On Thursday 19 July 2007 16:12:18 Etaoin Shrdlu wrote: > More precisely, it seems that these neighbor solicitation messages come > from the far end router, like it somehow believes that your internal > host is on its same subnet, and is trying to resolve its ipv6 address to > its link layer address (similar to what ARP does in ipv4). > Is fe80::214:f600:b67e:b4db the address of your provider's router? > There could be a misconfiguration somewhere.
fe80::214:f600:b67e:b4db is the link local address of the upstream router, which is also configured as dead:beef:2::1/48. It is required that all hosts are access via, and get access though, the firewall we control. The upstream router can have changes made to it if required, but it's not good to keep bothering the ISP. Now I think I understand what's wrong. The upstream router needs a route to dead:beef:2:1::/49 (or similar to cover any and all of our "internal" networks) via dead:beef:2::11, and be configured as dead:beef:2::1/64 instead of /48. Then it would route packets for dead:beef:2:136:204:23ff:fed7:e86a to dead:beef:2::11, rather than soliciting a link-local address for it. Have I got that right? Cheers -- Mike Williams -- [EMAIL PROTECTED] mailing list
