Always Always ALWAYS ALWAYS create a default route in each routing domain. !/sbin/route -T XXX default ::1 -blackhole
On 2017 Jul 04 (Tue) at 15:16:24 +0200 (+0200), Claus Lensbøl wrote: :Hi misc, : :I'm having trouble with implementing rdomains and IPv6. : :I have followed this guide which might be a bit old but the best I could :find: :https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/ : :I have made a set-up with two machines connected by an openBSD router. : :Machine: "internet" :============ :# cat /etc/hostname.em1 :inet6 2a01:7e8:1:800::2fd/126 :!route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe : :Machine: "router" :============ :# cat /etc/hostname.em1 :inet6 2a01:7e8:1:800::2fe/126 :!route -T 0 add 2a01:7e8:35:fab::/64 ::1 :# cat /etc/hostname.em2 :rdomain 75 :!route -T75 exec /usr/sbin/sshd :inet6 alias 2a01:7e8:35:fab::1/64 :# pfctl -sr :block return all :pass all flags S/SA :block return in on ! lo0 proto tcp from any to any port 6000:6010 :pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd :flags S/SA rtable 0 :pass out on em1 all flags S/SA : :Machine: "client" :============ :# sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0 :# sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1 : :I am able to ping between router<->internet, router<->client, but not :between client<->internet. : :If pinging from client->internet, no replies are retuned. Doing tcpdump :on em1 on the router gives: :16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo :request [flowlabel 0xe1717] :16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply :16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time :exceeded in-transit for 2a01:7e8:35:fab::2 : :Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no :replies and tcpdump gives: :16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo :request [flowlabel 0xe1717] :16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply :16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply : :Adding a route on em1 (rtable 0) as: :# route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe :, yields the same results as with no route. : :I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and :add to pf: :pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75 : :I'm pretty sure that I'm missing some understanding of rtables. :Can someone point me in the right direction? :I'm guessing that I need a way to move packets from rtable 0 to rtable 75. : :Btw, this set-up is made with virtualbox, but I have an identical :physical set-up with the same issue. : :-- :Med venlig hilsen/Best regards :Claus Lensbøl : :Fab:IT ApS :Vesterbrogade 37, 2. th :DK-1620 København :Tlf: +45 70 202 407 :Main Site: www.fab-it.dk :VPS Product: vpsforce.eu : : -- While money doesn't buy love, it puts you in a great bargaining position.
