Bridge sixxs interface?
Shadow Hawkins on Saturday, 12 September 2009 12:25:57
Hi, I have a question regarding.. well bridging I guess..
I've got my subnet routed via my sixxs interface on my router / server, I set my local ip's statically.
On eth1 - which is connected to my lan - I've set 2001:16d8:cc47:f000:baaa::1/64 and it works fine as a gateway for the rest of my computers on the 2001:16d8:cc47:f000:baaa::/64 subnet.
But when connecting somewhere from my router, the connection originates from the sixxs IP instead of the IP from my subnet.
I've set on eth1.I tried setting eth1's IP on my sixxs if instead, and that made the connections originate from my own IP instead of the tunnel endpoint, but then ofcourse, my Lan wasn't able to connect since their gw wasn't on the lan anymore.
So, my question is: should I bridge sixxs and eth1 in order to both provide ipv6 routing on my lan and have connections originate correctly when connecting from my router / server, or is there a better way to do that?
Regards,
Martin
Bridge sixxs interface?
Shadow Hawkins on Saturday, 12 September 2009 12:51:27
There is no real solution. See https://www.sixxs.net/forum/?msg=setup-798152 .
Bridge sixxs interface?
Jeroen Massar on Saturday, 12 September 2009 13:21:19
Actually there is a 'sort of solution': you just add the IP that you want to use to the tunnel interface as a /128.
eg 'ip -6 addr add 2001:db8::1/128 dev sixxs'
As long as you don't add any more addresses, afaik all Linux kernels will then just use that address (the last added one).
Note that this 'loopback' address can be part of a separate /64, or from the /64 you use for your home lan. If you are only worried about the reverse, for 'decency' you should be using a separate /64. In the case you use the same address as your home lan, of course you need to put the address as 2001:db8::1/64 on your ethX interface.
Of course the true solution would be source based routing or some other linux policy rules, but afaik that is not possible yet on Linux.
Bridge sixxs interface?
Shadow Hawkins on Saturday, 12 September 2009 13:51:50
This is what I suggest on http://ipv6.debian.net, but it is not a reliable solution. For instance, if using 2001:41e0:ff00:82::2/64 for the tunnel and 2001:41e0:ff3a::1/128 on the sixxs interface (which is my case right now), traffic to 2001:41e0:ff1a::1 will use 2001:41e0:ff00:82::2 as source, because the two share a longer prefix (0x00 is 00000000b, 0x1a is 00011010b, and 0x3a is 00111010, and 0x00 and 0x1a have three 0 bits at the front, 0x3a only has two).
The way this is supposed to get address is through the use of addrlabels. I could not make it work using http://linux-hacks.blogspot.com/2008/04/default-address-selection-part-1.html as guide.
Bridge sixxs interface?
Jeroen Massar on Saturday, 12 September 2009 14:02:36
Indeed. Some PoPs have the tunnel space in the same /40 as the subnet space, some don't (especially when there are multiple /40s). As such then you won't see it directly.
That address selection doc mostly speaks of gai.conf and thus destination address select and tests that, which makes sense as any application properly using getaddrinfo() will work. The source address selection I have never seen working though.
Of course another thing one can do is to configure the applications individually to use a proper outbound address. Only applications/protocols which are really affected by the source address and reverse DNS tend to be SMTP/SSH/IRC anyway.
Bridge sixxs interface?
Shadow Hawkins on Wednesday, 16 September 2009 20:10:06
Interesting timing for this thread, as I just went through this just over a week ago.
I did get this working, using the source address selections in gai.conf. This needs to be combined with the adding of the address to the tunnel interface as well (as a /128) to get it to work, otherwise the other RFC 3484 rules take effect first, due to the "same interface" rule.
I'm working on a blog post detailing all this which hasn't been finished yet. Look for it at http://blogger.ziesemer.com in the next 1-2 weeks.
Bridge sixxs interface?
Shadow Hawkins on Monday, 14 September 2009 08:12:41
That actually worked just like I wanted it to.
Thanks.
Bridge sixxs interface?
Shadow Hawkins on Monday, 14 September 2009 18:32:14
In fact, we're supposed to receive a /48 or /56 because the /64 is just for a network. According to RFC, /64 is the max you can have for the network part of address, I was really surprised when I got a /64 for my network.
Bridge sixxs interface?
Jeroen Massar on Monday, 14 September 2009 20:23:32
The /64 is a transit network only to be used on the tunnel (<tun>::1 = PoP, <tun>::2 = User/You), if you request a subnet you get an additional /48 routed to <tun>::2 and you can more or less do anything (abuse is not tolerated for one ;) you want with it.
Bridge sixxs interface?
Shadow Hawkins on Monday, 14 September 2009 21:27:55
hum ok, so I forgot a step, and since I was in Tokyo for 10 days, I have -75 ISK (tunnel down just before I left) so I won't be able to request a subnet before some years lol
Bridge sixxs interface?
Jeroen Massar on Monday, 14 September 2009 22:14:33
You might get enlightened when you read the FAQ about credits.
As for broken tunnels and getting negative credit: read your mail, it clearly notifies you that something is broken and how to resolve it -> read the FAQ.
Posting is only allowed when you are logged in. |