FreeBSD 12, pf, and Dual IP stack?
Kurt Buff - GSEC, GCIH
kurt.buff at gmail.com
Thu Jun 6 06:15:51 UTC 2019
The addresses:
2001:14f8:0200:0004: 0000:0000:0000:0004
2001:14f8:0200:0004: 0000:0000:0000:0005
may also be written as:
2001:14f8:0200:0004::4
2001:14f8:0200:0004::5
or even
2001:14f8:200:4::4
2001:14f8:200:4::5
See, for instance, this link:
https://en.wikipedia.org/wiki/Ipv6#Address_representation
Kurt
On Wed, Jun 5, 2019 at 9:29 PM David Mehler <dave.mehler at gmail.com> wrote:
>
> Hello,
>
> Thanks everyone for your help so far. I have several questions. First,
> from the numbers:
>
> 2001:14f8:0200:0004: 0000:0000:0000:0004
> 2001:14f8:0200:0004: 0000:0000:0000:0005
>
> it looks like the address breaks at 4 the system is the first four
> segments, and anything after is hostbased, is this true?
>
> If so, my ipv6 address is not like that, it has a double colon in it
> and has only three hexes at the end. It is a /64 so how do I split it
> and for instance I've got a jail on a cloned interface lo1 I'd like to
> put one of the addresses on it then use pf to forward traffic bound to
> that ip.
>
> Sorry if these are elementary questions this is new to me.
>
> Thanks.
> Dave.
>
>
> On 6/5/19, Rodney W. Grimes <freebsd-rwg at gndrsh.dnsmgr.net> wrote:
> >> Hello,
> >>
> >> So your setup looks like mine except I only have one ipv4 and one ipv6
> >> interface, how do I alias the ipv6 address space I have? I don't know
> >> how to hex split.
> >>
> >> Thanks.
> >> Dave.
> >>
> >>
> >> On 6/5/19, Kurt Jaeger <pi at freebsd.org> wrote:
> >> > Hi!
> >> >
> >> >> Yes, an ifconfig on my vtnet0 interface does show the ipv6 address and
> >> >> it has prefixlen 64 I'm assuming that's what your refering to? Can you
> >> >> clarify your meaning about ipv6 aliases?
> >> >
> >> > Here's one of my systems, with two IPv6 addresses, so it has an two
> >> > IPv6 and two IPv4 addresses:
> >> >
> >> > igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> >> > 1500
> >> >
> >> > options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
> >> > ether 0c:9d:92:85:0f:7a
> >> > inet 193.105.105.132 netmask 0xffffffc0 broadcast
> >> > 193.105.105.191
> >> > inet 193.105.105.133 netmask 0xffffffff broadcast
> >> > 193.105.105.133
> >> > inet6 fe80::e9d:92ff:fe85:f7a%igb0 prefixlen 64 scopeid 0x1
> >> > inet6 2001:14f8:200:4::4 prefixlen 64
> >> > inet6 2001:14f8:200:4::5 prefixlen 64
> >
> > I am not sure if this well help you to understand the IPv6 range
> > of addresses, but the two above short form numbers are in long form:
> > 2001:14f8:0200:0004: 0000:0000:0000:0004
> > 2001:14f8:0200:0004: 0000:0000:0000:0005
> >
> > I have inserted the space to show you the break at "prefixlen 64, aka /64".
> > You actaully have the lower 64 bits to play with other than the 2 that
> > have been setup, one being your IP address, and the other being your
> > default
> > router on this segment.
> >
> >> > media: Ethernet autoselect (1000baseT <full-duplex>)
> >> > status: active
> >> > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> >> >
> >> > --
> >> > pi at opsec.eu +49 171 3101372 One year to go
> >> > !
> >
> > --
> > Rod Grimes
> > rgrimes at freebsd.org
> >
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list