1.4 KiB
| layout | title | date | comments | categories |
|---|---|---|---|---|
| post | IPv6 and Netgraph Ethernet pseudo-interface | 2017-12-28 12:47:00 +0100 | true |
On a NanoBSD firewall, I want to have a separate MAC address on one of the Ethernet interfaces to act as the outer endpoint for IPv6 traffic. This is achieved using a Netgraph eiface:
kldload ng_ether
ngctl mkpeer sis0: bridge lower link0
ngctl name sis0:lower sis0bridge
ngctl connect sis0: sis0bridge: upper link1
ngctl mkpeer sis0bridge: eiface link2 ether
ngctl msg sis0: setpromisc 1
ngctl msg sis0: setautosrc 0
ifconfig ngeth0 link 06:00:00:00:00:06
Note that this does not include an ifconfig call to set the interface's IPv6 address: this is done by devd, which calls the boot scripts' ifconfig routine when the interface comes up. Thus I have the following line in /etc/rc.conf:
ifconfig_ngeth0_ipv6="inet6 fe80::6/64"
If instead of this line I have an explicit ifconfig
in /etc/rc.local then there is a race condition between
rc.local and devd. If devd runs last, the boot scripts
won't see any IPv6 address configured for the newly
created interface in /etc/rc.conf, and they will set
ifdisabled on it (blocking all IPv6 traffic, and marking
the configured link local address as "tentative").
If devd runs first, the problem is dormant, because setting
the link local address clears ifdisabled as a side effect.