I’m not sure why I can’t get to the internet from my systems inside my LAN. The gateway can.
Interesting: On the client box, I can’t see any IPv6 traffic leaving the except icmp. The following demonstrates:
Setting up a
$ ifconfig
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:1b:21:51:ab:2d
inet 10.55.0.44 netmask 0xffffff00 broadcast 10.55.0.255
inet6 fe80::21b:21ff:fe51:ab2d%em0 prefixlen 64 scopeid 0x1
inet6 2001:470:1f07:b80:21b:21ff:fe51:ab2d prefixlen 64 autoconf
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether e0:cb:4e:42:f0:ff
media: Ethernet autoselect (10baseT/UTP <half-duplex>)
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
$ netstat -nr -f inet6
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default 2001:470:1f07:b80::1 UGS em0
::1 ::1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:470:1f07:b80::/64 link#1 U em0
2001:470:1f07:b80:21b:21ff:fe51:ab2d link#1 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%em0/64 link#1 U em0
fe80::21b:21ff:fe51:ab2d%em0 link#1 UHS lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff01:1::/32 fe80::21b:21ff:fe51:ab2d%em0 U em0
ff01:3::/32 ::1 U lo0
ff02::/16 ::1 UGRS lo0
ff02::%em0/32 fe80::21b:21ff:fe51:ab2d%em0 U em0
ff02::%lo0/32 ::1 U lo0
FreeBSD 8.1-STABLE
$ ping6 www.freebsd.org
PING6(56=40+8+8 bytes) 2001:470:1f07:b80:21b:21ff:fe51:ab2d --> 2001:4f8:fff6::21
16 bytes from 2001:4f8:fff6::21, icmp_seq=0 hlim=55 time=93.120 ms
16 bytes from 2001:4f8:fff6::21, icmp_seq=1 hlim=55 time=95.246 ms
16 bytes from 2001:4f8:fff6::21, icmp_seq=2 hlim=55 time=91.177 ms
^C
--- www.freebsd.org ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 91.177/93.181/95.246/1.662 ms
$ sudo tcpdump -ni em0 proto ipv6-icmp or ipv6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
00:08:06.248569 IP6 2001:470:1f07:b80:21b:21ff:fe51:ab2d > 2001:4f8:fff6::21: ICMP6, echo request, seq 0, length 16
00:08:06.339562 IP6 2001:4f8:fff6::21 > 2001:470:1f07:b80:21b:21ff:fe51:ab2d: ICMP6, echo reply, seq 0, length 16
00:08:07.249549 IP6 2001:470:1f07:b80:21b:21ff:fe51:ab2d > 2001:4f8:fff6::21: ICMP6, echo request, seq 1, length 16
00:08:07.342011 IP6 2001:4f8:fff6::21 > 2001:470:1f07:b80:21b:21ff:fe51:ab2d: ICMP6, echo reply, seq 1, length 16
so pings get out...
$ sudo pfctl -sa
pfctl: /dev/pf: No such file or directory
No rules
ping the gateway:
$ ping6 2001:470:1f07:b80::1
PING6(56=40+8+8 bytes) 2001:470:1f07:b80:21b:21ff:fe51:ab2d --> 2001:470:1f07:b80::1
16 bytes from 2001:470:1f07:b80::1, icmp_seq=0 hlim=64 time=0.575 ms
16 bytes from 2001:470:1f07:b80::1, icmp_seq=1 hlim=64 time=0.460 ms
16 bytes from 2001:470:1f07:b80::1, icmp_seq=2 hlim=64 time=0.487 ms
^C
--- 2001:470:1f07:b80::1 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.460/0.507/0.575/0.049 ms
$ host www.freebsd.org
www.freebsd.org has address 69.147.83.33
www.freebsd.org has IPv6 address 2001:4f8:fff6::21
www.freebsd.org mail is handled by 0 .
$ fetch -6 http://www.freebsd.org/
nothing shows on tcpdump
It seems I was missing an important rule:
pass in on $int_if inet6 proto tcp flags S/SA keep state
where $int_if is the NIC to the internal LAN on the router