IPv6 not responding on some aliases (recent 8-stable)
Jason Hellenthal
jhell at DataIX.net
Sat Dec 31 06:33:30 UTC 2011
On Sat, Dec 31, 2011 at 12:35:00AM +0000, Marcin Cieslak wrote:
> > I have seen this behavior before when one of the addresses on an interface =
> > is in a DMZ while the others are not. But this was with IPv4. I would assum=
> > e IPv6 would have acted the same way but left it untested as it was not cri=
> > tical. Take this as informational only and double check your switches, fire=
> > walls, etc...
>
> Unfortunately, this is a hosting provider. I have rebooted the box
> to use their custom rescue netboot image (based on FreeBSD 8.0 running
> on QEMU) and ... still one of the addresses didn't work in this setup.
> However, two reboots later situation returned to normal, and all
> IPv6 addresses respond. NDP table theory sounds plausible to me,
> except... connection establishment to the IPv6 address port 22/tcp
> takes sometimes noticeably too long (other TCP ports are usually fine).
>
> But this is probably another story...
>
Speaking just in the terms of too long of a connection wait on port 22. Firewall off port 113 in and out.
block drop in log quick proto tcp to any port = auth
block out quick proto tcp to any port = auth
That should help in terms of the speed at which you connect. Good luck with the OP though.
Happy Holiday...
--
;s =;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20111231/bd66d1df/attachment.pgp
More information about the freebsd-net
mailing list