Em 28-10-2015 02:29, Daniel Corbe escreveu:
> But I can't ping out or do anything on the client:
>
> C:\Users\dcorbe>ping ipv6.cybernode.com
>
> Pinging ipv6.cybernode.com [2001:470:1:1b9::31] with 32 bytes of data:
> Control-C
> ^C
> C:\Users\dcorbe>tracert 2601:5ce:101:5350:21e:37ff:fed6:ad
>
> Tracing route to 2601:5ce:101:5350:21e:37ff:fed6:ad over a maximum of 30
> hops
>
> 1 Destination host unreachable.
>
> Trace complete.
You probably have the same issue I ran into. Please run tcpdump on
your external if. You will see the packets leaving your internal net.
And, if you have control over the remote host being pinged, you can even
see the packets getting there. But, no replies ever get back. Your CPE
do not know about you delegating the prefix to your internal machines.
So, you should be seeing ndp neighbour discovery messages in your
external interface. Since OpenBSD do not proxy the ndp messages to your
internal lan, the packets get dropped by the CPE.
At first, I used a bridge to solve this. But filtering on them is a
nightmare. So, know I'm using a ULA prefix on my internal network and
natting (I know) ipv6 packets to my external lan address. I will try to
port some of the ndp proxy solutions available to OpenBSD. Everyone I
found are linux centric. OpenBSD ndp(8) has proxy functionality. I
couldn't make it work, and you also need to add entries host by host to it.
Cheers,
Giancarlo Razzolini
