Topic 'Re: M0n0wall and multiple interfaces' in forum 'IPv6'

Topic 'Re: M0n0wall and multiple interfaces' in forum 'IPv6' - dslreports.com http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22381200 en Fri, 10 Feb 2012 04:46:58 EDT Fri, 10 Feb 2012 04:46:58 EDT Re: M0n0wall and multiple interfaces http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22389768 said by mcnet:

that would be a /112 i believe (each 4 symbols = 16 bits, 128-16=112)Doh, I think I grok...

So given the address of 2001:0ded:bef5:0dc6:0000:0000:0078:eeee, /112 would make 2001:0ded:bef5:0dc6:0000:0000:0078 the 'subnet', with the 0078 part the entry that changes to identify the different subnets and the eeee part for each machine.

BTW, I tried the /48 approach and it's working, thanks for the pointer. Now to try and figure out if a DHCPv6 server and DHCPv4 can coexist on the same network without banging heads and get bind set up to deal with ip6 as well.

Thank you for the help and info so far, it is appreciated!
--
All hardware sucks, all software sucks, some just suck more than others]]> http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22389768 Thu, 14 May 2009 15:56:46 EDT Re: M0n0wall and multiple interfaces http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22387753 http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22387753 Thu, 14 May 2009 10:16:06 EDT Re: M0n0wall and multiple interfaces http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22386492 said by mcnet:

yes that should work for /64 sub division of /48Ok, I'll try that when I get back in front of a console tonight.

said by mcnet:

because it's off by ipv6 equiv of an octet... 16-et? hexadigit? hexet?

2001:ded:bef5:dc6::78:eeee/96
2001:ded:bef5:dc6::10:eeee/96

should be:
2001:ded:bef5:dc6::1:78:eeee/96
2001:ded:bef5:dc6::2:10:eeee/96
(one more 4-space to left)

long format /96 S = network/subnet H = host
SSSS:SSSS:SSSS:SSSS:SSSS:SSSS:HHHH:HHHH
so have have 2nd subnet routable it should be difference in 3rd from right group of 4 hex digits. right? i think so...

Hmmm...

Expanded, out the address (2001:ded:bef5:dc6::78:eeee) should be:

2001:0ded:bef5:0dc6:0000:0000:0078:eeee

So at 96 bits... (add add add)...

2001:0ded:bef5:0dc6:0000:0000:0078:eeee

So for the :0078: part to make the difference, I should have used /104? That doesn't sound right, but I've been wrong before... :)
--
All hardware sucks, all software sucks, some just suck more than others]]> http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22386492 Thu, 14 May 2009 00:18:54 EDT Re: M0n0wall and multiple interfaces http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22383795
because it's off by ipv6 equiv of an octet... 16-et? hexadigit? hexet?

2001:ded:bef5:dc6::78:eeee/96
2001:ded:bef5:dc6::10:eeee/96

should be:
2001:ded:bef5:dc6::1:78:eeee/96
2001:ded:bef5:dc6::2:10:eeee/96
(one more 4-space to left)

long format /96 S = network/subnet H = host
SSSS:SSSS:SSSS:SSSS:SSSS:SSSS:HHHH:HHHH
so have have 2nd subnet routable it should be difference in 3rd from right group of 4 hex digits. right? i think so...]]> http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22383795 Wed, 13 May 2009 15:44:37 EDT Re: M0n0wall and multiple interfaces http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22383633 said by mcnet:

i think you may be off by a digit there, and have different abcd on WAN and LAN. tunnels come with single /64 routed(LAN) to another /64 which is on tunnel interface(WAN).Thanks for replying!

This is what I received from he:

Tunnel info:
Server IPv6 address: 2001:ded:bef4:dc6::1/64
Client IPv6 address: 2001:ded:bef4:dc6::2/64
Routed /48: 2001:ded:8331::/48
Routed /64: 2001:ded:bef5:0dc6::/64

And this is the current address assignment:

WAN global: 2001:ded:bef4:dc6::2/64
LAN global: 2001:ded:bef5:dc6::10:eeee/96
DMZ global: 2001:ded:bef5:dc6::78:eeee/96

So what you are saying (and from what I just found based on what you posted), I should use the /48 so it looks something like this:

WAN global: 2001:ded:bef4:dc6::2/64

LAN global: 2001:ded:8331:bef::eeee/64
DMZ global: 2001:ded:8331:beef::eeee/64

If this is the case, I still don't understand why the 2001:ded:bef5:dc6::78:eeee/96 interface wasn't pingable on the DMZ side, but the 2001:ded:bef5:dc6::10:eeee/96 on the LAN was. I also thought that I could further subdivide the /64 down as everything I have read says that v6 has the equivalent of CDIR built in. Or am I thinking too much in v4 terms?

Thank you for any insite or pointers you can provide. Most of what I have read seems incomplete or assumes that everyone will want to run the advertising daemons and not manually configure everything (which has it's uses, but I want to know how to do this manually first before taking any shortcuts, as it were).
--
All hardware sucks, all software sucks, some just suck more than others]]> http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22383633 Wed, 13 May 2009 15:15:44 EDT Re: M0n0wall and multiple interfaces http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22382313
so:
TUNNEL-LOCAL/WAN A:B:C:D::2/64
LAN A:B:E:F:1:1::Z/96
DMZ A:B:E:F:1:2::Z/96

otherwise what you can request /48 for your tunnel (requires stable tunnel that has been up for 30 days i believe check requirements on HE tunnel broker site), and assign two /64's from that /48 to your two interfaces instead.

so:
TUNNEL-LOCAL/WAN A:B:C:D::2/64
LAN A:B:E:F::X/64
DMZ A:B:E:G::X/64
[from A:B:E::/48]

i'm sure there's more to this, but i think this is simplest solution that will work.]]> http://www.dslreports.com/forum/Re-M0n0wall-and-multiple-interfaces-22382313 Wed, 13 May 2009 11:25:10 EDT M0n0wall and multiple interfaces http://www.dslreports.com/forum/M0n0wall-and-multiple-interfaces-22381200
Setup:

M0n0wall latest beta for IPv6 support in a VM
Tunnel via Hurricane Electric
Interfaces:
LAN (in LAN, A:B:C:D::1:X/96)
WAN (in DMZ for tunnel, A:B:C:D::/64)
DMZ (in DMZ for DMZ clients, A:B:C:D::2:X/96)

WAN, DMZ and LAN are all static assignments using /96 (I believe I've divided up the /64 correctly).

Clients on the LAN can ping6 out perfectly

Tests from »www.berkom.blazing.de/tools/ping.cgi and »www.berkom.blazing.de/tools/traceroute.cgi to a LAN IP work

DMZ side, however, when I assign an address to than interface, I get "Destination unreachable: Address unreachable" Pinging another machine in the DMZ works.

For giggles, I bridged the DMZ and LAN interfaces and was able to ping a machine in the DMZ from the LAN, but DMZ machines couldn't ping the m0n0 LAN interface.

Either I've got something setup wrong in regards to the subnets (which I kind of doubt as the LAN side works), or there is something weird going on with IPv6, multiple interfaces and routing.

Has anyone else tried doing the LAN/DMZ thing with m0n0 and IPv6?
--
All hardware sucks, all software sucks, some just suck more than others]]> http://www.dslreports.com/forum/M0n0wall-and-multiple-interfaces-22381200 Wed, 13 May 2009 06:16:07 EDT