[ previous ] [ next ] [ threads ]
 
 From:  Steve Bertrand <steve at ibctech dot ca>
 To:  Peter Teunissen <lists at onemanifest dot net>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Static IPv6 and routing
 Date:  Mon, 01 Mar 2010 14:34:13 -0500 
On 2010.02.27 08:12, Peter Teunissen wrote:
> 
> On 26 feb 2010, at 00:55, mattmcadoo at mattmcadoo dot com wrote:
> 
>> I have a /64 block of IPv6 addresses from my ISP and am having a hell of a
>> time to get it working.  For the sake of example, my block is
>> 2001:aaaa:bbbb:cccc::/64 and the gateway is 2001:aaaa:bbbb:cccc::1 (all
>> the info that was given by my ISP)
>>
>> From my understanding of the docs it should done basically by:
>>  1. Enable IPv6 support
>>  2. On the WAN interface, enable Static IPv6 mode
>>  3. Assign an address to the interface  (2001:aaaa:bbbb:cccc::2)
>>  4. Turn on RA on the WAN
>>  5. Put in the IPv6 gateway (given by my ISP)
>>  6. On the LAN interface, enable Static IPv6 mode
>>  7. Assign an IPv6 address (2001:aaaa:bbbb:cccc::3 (the Suggested IPv6
>> Address always errors...))
>>  8  Turn on RA on the LAN
>>  9. Add a Static IPv6 route on my LAN interface using the the IPv6 prefix
>> and gateway.  (Inferface: LAN, Destination: 2001:aaaa:bbbb:cccc::/64,
>> Gateway 2001:aaaa:bbbb:cccc::1)
>>  10. Reboot the system for good measure.
>>
>> The systems on the LAN side are able to get RA's but not able to ping or
>> route out.  I've manually configured a Linux box on the WAN side for IPv6
>> and have verified that my ISP's routing is correct.  Even though ifconfig
>> shows the proper address for both interfaces on the m0n0wall, doing a
>> Neighbor Discovery from the Linux box does not show the m0n0wall router,
>> just the Gateway.  I can ping6 the router from systems on the LAN side,
>> but not on the Linux box on the WAN side.
>>
>> So now I'm left with basically two questions:
>>   First, am I wrong about the 10 steps above?
>>   Second, should Neighbor Discovery work, or is it a result of router
>> being misconfig'd/not working properly?
>>
> 
> Just a guess. Since you're not actually routing between subnets, couldn't it be necessary to
simply use a filtered bridge between WAN and LAN?

It is necessary.

If you intend to use a single /64 across multiple interfaces on a
device, either the interfaces must be bridged, or you need to subnet the
/64 so the router knows how to route.

fwiw, an ISP should only be supplying a client with a /64 when and only
when it is known that a single network is needed (eg dial-up client).

In this case, they should be using the /64 for the point-to-point link
between their network and yours, and route you a different block for the
other (internal) side of your router.

It is common that ISP's provide at least a /56 to you, even if you are a
residential client. Some provide a /48 by default to all clients.

Go back to your ISP and request an IPv6 block. There is no sense fudging
your router into a bridge when you don't have to.

Steve