Hey all, I was hoping we've got some IPv6 experts around, as I've got some "issues" I've been banging my head against for 2 days.
Very briefly our network is a gentoo firewall box with 5 interfaces, 1 to the internet, and 4 to private networks (192.168.xxx.0/24). What I would like to do is assign a /64 to each "internal" network. Our host has assigned us a /48, and added dead:beef:2::1/48 to their router as our gateway. I can add dead:beef:2::11/64 (yes, /64) to the internet side of router/firewall, a default route via dead:beef:2::1 and then happily ping ipv6 things on the internet. Starting on one of the "internal" networks I add dead:beef:2:136::11/64, run radvd on that interface, and the hosts on that network get v6 addresses. All of them can ping the firewall, but cannot ping our ISPs router. OK, so I figured I try another "internal" network, 137. Same process as above, but this time radvd won't work: # radvd -d5 -mstderr [Jul 19 12:02:30] radvd: version 1.0 started [Jul 19 12:02:30] radvd: inet_pton returned 1 [Jul 19 12:02:30] radvd: mtu for bond4 is 1500 [Jul 19 12:02:30] radvd: hardware type for bond4 is 1 [Jul 19 12:02:30] radvd: link layer token length for bond4 is 48 [Jul 19 12:02:30] radvd: prefix length for bond4 is 64 [Jul 19 12:02:30] radvd: interface definition for bond4 is ok [Jul 19 12:02:30] radvd: sending RA on bond4 [Jul 19 12:02:30] radvd: sendmsg: Invalid argument [Jul 19 12:02:30] radvd: setting timer: 16.00 secs [Jul 19 12:02:30] radvd: setting timer: 16 secs 0 usecs [Jul 19 12:02:30] radvd: calling schedule_timer from set_timer context [Jul 19 12:02:30] radvd: calling alarm: 15 secs, 999929 usecs sendmsg: Invalid argument ?? It's the same definition as for bond2 (136), with the interface and prefix changed. Does the same with or without any other definitions. All but bond2 fail, but I've no idea what's so special about bond2. The machine is amd64, and using radvd-1.0-r1. Anyway, I can add one or two addresses manually. I do so using iproute2 and CIDR notation, so the local route is added for me, and hosts on the 137 network can ping each other, and hosts on the 136 network after I give them a default route via the v6 address on the firewall interface on their network, so the firewall is properly forwarding traffic. However, none of the hosts on the "internal" networks can ping any of the hosts the firewall can ping. I caught the following traffic with tcpdump on the firewall: # tcpdump -i bond2 ip6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bond2, link-type EN10MB (Ethernet), capture size 96 bytes 12:24:02.204882 IP6 dead:beef:2:136:204:23ff:fed7:e86a > beef:dead:1f0:1:20f:3dff:feae:74c1: ICMP6, echo request, seq 1, length 64 12:24:03.208737 IP6 dead:beef:2:136:204:23ff:fed7:e86a > beef:dead:1f0:1:20f:3dff:feae:74c1: ICMP6, echo request, seq 2, length 64 # tcpdump -i bond0 ip6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bond0, link-type EN10MB (Ethernet), capture size 96 bytes 12:24:02.205409 IP6 dead:beef:2:136:204:23ff:fed7:e86a > beef:dead:1f0:1:20f:3dff:feae:74c1: ICMP6, echo request, seq 1, length 64 12:24:02.516433 IP6 fe80::214:f600:b67e:b4db > ff02::1:ffd7:e86a: ICMP6, neighbor solicitation, who has dead:beef:2:136:204:23ff:fed7:e86a, length 32 12:24:03.208748 IP6 dead:beef:2:136:204:23ff:fed7:e86a > beef:dead:1f0:1:20f:3dff:feae:74c1: ICMP6, echo request, seq 2, length 64 12:24:03.517294 IP6 fe80::214:f600:b67e:b4db > ff02::1:ffd7:e86a: ICMP6, neighbor solicitation, who has dead:beef:2:136:204:23ff:fed7:e86a, length 32 12:24:04.517504 IP6 fe80::214:f600:b67e:b4db > ff02::1:ffd7:e86a: ICMP6, neighbor solicitation, who has dead:beef:2:136:204:23ff:fed7:e86a, length 32 bond0 and beef:dead:1f0:1::/64 are the internet side, bond2 and dead:beef:2:136::/64 the "internal" side. I can't understand why the firewall isn't answering/forwarding the solicitation, it knows who dead:beef:2:136:204:23ff:fed7:e86a is. The firewall has no netfilter rules at all, everything is default accept. Am I just doing something stupid, or have I asked our host to set it up wrong? Would really like to know what radvd is up to too... Cheers -- Mike Williams -- [EMAIL PROTECTED] mailing list
