Am 09.09.2016 um 20:16 schrieb Stuart Henderson:
On 2016/09/09 18:01, Holger Glaess wrote:
On 2016-09-09, Holger Glaess <gla...@glaessixs.de> wrote:
inet6 2001:4dd0:af15:483d:20d:48ff:fe26:7a1f -> prefixlen 64
autoconf pltime 559190 vltime 2546390
inet6 2001:4dd0:af15:cbd9:20d:48ff:fe26:7a1f -> prefixlen 64
autoconf pltime 604767 vltime 2591967
That's fun, you have autoconfigured addresses from two separate prefixes.
If the ISP are going to move you around between prefixes, they should
probably lower pltime/vtime.
if do an
pass out on $pppoe_if inet6 from { fe80::/64 , fde0::/64 , fd00::/64 }
to
any nat-to ($pppoe_if)
he use the :7a1f ip as nat addr that do not work.
If it doesn't work, it shouldn't be on the interface..
pass out on $pppoe_if inet6 from { fe80::/64 , fde0::/64 , fd00::/64 }
to
any nat-to ($pppoe_if:0)
he use the Link local addr for nat it fails.
I think that's incorrect behaviour. But fixing it wouldn't necessarily
solve your problem; any standard addresses (not link-local,
etc) configured on the interface are meant to be equally valid.
You shouldn't need to nat though - the expected setup for an ISP is for
them to run DHCPv6 prefix delegation, which would allow them to handover
one or more prefixes for you to useon internal networks (a client like
dhcpcd can configure them for you, and rtadvd will pick up the prefixes
automatically).
thats true because how can i do this with rdomains ?
in my home setup , i have the dsl provider and as second line
an cable provider both in a separate rdomain .
how can i say rtadvd to listen i a rdomain ( this i know ) and
then he advertise to an other rdomain.
in this case i use private ipv6 addresse in my rdomain 0 .
Ah - that wasn't in the original description :) I think that is probably
not possible to do automatically with the current code.
Maybe you could parse the address list from ifconfig and update rtadvd's
configuration from a script and restart it (in that case you will also
need to make sure you keep pltime/vltime low so that clients are able to
change network when needed) ...
In general, this is an area that IPv6 copes with poorly. I think that
the specs expect this to be done either by advertising multiple routable
v6 prefixes on the inside network (which means that end hosts make
routing decisions; not very helpful in a controlled environment), or by
advertising your own prefix with BGP etc.
hi
ok , question
why is below working ?
the nat rule
pass out on $pppoe_if inet6 from { fe80::/64 , fde0::/64 , fd00::/64 }
to any nat-to 2001:4dd0:af15:cbd9:74c2:814d:9f0e:7809
pass out on pppoe0 inet6 from fe80::/64 to any flags S/SA nat-to
2001:4dd0:af15:cbd9:74c2:814d:9f0e:7809
[ Evaluations: 37 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 18381 State Creations: 0 ]
pass out on pppoe0 inet6 from fde0::/64 to any flags S/SA nat-to
2001:4dd0:af15:cbd9:74c2:814d:9f0e:7809
[ Evaluations: 37 Packets: 107 Bytes: 41932 States: 0 ]
[ Inserted: uid 0 pid 18381 State Creations: 17 ]
pass out on pppoe0 inet6 from fd00::/64 to any flags S/SA nat-to
2001:4dd0:af15:cbd9:74c2:814d:9f0e:7809
[ Evaluations: 37 Packets: 262 Bytes: 114510 States: 0 ]
[ Inserted: uid 0 pid 18381 State Creations: 18 ]
# ifconfig pppoe0
pppoe0: flags=208851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6>
rdomain 4 mtu 1500
priority: 0
dev: em3 state: session
sid: 0x1c PADI retries: 29 PADR retries: 0 time: 2d 05:36:23
sppp: phase network authproto pap authname
"yy-xx...@netcologne.de"
groups: pppoe
status: active
inet6 fe80::20d:48ff:fe26:7a1f%pppoe0 -> prefixlen 64 scopeid 0x15
inet6 2001:4dd0:af15:483d:20d:48ff:fe26:7a1f -> prefixlen 64
autoconf pltime 411780 vltime 2398980
inet 84.44.211.173 --> 195.14.226.22 netmask 0xffffffff
inet6 2001:4dd0:af15:cbd9:20d:48ff:fe26:7a1f -> prefixlen 64
autoconf pltime 604776 vltime 2591976
inet6 2001:4dd0:af15:cbd9:81c:e228:d3d:8b8a -> prefixlen 64
deprecated autoconf autoconfprivacy pltime 0 vltime 498227
inet6 2001:4dd0:af15:cbd9:98a3:a5b0:eb7b:9fa2 -> prefixlen 64
autoconf autoconfprivacy pltime 65896 vltime 584615
got all line at the moment
holger
