FreeBSD Bugzilla – Attachment 222384 Details for
Bug 253453
Contemporary IPv6 howto for handbook
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Raw text about native IPv6 setup
ipv6.txt (text/plain), 6.00 KB, created by
Poul-Henning Kamp
on 2021-02-12 11:30:50 UTC
(
hide
)
Description:
Raw text about native IPv6 setup
Filename:
MIME Type:
Creator:
Poul-Henning Kamp
Created:
2021-02-12 11:30:50 UTC
Size:
6.00 KB
patch
obsolete
> >Hurray! My ISP offers IPv6 >-------------------------- > >IPv6 configuration is separated from IPv4 configuration in /etc/rc.conf >so whatever you have there to configure IPv4 is unaffected by all this. > >These examples assume that your ISP connection ends with a ethernet >plugged into interface "ed0" on your FreeBSD machine. > >Simple Client Configuration >--------------------------- > >First we will set up the machine as a simple IPv6 client, by enabling >IPv6 and starting rtsold(8) to takes care of getting an IPv6 number >and the routes your ISP wants you to use. > > # /etc/rc.conf > ipv6_cpe_wanif=ed0 > rtsold_enable=yes > rtsold_flags="ed0" > ipv6_activate_all_interfaces=yes > >If the lofty promises of IPv6 auto-configuration holds, a reboot should >connect you to the Internet Of The Future (est. 1995): > > $ ping6 -c 3 freebsd.org > PING6(56=40+8+8 bytes) 2001:db8::18ff:fe0a:74a6 --> 2610:1c1:1:606c::50:15 > 16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=0 hlim=51 time=88.404 ms > 16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=1 hlim=51 time=88.037 ms > 16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=2 hlim=51 time=87.954 ms > >If you look at your ethernet interface, you will see two IPv6 addresses: > > $ ifconfig ed0 > ed0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=[â¦] > ether [â¦]:0a:7a:a6 > inet [â¦] > inet6 fe80::230:18ff:fe0a:74a6%ed0 prefixlen 64 scopeid 0x1 > inet6 2001:db8::18ff:fe0a:74a6 prefixlen 64 autoconf > media: [â¦] > status: active > nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> > >The last three bytes of the interface MAC address are reused >in the IPv6 addresses, here `0a:7a:a6`, this is part of the magic >autoconfiguration-sauce rtsold(8) does. > >You will not see `2001:db8::` but whatever your ISP's IPv6 prefix >is for your end of their network, the `prefixlen` may also be different. > >The `fe80::â¦` address is an automatic "link-local" address which >is used by the autoconfiguration protocols. > >You will also have a pile of IPv6 routes now: > > $ netstat -rn -f inet6 > Routing tables > Internet6: > Destination Gateway Flags Netif Expire > ::/96 ::1 UGRS lo0 > default fe80::92e2:baff:fe37:d760%ed0 UG ed0 > ::1 link#7 UH lo0 > ::ffff:0.0.0.0/96 ::1 UGRS lo0 > 2001:db8::/64 link#1 U ed0 > 2001:db8::18ff:fe0a:74a6 link#1 UHS lo0 > fe80::/10 ::1 UGRS lo0 > fe80::%igb0/64 link#1 U ed0 > fe80::230:18ff:fe0a:74a6%ed0 link#1 UHS lo0 > fe80::%lo0/64 link#7 U lo0 > fe80::1%lo0 link#7 UHS lo0 > ff02::/16 ::1 UGRS lo0 > >The important one is obviously the default route. > >Spreading IPv6 to your entire network >------------------------------------- > >The IPv6 world has autoconfiguration methods which allow a gateway to >distribute an ISP provided IPv6 subnet to the rest of the network, but >not all ISPs support that. > >Even if your ISP support it, it has the downside that your devices will >change IPv6 addresses if your ISP feels like it, which can mean as often >as your gateway restarts. > >For normal consumers that is probably fine, but if, like me, you have >your own servers etc, that gets old soon. > >Like RFC1918 addresses for IPv4, RFC4193 defines private IPv6 >networks, and if you follow the instructions and use random numbers, >you are unlikely to ever see another network using the same addresses >as you did. > >In this example we will use RFC4193 addresses internally and use NAT >to hide everything behind the single IPv6 address we got from the ISP. > >First we create our very own RFC4193 address: > > $ dd if=/dev/random bs=5 count=1 | hexdump -C > 00000000 PP QQ RR SS TT |.....| > 00000005 > >Your RFC4193 compliant IPv6 network then becomes: > > fdPP:QQRR:SSTT:: > >Next assign a static address to the internal interface of the gateway, >and there is a neat trick available here: > >If the internal `ie0` is configured for IPv4 like this: > > # /etc/rc.conf > ifconfig_ie0="192.168.10.102/24" > >We can configure it for IPv6 like that: > > # /etc/rc.conf > ifconfig_ie0_ipv6="inet6 fdPP:QQRR:SSTT::192.168.10.102/120" > >Unfortunately the does not work everywhere, but here it does. > >The math behind `/120` is `/(128 - (32 - 24))`, in case you used >a different netmask for you internal network. > >We want the machine to act as a gateway: > > # /etc/rc.conf > ipv6_gateway_enable=yes > >We need to start rtadvd(8) to answer the rtsold(8) requests >from the machines on the inside: > > # /etc/rc.conf > rtadvd_enable=yes > rtadvd_interfaces="ie0" > >And finally we need to tell pf(4) to NAT everything onto the IPv6 address we got from our ISP: > > # /etc/pf.conf > if_ext="ed0" > [â¦] > nat on $if_ext inet6 from !($if_ext) -> ($if_ext:0) > >(A bug in FreeBSD-12 prevents this from working, you will have to enter >the actual address on your `ed0` interface, and change it if/when your >ISP changes their address-layout.) > >Reboot the gateway, and then configure a test machine on the internal network: > > # /etc/rc.conf > ifconfig_ie0_ipv6="inet6 fdPP:QQRR:SSTT::192.168.10.81/120" > ipv6_cpe_wanif=ie0 > rtsold_enable=yes > rtsold_flags=ie0 > ipv6_activate_all_interfaces=yes > >Reboot the test machine and try if "ping6 freebsd.org" works. > >Notice that you do not need to configure a `defaultrouter` for IPv6, >rtadvd(8) and rtsold(8) takes care of that. > >Footnote: The choice of 'ed0' and 'ie0' interface names commemorates >the two of the most important ethernet drivers in FreeBSD, when IPv6 >was rushed into existence 25 years ago.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 253453
: 222384