On 10/20/2015 10:19 PM, Chris Cappuccio wrote:
Geoff Steckel [g...@oat.com] wrote:
I'm using sixxx.net as an IPv6 tunnel gateway.
They gave me 2001:xxxx:xxxx:0111::0002 as my tunnel endpoint and
2001:xxxx:xxxx:0111::1 as their end and router address.
They gave me 2001:xxxx:xxxx:8111::/64 for my address space.
Note that the tunnel endpoint addresses are globally routeable.
The desired behavior is to partition the network space
inside the machine into the gateway section and the
rest of the machine >> as if they were connected by
a pair of interfaces and a cable << where the interfaces
had addresses in 2001...8111 so that locally generated
packets would go out with that source address.
If the tunnel endpoint x:0111::0002 is globally routeable, why do you
care about the machine's own traffic not appearing from that address?
None the less, if you must have traffic appear from x:8111::/64,
can't you just use that on your gif interface? As gif is a point-to-
point interface, there is no need for both participants to be within the
same subnet. Of course, if you do this, you can't then apply the
x:8111::/64 address to your ethernet interface facing your LAN,
which is where it was meant to go, and why it all works this way
anyways.
If you really must have both x:8111::/64 on the LAN and on the gif
interface, you could specify a /128 address for the gif interface
and only use one of your x:8111::/64 addresses away from your LAN
interface.
Thre is no ARP so even if the remote router knows your gif interface
as x:0111::0002 and routes to it, you can still use whatever address
you want. But I don't really understand why you would want to do this,
unless this tunnel router is the only machine you care to IPv6 on.
Chris
There are a number of reasons 0111::2 is not useful to me.
On reading the latest if_bridge.c it looks like it will cross routing
domains. No domain information is passed with the packet.
A lot of it got rewritten between 5.7 and 5.8
# desired global address
ifconfig vether1 inet6 2001:xxxx:xxxx:8111::8
# synthetic router address
ifconfig vether2 inet6 2001:xxxx:xxxx:8111::9 rdomain 1
# a synthetic wire between vether1 and 2
ifconfig bridge1 add vether1
ifconfig bridge1 add vether2
# system net routing to tunnel section
route add -ipv6 default 2001:xxxx:xxxx:8111:9
# tunnel section routing to external router
route -T 1 add -ipv6 default 2001:xxxx:xxxx:0111::1
(modulo typos & misplaced arguments)
I'll load -current on a machine, set up the configuration
as above & connect it to another machine via a tunnel.
If it doesn't work, it ought to. And I'll try to fix it.
My pf.conf might be comprehensible then.
Many thanks to the people who greatly improved if_bridge.c
Geoff Steckel
