Forgot to reply-all yesterday (only sent to Charles) to keep the
thread in-sync with the rest of the conversation (don't nuke me for
stating the obvious + added the rtadvd/route6d)
On 20 August 2014 13:40, Charles Musser <cmus...@sonic.net> wrote:
> ifconfig gif0 tunnel 50.1.94.112 72.52.104.74
> ifconfig gif0 inet6 alias 2001:470:1f04:204::2 2001:470:1f04:204::1 prefixlen
> 128
> route -n add -inet6 default 2001:470:1f04:204::1
>
Spot on there Chuck. That is how I have mine set up.
Don't forget to change in your /etc/sysctl.conf file:
net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)
net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
(note the removal of the comment #)
You will also need to tweek your /etc/pf.conf rule set. Here is a
rough guide, mileage may vary:
icmp6_types="{ unreach, timex, paramprob, echoreq, routeradv,
routersol, neighbradv, neighbrsol }" # Only want these ICMP6 types
block return # default that probably exists in your environment -
nothing to come in unless explicitly defined below (IPv4 and IPv6)
pass out on gif0 inet6 # Allow for all ICMP6 traffic
out - you may not want to do this but whatever works for you
pass inet6 proto icmp6 icmp6-type $icmp6_types # Allow
ICMP6 of types defined above to move in and out freely
pass on vmx0 inet6 # Allowing traffic in and out of internal network.
Then you'll need to setup the rtadvd daemon to hand out your /64 to
your internal clients (/etc/rtadvd.conf):
default:\
:rdnss="<ipv6 of your internal DNS server or server
that you use>":\
:dnssl="<search domain>":
vmx0:\ # This is my internal interface, yours may be different
:addr="<your /64 subnet prefix>::":prefixlen#64:tc=default:
Now enable all that to serve your internal clients (/etc/rc.conf.local):
rtadvd_flags="vmx0"
route6d_flags=""
That should be about it.
--
"Roads? Where we're going, we don't need roads" - Emmett "Doc" Brown
