting
to FTP1.FREEBSD.ORG for a bit, and within 8 hours of putting a ticket in
it was resolved). They also show exact configuration for 1/2 a dozen
different OS/routers.

Tuc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel Brokers?

[Christopher Hilton]

Javier Henderson wrote:

On Wed, 1 Aug 2007 09:52:45 -0500, Eric Crist wrote:

Hey list,

While my ISP is rather geeky and more than willing to give me an IPv6 
tunnel to the internet, there seems to be a large number of routing 
problems upstream from them that prevent us from accessing the 
majority of the IPv6 net.


So, I ask two things really.

1) Does anyone know of an ISP that'll give me a /48 or /64 they'll 
route across a gif tunnel?


http://www.tunnelbroker.net/

I use them and seem to be quite good.



I second that recommendation. The ISP in question is Hurricane Electric 
and the process is 100% web driven. It took me less than a day to get a 
gif tunnel up and an ipv6 /64 assignment.


-- Chris

--
  __o  "All I was doing was trying to get home from work."
_`\<,_   -Rosa Parks
___(*)/_(*)___
Christopher Sean Hilton
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel Brokers?

[Javier Henderson]

On Wed, 1 Aug 2007 09:52:45 -0500, Eric Crist wrote:
> Hey list,
> 
> While my ISP is rather geeky and more than willing to give me an IPv6 
> tunnel to the internet, there seems to be a large number of routing 
> problems upstream from them that prevent us from accessing the 
> majority of the IPv6 net.
> 
> So, I ask two things really.
> 
> 1) Does anyone know of an ISP that'll give me a /48 or /64 they'll 
> route across a gif tunnel?

http://www.tunnelbroker.net/

I use them and seem to be quite good.

-jav
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel Brokers?

[Eric Crist]

Sure I was:

"[T]here seems to be a large number of routing problems upstream from  
them that prevent us from accessing the majority of the IPv6 net."


Eric

On Aug 1, 2007, at 10:06 AMAug 1, 2007, Tuc at T-B-O-H.NET wrote:


http://ipv6tb.he.net/index.php

You aren't clear on the problems at the ISP, so not sure what to tell
you.

Tuc


Hey list,

While my ISP is rather geeky and more than willing to give me an IPv6
tunnel to the internet, there seems to be a large number of routing
problems upstream from them that prevent us from accessing the
majority of the IPv6 net.

So, I ask two things really.

1) Does anyone know of an ISP that'll give me a /48 or /64 they'll
route across a gif tunnel?
2) What could I do to help remedy this routing problem?

Thanks!

Eric Crist
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions- 
[EMAIL PROTECTED]"






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 connection question

[Robert Huff]

Mike Tancsa writes:

>  >+TCP: [::1]:49478 to [::1]:4080 tcpflags 0x2; tcp_input: Connection 
> attempt to closed port
>  
>  Does
>  sysctl -w net.inet.tcp.log_in_vain=0
>  get rid of them ?

Thank you - this led me down a different path and I now know
what needs to happen.


Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipv6 connection question

[Mike Tancsa]

On Wed, 11 Jul 2007 08:00:05 -0400, in sentex.lists.freebsd.questions
you wrote:

>
>Hello:
>   I've recently started getting these in the system log:
>
>+TCP: [::1]:49478 to [::1]:4080 tcpflags 0x2; tcp_input: Connection 
>attempt to closed port
>
>   The program affected works anyway, but I'd like to dispense
>with the clutter.  What's happening, and is there a way to fix it
>without re-compiling?  (E.g. firewall setting.)
>

Does
sysctl -w net.inet.tcp.log_in_vain=0
get rid of them ?

---Mike

>
>   Robert Huff
>___
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
[EMAIL PROTECTED], (http://www.tancsa.com)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Setup...

[Eric F Crist]

On Jun 22, 2007, at 9:23 PMJun 22, 2007, Eric F Crist wrote:


Hello all,

I've been toying with getting IPv6 installed and running for a  
while, and I've got only one hurdle remaining.


I have 5 servers on my quaint little network, and my primary  
firewall is configured with an IPv6 address, we'll say  
1000:2000:1::6 and is connected to my ISP through a gif tunnel  
(router doesn't support IPv6 yet, on my end) to 1000:2000:1::5.  I  
can ping6 all day long across this tunnel, and I can even connect  
through this firewall to other sites using the IPv6 addresses.


I've been given 2001:4900:1:0111::/64 for my use.  I've configured / 
etc/rc.conf on my first two machines with ipv6_enable="YES" and  
given them 2001:4980:1:0111::1 and 2001:4980:1:0111::2.  Each  
machine can ping6 itself, but they cannot ping6 eachother.  I know  
the copper is good, and my ipv6 is running along side my ipv4  
addresses and such.  In addition, there are no firewalls in between.


Is there something I'm missing?

Also, what the heck is rtadvd_enable="YES" actually doing for me?   
I understand it's broadcasting some routing stuff so my other hosts  
can auto-configure their IPv6 addresses, but anything else?


Thanks a lot all!
-
Eric F Crist
Secure Computing Networks



Alright, sorry to reply to my own post, but the situation is a little  
different than I thought.  As it turns out, all of my systems can  
ping eachother, save my gateway/firewall machine.  This machine is  
configured with 2 NICs, with ethernet bridging.  My configuration is  
as follows:


INET -- ROUTER -- FBSD GATEWAY -- LAN

While the FBSD GATEWAY has an IP assigned to it's internal interface  
(available from both sides), and it's bridging IPv6 correctly, I'm  
thinking this may be my IPv6 problem.  The gateway has a gif tunnel  
to my ISP for IPv6 routing, as my cheap router doesn't support the  
new IP protocol.  The gateway can ping across the tunnel using IPv6  
perfectly fine.  It can also ping it's own IPv6 addresses, regardless  
of the interface.  What I CANNOT do, is ping to the IPv6 box from any  
machine on my LAN.  I can ping IPv4 just fine.


Please help!

Eric Crist


-
Eric F Crist
Secure Computing Networks


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Setup...

[Eric Crist]

On Jun 23, 2007, at 7:17 AMJun 23, 2007, Tilman Linneweh wrote:



On Jun 23, 2007, at 04:36 , Eric Crist wrote:
I have 5 servers on my quaint little network, and my primary  
firewall is configured with an IPv6 address, we'll say  
1000:2000:1::6 and is connected to my ISP through a gif tunnel  
(router doesn't support IPv6 yet, on my end) to 1000:2000:1::5.  I  
can ping6 all day long across this tunnel, and I can even connect  
through this firewall to other sites using the IPv6 addresses.


I've been given 2001:4900:1:0111::/64 for my use.  I've  
configured /etc/rc.conf on my first two machines with  
ipv6_enable="YES" and given them 2001:4980:1:0111::1 and  
2001:4980:1:0111::2.  Each machine can ping6 itself, but they  
cannot ping6 eachother.  I know the copper is good, and my ipv6 is  
running along side my ipv4 addresses and such.  In addition, there  
are no firewalls in between.


Is there something I'm missing?


Maybe you used a /128 netmask, or a wrong routing table? Try  
sniffing with tcpdump/wireshark to see what is going on.




Also, what the heck is rtadvd_enable="YES" actually doing for me?   
I understand it's broadcasting some routing stuff so my other  
hosts can auto-configure their IPv6 addresses, but anything else?




There is a section in the handbook about ipv6:
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network- 
ipv6.html




Something I've just learned is that autoconfiguration of IPv6 *is*  
working to my ipv6 gateway.  I can ping between machines using their  
autoconfiguration addresses, however, I cannot ping statically  
assigned addresses.  Also, it appears that all of my servers, those  
set to autoconf and those note, have 2001:4900:1:111::1 assigned to  
their loopback address.  Is this normal?  The route on a host looks  
like:


Internet6:
DestinationGatewayFlags  Netif Expire
:: localhost.secure-c UGRSlo0
localhost.secure-c localhost.secure-c UHL lo0
:::0.0.0.0 localhost.secure-c UGRSlo0
2001:4900:1:111::  link#1 UC  sk0
2001:4900:1:111::1 my:ma:ca:dd:re:ss  UHL lo0
2001:4900:1:111:20 ma:ca:dd:re:ss:02  UHLWsk0
fe80:: localhost.secure-c UGRSlo0
fe80::%sk0 link#1 UC  sk0
fe80::212:17ff:fe4 my:mc:ca:dd:re:ss  UHL lo0
fe80::%lo0 fe80::1%lo0U   lo0
fe80::1%lo0link#4 UHL lo0
ff01:1::   link#1 UC  sk0
ff01:4::   localhost.secure-c UC  lo0
ff02:: localhost.secure-c UGRSlo0
ff02::%sk0 link#1 UC  sk0
ff02::%lo0 localhost.secure-c UC  lo0

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Setup...

[Tilman Linneweh]

On Jun 23, 2007, at 04:36 , Eric Crist wrote:
I have 5 servers on my quaint little network, and my primary  
firewall is configured with an IPv6 address, we'll say  
1000:2000:1::6 and is connected to my ISP through a gif tunnel  
(router doesn't support IPv6 yet, on my end) to 1000:2000:1::5.  I  
can ping6 all day long across this tunnel, and I can even connect  
through this firewall to other sites using the IPv6 addresses.


I've been given 2001:4900:1:0111::/64 for my use.  I've configured / 
etc/rc.conf on my first two machines with ipv6_enable="YES" and  
given them 2001:4980:1:0111::1 and 2001:4980:1:0111::2.  Each  
machine can ping6 itself, but they cannot ping6 eachother.  I know  
the copper is good, and my ipv6 is running along side my ipv4  
addresses and such.  In addition, there are no firewalls in between.


Is there something I'm missing?


Maybe you used a /128 netmask, or a wrong routing table? Try sniffing  
with tcpdump/wireshark to see what is going on.




Also, what the heck is rtadvd_enable="YES" actually doing for me?   
I understand it's broadcasting some routing stuff so my other hosts  
can auto-configure their IPv6 addresses, but anything else?




There is a section in the handbook about ipv6:
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network- 
ipv6.html


regards
arved


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Setup...

[Eric Crist]

On Jun 23, 2007, at 7:17 AMJun 23, 2007, Tilman Linneweh wrote:



On Jun 23, 2007, at 04:36 , Eric Crist wrote:
I have 5 servers on my quaint little network, and my primary  
firewall is configured with an IPv6 address, we'll say  
1000:2000:1::6 and is connected to my ISP through a gif tunnel  
(router doesn't support IPv6 yet, on my end) to 1000:2000:1::5.  I  
can ping6 all day long across this tunnel, and I can even connect  
through this firewall to other sites using the IPv6 addresses.


I've been given 2001:4900:1:0111::/64 for my use.  I've  
configured /etc/rc.conf on my first two machines with  
ipv6_enable="YES" and given them 2001:4980:1:0111::1 and  
2001:4980:1:0111::2.  Each machine can ping6 itself, but they  
cannot ping6 eachother.  I know the copper is good, and my ipv6 is  
running along side my ipv4 addresses and such.  In addition, there  
are no firewalls in between.


Is there something I'm missing?


Maybe you used a /128 netmask, or a wrong routing table? Try  
sniffing with tcpdump/wireshark to see what is going on.




Also, what the heck is rtadvd_enable="YES" actually doing for me?   
I understand it's broadcasting some routing stuff so my other  
hosts can auto-configure their IPv6 addresses, but anything else?




There is a section in the handbook about ipv6:
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network- 
ipv6.html




Tilman,

Thanks for the reply.  I'm sure I'm using a /64 prefix and I've  
already read heavily through the page mentioned above.


Any other ideas?

Eric Crist
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 jails

[Roland Smith]

On Sun, May 27, 2007 at 08:24:43AM -0700, Ofloo wrote:
> 
> Hi,
> 
> I'm new to jails, but from what I understand is that a jail allows one
> to have multiple virtual systems on one system, now I was wondering if
> this could be done through IPv6, I would want to setup multiple IPv6
> only systems, does anyone know if this is possible with FreeBSD6.2 ? Or
> any BSD OS.

Jails don't support IPv6 AFAIK. You could use redirection in your
firewall to make the jails look like IPv6 addresses externally?

Roland
-- 
R.F.Smith   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)


pgpW2ShtQubZZ.pgp
Description: PGP signature

Re: IPv6 Tunnel issues...

[Eric F Crist]

On 3/20/07, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote:


On Tuesday 20 March 2007 17:01, Eric F Crist wrote:
> On 3/20/07, Eric F Crist <[EMAIL PROTECTED]> wrote:
> >
> > My ISP tells me it should be prefixlen 126, not 128
> >
> > On 3/20/07, Björn König <[EMAIL PROTECTED] > wrote:
> > >
> > > Eric F Crist schrieb:
> > > > [...] I'm performing the configuration as follows:
> > > >
> > > > ifconfig gif0 create
> > > > ifconfig gif0 tunnel  
> > > > ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen
126
> > > >
> > > > When I execute the last command, I get:
> > > > ifconfig: ioctl (SIOCAIFADDR): Invalid argument
> > > >
> > > > [...]
> > >
> > > Use a prefix length of 128 instead of 126.
> > >
> > > Regards
> > > Björn
> >
> >
> Sorry for the top post earlier.  I've eliminated the second IP address
on
> the inet6 ifconfig command, and prefixlen 126 is accepted.  Now I just
get
> no ping replies accross the gif0 interface.  ifconfig shows all the
correct
> information, and netstat -rn shows valid routes.  What am I missing?  I
> *did* have this working at one time this morning, but I tried to get
things
> into rc.conf and haven't been able to get it back up.

There is an errata notice about gif(4)s,
don't know it affects you...

http://www.freebsd.org/releases/6.2R/errata.html



Yes, I saw that, my first post mentions I'm patched and good-to-go.  I've
also tried the work around mentioned, just to be sure.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel issues...

[Björn König]

Eric F Crist schrieb:

[...] I'm performing the configuration as follows:

ifconfig gif0 create
ifconfig gif0 tunnel  
ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen 126

When I execute the last command, I get:
ifconfig: ioctl (SIOCAIFADDR): Invalid argument

[...]


Use a prefix length of 128 instead of 126.

Regards
Björn
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel issues...

[Nikos Vassiliadis]

On Tuesday 20 March 2007 17:01, Eric F Crist wrote:
> On 3/20/07, Eric F Crist <[EMAIL PROTECTED]> wrote:
> >
> > My ISP tells me it should be prefixlen 126, not 128
> >
> > On 3/20/07, Björn König <[EMAIL PROTECTED] > wrote:
> > >
> > > Eric F Crist schrieb:
> > > > [...] I'm performing the configuration as follows:
> > > >
> > > > ifconfig gif0 create
> > > > ifconfig gif0 tunnel  
> > > > ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen 126
> > > >
> > > > When I execute the last command, I get:
> > > > ifconfig: ioctl (SIOCAIFADDR): Invalid argument
> > > >
> > > > [...]
> > >
> > > Use a prefix length of 128 instead of 126.
> > >
> > > Regards
> > > Björn
> >
> >
> Sorry for the top post earlier.  I've eliminated the second IP address on
> the inet6 ifconfig command, and prefixlen 126 is accepted.  Now I just get
> no ping replies accross the gif0 interface.  ifconfig shows all the correct
> information, and netstat -rn shows valid routes.  What am I missing?  I
> *did* have this working at one time this morning, but I tried to get things
> into rc.conf and haven't been able to get it back up.

There is an errata notice about gif(4)s,
don't know it affects you...

http://www.freebsd.org/releases/6.2R/errata.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 Tunnel issues...

[Eric F Crist]

On 3/20/07, Eric F Crist <[EMAIL PROTECTED]> wrote:


My ISP tells me it should be prefixlen 126, not 128

On 3/20/07, Björn König <[EMAIL PROTECTED] > wrote:
>
> Eric F Crist schrieb:
> > [...] I'm performing the configuration as follows:
> >
> > ifconfig gif0 create
> > ifconfig gif0 tunnel  
> > ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen 126
> >
> > When I execute the last command, I get:
> > ifconfig: ioctl (SIOCAIFADDR): Invalid argument
> >
> > [...]
>
> Use a prefix length of 128 instead of 126.
>
> Regards
> Björn



Sorry for the top post earlier.  I've eliminated the second IP address on
the inet6 ifconfig command, and prefixlen 126 is accepted.  Now I just get
no ping replies accross the gif0 interface.  ifconfig shows all the correct
information, and netstat -rn shows valid routes.  What am I missing?  I
*did* have this working at one time this morning, but I tried to get things
into rc.conf and haven't been able to get it back up.

TIA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPV6

[Lowell Gilbert]

"jaroonsak paokeaw" <[EMAIL PROTECTED]> writes:

> plzplzplz
> 
> i want to make my server(freeBSD) to work with ipv6. but i'm new people for 
> linux operation ( T T ). Can you have "how to" or handbook for setup my 
> server to ipv6( Step-by-step) .

FreeBSD isn't Linux, but assuming you actually do mean FreeBSD, the
IPv6 section of the FreeBSD Handbook is at:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ipv6.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6: routing on the local LAN

[Dan Langille]

On 25 Dec 2005 at 2:59, Ariff Abdullah wrote:

> On Sat, 24 Dec 2005 12:37:56 -0500
> "Dan Langille" <[EMAIL PROTECTED]> wrote:
> > Gidday folks,
> > 
> > I have an IPv6 routing problem within my LAN behind the gateway.
> > 
> > I have an IPv6 tunnel supplied by Hurricane Electric.  The tunnel is
> > 
> > setup and working.  From my gateway I can access various IPv6 
> > websites (e.g http://www.kame.net).  I have enabled rtadvd(8) on my 
> > gateway.  For the netstat, ifconfig, etc, see [1].
> > 
> > >From a computer inside my gateway, I cannot ping anything, not even
> > >
> > the gateway.  I suspect it's because the routing tables are not
> > being  set up on the gateway.  I expected the system to do that 
> > automatically.  I also expected fxp0 to get an IPv6 address out of 
> > this.  Did I guess wrong?  I suspect that if I can get fxp0 on the 
> > gateway, all will be well.  If not, I think Ineed to set up static 
> > routes.
> 
> Add a single 2001:470:1F00:1979::/64 address each for both fxp0/1. You
> don't even need rtadv.conf :)
> 
> rc.conf:-
> ipv6_ifconfig_fxp0="2001:470:1F00:1979::1/64"
> ipv6_ifconfig_fxp1="2001:470:1F00:1979::2/64"

Right you are!  I just renamed /etc/rtadvd.conf to something else, 
rebooted the gateway, confirmed rtadvd was running, then I rebooted 
the workstation.  It came back with:

$ ifconfig fxp0
fxp0: flags=8843 mtu 1500
inet 10.55.0.23 netmask 0xff00 broadcast 10.55.0.255
inet6 fe80::204:acff:fed3:7823%fxp0 prefixlen 64 scopeid 0x1
inet6 2001:470:1f00:1979:204:acff:fed3:7823 prefixlen 64 
autoconf
ether 00:04:ac:d3:78:23
media: Ethernet autoselect (100baseTX )
status: active
$

You suggested putting an IPv6 address on fxp0 (the NIC on my gateway 
that faces my ISP).  Why?  No IPv6 traffic should meet that NIC.  It 
should all go out the tunnel on gif0.  fxp1 is my LAN, so I can see 
why I need an IPv6 address there.

Thank you.
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6: routing on the local LAN

[Dan Langille]

On 25 Dec 2005 at 15:05, Ariff Abdullah wrote:

> On Sat, 24 Dec 2005 21:22:20 -0500
> "Dan Langille" <[EMAIL PROTECTED]> wrote:
> > On 25 Dec 2005 at 2:59, Ariff Abdullah wrote:
> > 
> > > On Sat, 24 Dec 2005 12:37:56 -0500
> > > "Dan Langille" <[EMAIL PROTECTED]> wrote:
> > > > Gidday folks,
> > > > 
> > > > I have an IPv6 routing problem within my LAN behind the gateway.
> > > > 
> > > > I have an IPv6 tunnel supplied by Hurricane Electric.  The
> > > > tunnel is
> > > > 
> > > > setup and working.  From my gateway I can access various IPv6 
> > > > websites (e.g http://www.kame.net).  I have enabled rtadvd(8) on
> > > > my  gateway.  For the netstat, ifconfig, etc, see [1].
> > > > 
> > > > >From a computer inside my gateway, I cannot ping anything, not
> > > > >even
> > > > >
> > > > the gateway.  I suspect it's because the routing tables are not
> > > > being  set up on the gateway.  I expected the system to do that 
> > > > automatically.  I also expected fxp0 to get an IPv6 address out
> > > > of  this.  Did I guess wrong?  I suspect that if I can get fxp0
> > > > on the  gateway, all will be well.  If not, I think Ineed to set
> > > > up static  routes.
> > > 
> > > Add a single 2001:470:1F00:1979::/64 address each for both fxp0/1.
> > > You don't even need rtadv.conf :)
> > > 
> > > rc.conf:-
> > > ipv6_ifconfig_fxp0="2001:470:1F00:1979::1/64"
> > > ipv6_ifconfig_fxp1="2001:470:1F00:1979::2/64"
> > 
> > Thanks.
> > 
> > I wanted to run rtadvd for the boxes inside the LAN.  That ensure 
> > they get an address in the right range (AFAIK).
> >
> For this simple configuration, you don't even need rtadvd.conf. Adding
> anyprefix/64 address to router interface and running rtadvd -D
> router_interface will do the job.

man rtadvd shows that -D is debugging.

$ grep rtad /etc/rc.conf
rtadvd_enable="YES" # let our LAN know the IPv6 
default route
rtadvd_interfaces="fxp1"# our private LAN

I can't try it yet, but it looks like removing /etc/rtadvd.conf may 
do the trick.

Merry Christmas.
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6: routing on the local LAN

[Ariff Abdullah]

On Sat, 24 Dec 2005 21:22:20 -0500
"Dan Langille" <[EMAIL PROTECTED]> wrote:
> On 25 Dec 2005 at 2:59, Ariff Abdullah wrote:
> 
> > On Sat, 24 Dec 2005 12:37:56 -0500
> > "Dan Langille" <[EMAIL PROTECTED]> wrote:
> > > Gidday folks,
> > > 
> > > I have an IPv6 routing problem within my LAN behind the gateway.
> > > 
> > > I have an IPv6 tunnel supplied by Hurricane Electric.  The
> > > tunnel is
> > > 
> > > setup and working.  From my gateway I can access various IPv6 
> > > websites (e.g http://www.kame.net).  I have enabled rtadvd(8) on
> > > my  gateway.  For the netstat, ifconfig, etc, see [1].
> > > 
> > > >From a computer inside my gateway, I cannot ping anything, not
> > > >even
> > > >
> > > the gateway.  I suspect it's because the routing tables are not
> > > being  set up on the gateway.  I expected the system to do that 
> > > automatically.  I also expected fxp0 to get an IPv6 address out
> > > of  this.  Did I guess wrong?  I suspect that if I can get fxp0
> > > on the  gateway, all will be well.  If not, I think Ineed to set
> > > up static  routes.
> > 
> > Add a single 2001:470:1F00:1979::/64 address each for both fxp0/1.
> > You don't even need rtadv.conf :)
> > 
> > rc.conf:-
> > ipv6_ifconfig_fxp0="2001:470:1F00:1979::1/64"
> > ipv6_ifconfig_fxp1="2001:470:1F00:1979::2/64"
> 
> Thanks.
> 
> I wanted to run rtadvd for the boxes inside the LAN.  That ensure 
> they get an address in the right range (AFAIK).
>
For this simple configuration, you don't even need rtadvd.conf. Adding
anyprefix/64 address to router interface and running rtadvd -D
router_interface will do the job.

> Now... I just have to find someone with services, such as cvsup, 
> available only over IPv6 But what I've been reading indicates 
> that cvsup is not IPv6 aware.
> 
AFAIK we're out of luck for now.

> 


--
Ariff Abdullah
MyBSD

http://www.MyBSD.org.my (IPv6/IPv4)
http://staff.MyBSD.org.my (IPv6/IPv4)
http://tomoyo.MyBSD.org.my (IPv6/IPv4)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6: routing on the local LAN

[Dan Langille]

On 25 Dec 2005 at 2:59, Ariff Abdullah wrote:

> On Sat, 24 Dec 2005 12:37:56 -0500
> "Dan Langille" <[EMAIL PROTECTED]> wrote:
> > Gidday folks,
> > 
> > I have an IPv6 routing problem within my LAN behind the gateway.
> > 
> > I have an IPv6 tunnel supplied by Hurricane Electric.  The tunnel is
> > 
> > setup and working.  From my gateway I can access various IPv6 
> > websites (e.g http://www.kame.net).  I have enabled rtadvd(8) on my 
> > gateway.  For the netstat, ifconfig, etc, see [1].
> > 
> > >From a computer inside my gateway, I cannot ping anything, not even
> > >
> > the gateway.  I suspect it's because the routing tables are not
> > being  set up on the gateway.  I expected the system to do that 
> > automatically.  I also expected fxp0 to get an IPv6 address out of 
> > this.  Did I guess wrong?  I suspect that if I can get fxp0 on the 
> > gateway, all will be well.  If not, I think Ineed to set up static 
> > routes.
> 
> Add a single 2001:470:1F00:1979::/64 address each for both fxp0/1. You
> don't even need rtadv.conf :)
> 
> rc.conf:-
> ipv6_ifconfig_fxp0="2001:470:1F00:1979::1/64"
> ipv6_ifconfig_fxp1="2001:470:1F00:1979::2/64"

Thanks.

I wanted to run rtadvd for the boxes inside the LAN.  That ensure 
they get an address in the right range (AFAIK).

Now... I just have to find someone with services, such as cvsup, 
available only over IPv6 But what I've been reading indicates 
that cvsup is not IPv6 aware.
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6: routing on the local LAN

[Ariff Abdullah]

On Sat, 24 Dec 2005 12:37:56 -0500
"Dan Langille" <[EMAIL PROTECTED]> wrote:
> Gidday folks,
> 
> I have an IPv6 routing problem within my LAN behind the gateway.
> 
> I have an IPv6 tunnel supplied by Hurricane Electric.  The tunnel is
> 
> setup and working.  From my gateway I can access various IPv6 
> websites (e.g http://www.kame.net).  I have enabled rtadvd(8) on my 
> gateway.  For the netstat, ifconfig, etc, see [1].
> 
> >From a computer inside my gateway, I cannot ping anything, not even
> >
> the gateway.  I suspect it's because the routing tables are not
> being  set up on the gateway.  I expected the system to do that 
> automatically.  I also expected fxp0 to get an IPv6 address out of 
> this.  Did I guess wrong?  I suspect that if I can get fxp0 on the 
> gateway, all will be well.  If not, I think Ineed to set up static 
> routes.

Add a single 2001:470:1F00:1979::/64 address each for both fxp0/1. You
don't even need rtadv.conf :)

rc.conf:-
ipv6_ifconfig_fxp0="2001:470:1F00:1979::1/64"
ipv6_ifconfig_fxp1="2001:470:1F00:1979::2/64"

> 
> The workstation inside the LAN has the config shown in [2].  
> 
> Checking via tcpdump on the gateway, I can see pings from the client
> 
> hitting the internal NIC (fxp1) and going out the IPv6 tunnel
> (gif0).
> 
> In case I've missed something about setting up the tunnel, the 
> details are [3].
> 
> Suggestions, comments, thanks.
> 
> [1] Gateway - 
> [2] Client - 
> [3] Tunnel - 



--
Ariff Abdullah
MyBSD

http://www.MyBSD.org.my (IPv6/IPv4)
http://staff.MyBSD.org.my (IPv6/IPv4)
http://tomoyo.MyBSD.org.my (IPv6/IPv4)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Simple IPv6 question [Was: Re: IPv6 site local EUI-64 adresses and jails]

[Michael W. Oliver]

On 2005-08-15T20:51:05+0200, Emanuel Strobl wrote:
> Dear inet6 guys,
> 
> I don't know the kind of addresses FreeBSD uses for autoconfigured 
> link-local addresses.
> For example: fe80::20e:cff:fe34:2bf8%em0
> 
> What the hack is %em0 ??? Interestingly I can use this address, but ping6 
> fe80::20e:cff:fe34:2bf8 doesn't work
> The Handbook doesn't clarify this mysterious address. Is it FreeBSD 
> specific?

Check out

http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ipv6.html

``Some of the userland tools support extended numeric IPv6 syntax, as
documented in draft-ietf-ipngwg-scopedaddr-format-00.txt. You can
specify outgoing link, by using name of the outgoing interface like
"fe80::1%ne0". This way you will be able to specify link-local scoped
address without much trouble.''

-- 
Mike Oliver
[see complete headers for contact information]


pgp2o1kLD0K0u.pgp
Description: PGP signature

Simple IPv6 question [Was: Re: IPv6 site local EUI-64 adresses and jails]

[Emanuel Strobl]

Am Freitag, 12. August 2005 21:24 CEST schrieb Emanuel Strobl:
> Am Freitag, 12. August 2005 20:53 CEST schrieb Emanuel Strobl:
> > Hi all,
> >
> > I'm quiet new to IPv6 so I'd like to ask some questions:
>
> Here are two more:
>
> How do I use the eui64 option of ifconfig? 'ifconfig fxp0 inet6
> fe80:0:0:0:eui64 ' doesn't work!
>
> What's the meaning of the "%fxp0" tail of the ifconfig output for the
> inet6 address?

Dear inet6 guys,

I don't know the kind of addresses FreeBSD uses for autoconfigured 
link-local addresses.
For example: fe80::20e:cff:fe34:2bf8%em0

What the hack is %em0 ??? Interestingly I can use this address, but ping6 
fe80::20e:cff:fe34:2bf8 doesn't work
The Handbook doesn't clarify this mysterious address. Is it FreeBSD 
specific?

Thanks in andvance, I posted this also to current@ since I got no answer 
from questions@

-Harry


>
> Thanks,
>
> -Harry
>
> > So far I know how to generate s site-local address on basis of the MAC
> > address of the interface. That's what FreeBSD does itself for INET6
> > enabled kernels.
> > Now in the 24-16-24 scheme of th interface id part of the IPv6
> > address, the 16 bits were inserted with the value FFFE. And bit 57 was
> > changed to one! Why What if it is alread one? Or isn't tehre any
> > vendor who can have bit 41 of his MAC 1?
> > Now I want to use a dedicated interface, which is in a different
> > subnet, for 5 jails. How do I do that if I want to keep the MAC
> > relation and if I'm not allewd to change the FFFE insert? It isn't
> > possible then, is it? What should I do instead? Invent my own 64-bit
> > scheme?
> >
> > I hope you understand my questions, thanks a lot in advance,
> >
> > -Harr


pgptY0pgdPFKS.pgp
Description: PGP signature

Re: IPv6 site local EUI-64 adresses and jails

[Emanuel Strobl]

Am Samstag, 13. August 2005 10:53 CEST schrieb David Malone:
> On Fri, Aug 12, 2005 at 08:53:20PM +0200, Emanuel Strobl wrote:
> > Now in the 24-16-24 scheme of th interface id part of the IPv6
> > address, the 16 bits were inserted with the value FFFE. And bit 57 was
> > changed to one! Why What if it is alread one? Or isn't tehre any
> > vendor who can have bit 41 of his MAC 1?
>
> Some of the bits of a MAC address are reserved. There is a bit that
> indicates if the address is the address of a group of machines (for
> multicast) or the address of a single machine. The bit that is
> flipped when generating IPv6 addresses is the "local/global" bit,
> that indicates if the address has been assigned locally or by some
> global authority.  For normal ethernet cards, this bit would always
> be 0.
>
> > Now I want to use a dedicated interface, which is in a different
> > subnet, for 5 jails. How do I do that if I want to keep the MAC
> > relation and if I'm not allewd to change the FFFE insert? It isn't
> > possible then, is it? What should I do instead? Invent my own 64-bit
> > scheme?
>
> I'd suggest that you use manually assigned addresses in cases like this.
> You know what sort of addresses will be generated by autoconfiguration,
> so it should be easy for you to choose addresses that won't clash.
>
> Unfortunately jails do not actually support restricting the use of IPv6
> addresses right now.

Thanks a lot for your explanation! I have patches from Olivier Houchard for 
testing which extends jails for IPv6 :)
He wrote it some time ago for RELENG_5 but wasn't sure if it is secure 
enough to committ it.
I think more teseters are welcome,  I have to solve some other IPv6 
proplems first (like auto host config and DNS?), so I attach the patches 
here, I can't imagine why Olivier wouldn't want that.

Best regards,

-Harry


>
>   David.
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
Index: sys/kern/kern_jail.c
===
RCS file: /cognet/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.50
diff -u -p -r1.50 kern_jail.c
--- sys/kern/kern_jail.c	23 Jun 2005 22:13:28 -	1.50
+++ sys/kern/kern_jail.c	12 Aug 2005 22:57:21 -
@@ -12,6 +12,7 @@ __FBSDID("$FreeBSD: src/sys/kern/kern_ja
 
 #include "opt_mac.h"
 
+#include "opt_inet6.h"
 #include 
 #include 
 #include 
@@ -49,7 +50,7 @@ SYSCTL_INT(_security_jail, OID_AUTO, set
 int	jail_socket_unixiproute_only = 1;
 SYSCTL_INT(_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
 &jail_socket_unixiproute_only, 0,
-"Processes in jail are limited to creating UNIX/IPv4/route sockets only");
+"Processes in jail are limited to creating UNIX/IP/route sockets only");
 
 int	jail_sysvipc_allowed = 0;
 SYSCTL_INT(_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
@@ -134,6 +135,9 @@ jail(struct thread *td, struct jail_args
 	error = copyinstr(j.hostname, &pr->pr_host, sizeof(pr->pr_host), 0);
 	if (error)
 		goto e_dropvnref;
+#ifdef INET6
+	memcpy(&pr->pr_ip6, &j.ip6_number, sizeof(pr->pr_ip6));
+#endif
 	pr->pr_ip = j.ip_number;
 	pr->pr_linux = NULL;
 	pr->pr_securelevel = securelevel;
@@ -375,18 +379,82 @@ prison_remote_ip(struct ucred *cred, int
 	return;
 }
 
+#ifdef INET6
+void
+prison_getip6(struct ucred *ucred, u_int8_t **ip6)
+{
+
+	memcpy(ip6, &ucred->cr_prison->pr_ip6,
+	sizeof(ucred->cr_prison->pr_ip6));
+}
+
+int
+prison_ip6(struct ucred *ucred, u_int8_t **ip6)
+{
+	struct in6_addr tmp;
+	
+	if (!jailed(ucred))
+		return (0);
+	memcpy(&tmp, ip6, sizeof(tmp));
+	if (IN6_IS_ADDR_LOOPBACK(&tmp) ||
+	IN6_IS_ADDR_UNSPECIFIED(&tmp)) {
+		memcpy(ip6, &ucred->cr_prison->pr_ip6, sizeof(tmp));
+		return (0);
+	}
+	if (IN6_ARE_ADDR_EQUAL((struct in6_addr *)ip6,
+	(struct in6_addr *)&ucred->cr_prison->pr_ip6))
+		return (1);
+	return (0);
+}
+
+void
+prison_remote_ip6(struct ucred *cred, u_int8_t **ip)
+{
+	struct in6_addr tmp;
+
+	if (!jailed(cred))
+		return;
+	memcpy(&tmp, ip, sizeof(tmp));
+	if (IN6_IS_ADDR_LOOPBACK(&tmp)) {
+		memcpy(ip, &cred->cr_prison->pr_ip6, sizeof(tmp));
+		return;
+	}
+	return;
+}
+
+#endif
+
 int
 prison_if(struct ucred *cred, struct sockaddr *sa)
 {
 	struct sockaddr_in *sai;
+#ifdef INET6
+	struct sockaddr_in6 *sa6;
+#endif
 	int ok;
 
 	sai = (struct sockaddr_in *)sa;
-	if ((sai->sin_family != AF_INET) && jail_socket_unixiproute_only)
-		ok = 1;
-	else if (sai->sin_family != AF_INET)
-		ok = 0;
-	else if (cred->cr_prison->pr_ip != ntohl(sai->sin_addr.s_addr))
+#ifdef INET6
+	sa6 = (struct sockaddr_in6 *)sa;
+#endif
+	if (sai->sin_family == AF_INET) {
+		if (cred->cr_prison->pr_ip != ntohl(sai->sin_addr.s_addr))
+			ok = 1;
+		else
+			ok = 0;
+	} else
+#ifdef INET6
+	if (sai->sin_family == AF_INET6) {
+		if (!IN6_ARE_ADDR_EQUAL((struct in6_addr *)
+		&cred->cr_pri

Re: IPv6 site local EUI-64 adresses and jails

[David Malone]

On Fri, Aug 12, 2005 at 08:53:20PM +0200, Emanuel Strobl wrote:
> Now in the 24-16-24 scheme of th interface id part of the IPv6 address, the 
> 16 bits were inserted with the value FFFE. And bit 57 was changed to one! 
> Why What if it is alread one? Or isn't tehre any vendor who can have 
> bit 41 of his MAC 1?

Some of the bits of a MAC address are reserved. There is a bit that
indicates if the address is the address of a group of machines (for
multicast) or the address of a single machine. The bit that is
flipped when generating IPv6 addresses is the "local/global" bit,
that indicates if the address has been assigned locally or by some
global authority.  For normal ethernet cards, this bit would always
be 0.

> Now I want to use a dedicated interface, which is in a different subnet, 
> for 5 jails. How do I do that if I want to keep the MAC relation and if 
> I'm not allewd to change the FFFE insert? It isn't possible then, is it?
> What should I do instead? Invent my own 64-bit scheme?

I'd suggest that you use manually assigned addresses in cases like this.
You know what sort of addresses will be generated by autoconfiguration,
so it should be easy for you to choose addresses that won't clash.

Unfortunately jails do not actually support restricting the use of IPv6
addresses right now.

David.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: IPv6 site local EUI-64 adresses and jails

[Emanuel Strobl]

Am Samstag, 13. August 2005 00:03 CEST schrieb Michael W. Oliver:
> On 2005-08-12T22:56:19+0200, Emanuel Strobl wrote:
> > Am Freitag, 12. August 2005 22:48 CEST schrieb Michael W. Oliver:
> >> ifconfig fxp0 inet6 3ffe:dead:beef:cafe::/64 eui64 alias
> >
> > Hmmm, that doesn't work here (6.0-beta2):
> >
> > ifconfig fxp0 inet6 fec0::/64 eui64 alias
> > ifconfig: could not determine link local address
>
> The link-local address is automatically configured, based on the mac
> address of the interface, so you can't (and wouldn't want to) configure
> it manually.  If you want to configure unicast addresses manually, use
> the /48 from your provider/broker, broken down into whatever prefixlen
> you want.

Just for playing I disabled auto link-local address generation, then I 
found that "ifconfig fxp0 inet6 fec0::1 delete" worked after I added that 
one (without alias, which was my testing reason). Then I also deleted the 
eui64 address and wanted to reassign it.
Another reason I tried to use the -eui64 option with ifconfig was because 
my fwe0 got no inet6 address!
Either the man page of ifconfig is wrong or something else, I couldn't get 
a working syntax with option eui64.

Thanks,

-Harry


>
> What is your current fxp0 configuration?


pgpsyRqn6jeef.pgp
Description: PGP signature

Re: IPv6 site local EUI-64 adresses and jails

[Michael W. Oliver]

On 2005-08-12T22:56:19+0200, Emanuel Strobl wrote:
> Am Freitag, 12. August 2005 22:48 CEST schrieb Michael W. Oliver:
>> ifconfig fxp0 inet6 3ffe:dead:beef:cafe::/64 eui64 alias
> 
> Hmmm, that doesn't work here (6.0-beta2):
> 
> ifconfig fxp0 inet6 fec0::/64 eui64 alias
> ifconfig: could not determine link local address

The link-local address is automatically configured, based on the mac
address of the interface, so you can't (and wouldn't want to) configure
it manually.  If you want to configure unicast addresses manually, use
the /48 from your provider/broker, broken down into whatever prefixlen
you want.

What is your current fxp0 configuration?

-- 
Mike Oliver
[see complete headers for contact information]


pgpRY5lFVSdP6.pgp
Description: PGP signature

Re: IPv6 site local EUI-64 adresses and jails

[Emanuel Strobl]

Am Freitag, 12. August 2005 22:48 CEST schrieb Michael W. Oliver:
> On 2005-08-12T21:03:35+0200, Emanuel Strobl wrote:
> > Am Freitag, 12. August 2005 20:53 CEST schrieb Emanuel Strobl:
> >> Hi all,
> >>
> >> I'm quiet new to IPv6 so I'd like to ask some questions:
> >>
> >> So far I know how to generate s site-local address on basis of the
> >> MAC address of the interface. That's what FreeBSD does itself for
> >> INET6 enabled kernels.
> >
> > Ok, here I found my first error, it's in fact a link-local addres, no
> > site-local. If I need a site-local, is it correct to just assign it
> > another (almost similar) address, or should I disable link-local
> > autogeneration?
>
> Don't disable link-local address auto-generation.  You can assign your
> own addresses, based on the /48 you have been given by your provider or
> tunnel broker.  Something like this
>
> ifconfig fxp0 inet6 3ffe:dead:beef:cafe::/64 eui64 alias

Hmmm, that doesn't work here (6.0-beta2):

ifconfig fxp0 inet6 fec0::/64 eui64 alias
ifconfig: could not determine link local address

-Harry


> That is only if you want to use auto-configured host addresses based on
> the (IHMO) wasteful EUI64 junk... topic for another thread (and list,
> probably!).  There are lots of differing opinions about the usefulness
> of EUI64-based auto-config.


pgpK93ppA6fUk.pgp
Description: PGP signature

Re: IPv6 site local EUI-64 adresses and jails

[Emanuel Strobl]

Am Freitag, 12. August 2005 22:48 CEST schrieb Michael W. Oliver:
> On 2005-08-12T21:03:35+0200, Emanuel Strobl wrote:
> > Am Freitag, 12. August 2005 20:53 CEST schrieb Emanuel Strobl:
> >> Hi all,
> >>
> >> I'm quiet new to IPv6 so I'd like to ask some questions:
> >>
> >> So far I know how to generate s site-local address on basis of the
> >> MAC address of the interface. That's what FreeBSD does itself for
> >> INET6 enabled kernels.
> >
> > Ok, here I found my first error, it's in fact a link-local addres, no
> > site-local. If I need a site-local, is it correct to just assign it
> > another (almost similar) address, or should I disable link-local
> > autogeneration?
>
> Don't disable link-local address auto-generation.  You can assign your
> own addresses, based on the /48 you have been given by your provider or
> tunnel broker.  Something like this
>
> ifconfig fxp0 inet6 3ffe:dead:beef:cafe::/64 eui64 alias

Ahh, ok, this answers the question how to use eui64 with ifconfig :)
And dead beef cafe is kewl ;) (first I'll use FEC0::eui64)

Thanks,

-Harry

P.S.: Do you know what's the clue with the (mac)bit 41 change for eui64?

>
> That is only if you want to use auto-configured host addresses based on
> the (IHMO) wasteful EUI64 junk... topic for another thread (and list,
> probably!).  There are lots of differing opinions about the usefulness
> of EUI64-based auto-config.


pgpceNS99BKvU.pgp
Description: PGP signature