Hello all.
I am trying to build a small wifi-access point with ipv6-only.
This require a router part and I cannot get it to let router messages
through, no idea why.
I have another router that does ipv6 perfectly, but in dual stack.
Here is my pf.conf :
lan="bse0"
wifi="bwfm0"
set skip on lo
block return log # block stateless traffic pass
# establish keep-state
antispoof for {($wifi) lo0 }
pass inet6 proto icmp6 all icmp6-type { unreach, timex, paramprob,
echoreq, echorep, toobig } allow-opts
# neighbor discovery and routeradv/sol should be listened by the router, but
won't go further
pass inet6 proto icmp6 from $wifi:network to { ff02::/8, (self)}
icmp6-type { neighbradv, neighbrsol, routeradv,
routersol,groupqry,grouprep,groupterm }
pass inet6 proto icmp6 from $wifi:network to { ff02::/8, (self)}
icmp6-type { 141, 142, 143, 148, 149, 151, 152, 153 }
match in on $wifi scrub (no-df random-id max-mss 1440)```
Here is my sysctl.conf:
net.inet6.ip6.forwarding=1
net.inet6.ip6.mforwarding=1
net.inet6.ip6.multipath=1
net.inet6.ip6.multicast_mtudisc=1
net.inet.ip.arpq.maxlen=250
net.inet.ipcomp.enable=1
net.inet.tcp.mssdflt=1440
I believe this has nothing to do with pf or sysctl though because here
is what I get:
|Jun 12 17:07:17.428687 rule def/(ip-option) block in on bwfm0: :: >
ff02::16: HBH multicast listener report v2, 3 group record(s) [hlim 1]|
So, what is it I am missing ?
Thank you.
