OpenBSD 5.8 and IPv6 forwarding doesn't seem to be working

Daniel Corbe Tue, 27 Oct 2015 21:35:45 -0700

I'm not sure what I missed here so I would appreciate it if someone would
hit me with a clue bat.


My OpenBSD firewall is acting as a DHCPv6-PD client and successfully
getting IP information:

My outside interface:

vlan9: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu
1500
        lladdr 00:1e:37:d6:00:ad
        priority: 0
        vlan: 9 parent interface: em0
        groups: vlan egress
        status: active
        inet 73.12.6.33 netmask 0xfffffe00 broadcast 73.12.7.255
        inet6 fe80::21e:37ff:fed6:ad%vlan9 prefixlen 64 scopeid 0x6
        inet6 2001:558:6036:5a:2cb5:eab1:8726:104c prefixlen 128 pltime
344957 vltime 344957

My inside interface:

vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:1e:37:d6:00:ad
        priority: 0
        vlan: 10 parent interface: em0
        groups: vlan
        status: active
        inet 10.64.14.1 netmask 0xffffff00 broadcast 10.64.14.255
        inet6 fe80::21e:37ff:fed6:ad%vlan10 prefixlen 64 scopeid 0x5
        inet6 2601:5ce:101:5350:21e:37ff:fed6:ad prefixlen 64

I can reach things from the OpenBSD box itself:

# ping6 www.google.com
PING6(72=40+8+24 bytes) 2601:5ce:101:5350:21e:37ff:fed6:ad -->
2607:f8b0:4004:809::1010
32 bytes from 2607:f8b0:4004:809::1010, icmp_seq=0 hlim=56 time=17.318 ms
32 bytes from 2607:f8b0:4004:809::1010, icmp_seq=1 hlim=56 time=17.933 ms
32 bytes from 2607:f8b0:4004:809::1010, icmp_seq=2 hlim=56 time=16.289 ms
32 bytes from 2607:f8b0:4004:809::1010, icmp_seq=3 hlim=56 time=16.240 ms
^C
--- www.google.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 16.240/16.945/17.933/0.714 ms

I have IPv6 forwarding enabled:

# sysctl -a | grep forwarding
net.inet.ip.forwarding=1
net.inet.ip.mforwarding=0
net.inet6.ip6.forwarding=1
net.inet6.ip6.mforwarding=0

My PF ruleset:

# pfctl -s all
FILTER RULES:
pass in on vlan9 inet from any to 73.12.6.0/23 flags S/SA
pass out on vlan9 inet from 73.12.6.0/23 to any flags S/SA
pass out on vlan9 inet from 10.64.14.0/24 to any flags S/SA nat-to
73.12.6.33
pass in quick inet6 all flags S/SA
pass out quick inet6 all flags S/SA
pass quick inet6 proto ipv6-icmp all

I have rtadv turned on and my client machine gets IPv6:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : corbe.net
   Description . . . . . . . . . . . : Intel(R) 82579V Gigabit Network
Connection
   Physical Address. . . . . . . . . : 74-D0-2B-27-BE-B3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . :
2601:5ce:101:5350:28af:3026:cf75:988c(Preferred)
   Temporary IPv6 Address. . . . . . :
2601:5ce:101:5350:1dd6:cc0e:98b:50a9(Preferred)
   Link-local IPv6 Address . . . . . :
fe80::28af:3026:cf75:988c%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.64.14.13(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 27, 2015 10:48:18 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 28, 2015 10:48:19
AM
   Default Gateway . . . . . . . . . : fe80::21e:37ff:fed6:ad%7
                                       10.64.14.1
   DHCP Server . . . . . . . . . . . : 10.64.14.1
   DHCPv6 IAID . . . . . . . . . . . : 91541547
   DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-1D-C1-F8-6C-74-D0-2B-27-BE-B3
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       4.2.2.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    276 ::/0                     fe80::21e:37ff:fed6:ad
  1    306 ::1/128                  On-link
  2    306 2001::/32                On-link
  2    306 2001:0:5ef5:79fb:ca8:3fdf:f5bf:f1f2/128
                                    On-link
  7    276 2601:5ce:101:5350::/64   On-link
  7    276 2601:5ce:101:5350:1dd6:cc0e:98b:50a9/128
                                    On-link
  7    276 2601:5ce:101:5350:28af:3026:cf75:988c/128
                                    On-link
  7    276 fe80::/64                On-link
  2    306 fe80::/64                On-link
  2    306 fe80::ca8:3fdf:f5bf:f1f2/128
                                    On-link
  7    276 fe80::28af:3026:cf75:988c/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    276 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

But I can't ping out or do anything on the client:

C:\Users\dcorbe>ping ipv6.cybernode.com

Pinging ipv6.cybernode.com [2001:470:1:1b9::31] with 32 bytes of data:
Control-C
^C
C:\Users\dcorbe>tracert 2601:5ce:101:5350:21e:37ff:fed6:ad

Tracing route to 2601:5ce:101:5350:21e:37ff:fed6:ad over a maximum of 30
hops

  1  Destination host unreachable.

Trace complete.

OpenBSD 5.8 and IPv6 forwarding doesn't seem to be working

Reply via email to