On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov <v...@sibptus.ru> wrote:
> > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6 > > Neighbor Solicitations from the router? > > Any ideas please? > > Are you permitting the required udp and icmp? These could be tighter, but ################################################################################ # dhcp / bootp $FW add 00128 allow udp from any 67,68,546,547 to any 67,68,546,547 ################################################################################ # Neighbor Discovery Protocol $FW add 00129 allow ipv6-icmp from any to any icmp6types 133,134,135,136,137 The method I have found to be reliable is to use dhcp6c, which requires the pkg 'dhcp6' So for a FreeBSD host in ec2, for example: ifconfig_eth0="SYNCDHCP" ipv6_activate_all_interfaces="YES" ifconfig_eth0_ipv6="inet6 accept_rtadv up" dhcp6c_enable="YES" dhcp6c_interfaces="eth0" and /usr/local/etc/dhcp6c.conf is simple interface eth0 { send ia-na 1; send rapid-commit; }; id-assoc na 1 { }; For a more complicated example, I have a firewall that gets its addresses from my cable company: ipv6_gateway_enable="YES" ipv6_activate_all_interfaces="YES" rtadvd_enable="YES" rtadvd_interfaces="eth1 eth2" dhcp6c_enable="YES" dhcp6c_interfaces="eth0" ipv6_default_interface="eth1" and interface eth0 { send ia-na 1; send ia-pd 1; send rapid-commit; }; id-assoc pd 1 { prefix ::/64 1800; prefix-interface eth1 { sla-id 0; sla-len 0; }; prefix-interface eth2 { sla-id 1; sla-len 0; }; }; id-assoc na 1 { }; -- "Well," Brahmā said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred." - The Mahābhārata _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"