On 2010.02.27 08:12, Peter Teunissen wrote:
> On 26 feb 2010, at 00:55, mattmcadoo at mattmcadoo dot com wrote:
>> I have a /64 block of IPv6 addresses from my ISP and am having a hell of a
>> time to get it working. For the sake of example, my block is
>> 2001:aaaa:bbbb:cccc::/64 and the gateway is 2001:aaaa:bbbb:cccc::1 (all
>> the info that was given by my ISP)
>> From my understanding of the docs it should done basically by:
>> 1. Enable IPv6 support
>> 2. On the WAN interface, enable Static IPv6 mode
>> 3. Assign an address to the interface (2001:aaaa:bbbb:cccc::2)
>> 4. Turn on RA on the WAN
>> 5. Put in the IPv6 gateway (given by my ISP)
>> 6. On the LAN interface, enable Static IPv6 mode
>> 7. Assign an IPv6 address (2001:aaaa:bbbb:cccc::3 (the Suggested IPv6
>> Address always errors...))
>> 8 Turn on RA on the LAN
>> 9. Add a Static IPv6 route on my LAN interface using the the IPv6 prefix
>> and gateway. (Inferface: LAN, Destination: 2001:aaaa:bbbb:cccc::/64,
>> Gateway 2001:aaaa:bbbb:cccc::1)
>> 10. Reboot the system for good measure.
>> The systems on the LAN side are able to get RA's but not able to ping or
>> route out. I've manually configured a Linux box on the WAN side for IPv6
>> and have verified that my ISP's routing is correct. Even though ifconfig
>> shows the proper address for both interfaces on the m0n0wall, doing a
>> Neighbor Discovery from the Linux box does not show the m0n0wall router,
>> just the Gateway. I can ping6 the router from systems on the LAN side,
>> but not on the Linux box on the WAN side.
>> So now I'm left with basically two questions:
>> First, am I wrong about the 10 steps above?
>> Second, should Neighbor Discovery work, or is it a result of router
>> being misconfig'd/not working properly?
> Just a guess. Since you're not actually routing between subnets, couldn't it be necessary to
simply use a filtered bridge between WAN and LAN?
It is necessary.
If you intend to use a single /64 across multiple interfaces on a
device, either the interfaces must be bridged, or you need to subnet the
/64 so the router knows how to route.
fwiw, an ISP should only be supplying a client with a /64 when and only
when it is known that a single network is needed (eg dial-up client).
In this case, they should be using the /64 for the point-to-point link
between their network and yours, and route you a different block for the
other (internal) side of your router.
It is common that ISP's provide at least a /56 to you, even if you are a
residential client. Some provide a /48 by default to all clients.
Go back to your ISP and request an IPv6 block. There is no sense fudging
your router into a bridge when you don't have to.