{"id":98,"date":"2011-02-09T15:13:06","date_gmt":"2011-02-09T15:13:06","guid":{"rendered":"http:\/\/gigihfordanama.wordpress.com\/?p=98"},"modified":"2012-08-08T00:14:47","modified_gmt":"2012-08-08T00:14:47","slug":"ipv6-on-freebsd","status":"publish","type":"post","link":"https:\/\/dosen.unila.ac.id\/gigih\/2011\/02\/09\/ipv6-on-freebsd\/","title":{"rendered":"IPv6 On FreeBSD"},"content":{"rendered":"<pre>IPv6 configuration guide for FreeBSD users\n$Id: freebsd-ipv6-config-guide.txt,v 1.1 2002\/05\/24 05:43:11 suz Exp $\n\n<!--mce:0--><a href=\"mailto:suz@freebsd.org\">suz@freebsd.org<\/a>mce:1\n\nThis document is for those who would like to configure IPv6 on FreeBSD.\nIf you want a generic information about IPv6, please refer to the following\npages.\n\tNetBSD IPv6 Networking\nhttp:\/\/www.netbsd.org\/Documentation\/network\/ipv6<!--more-->1. Generic Guide\n1.1 Which version is required?\nIPv6 feature has been merged at FreeBSD from KAME Project since 4.0 RELEASE.\nIf you are to use prior version, please visit KAME's web site (http:\/\/www.kame.net).  KAME has stopped supporting FreeBSD 2-RELEASE and 3-RELEASE, but you\ncan get old KAME snapshots for these OS's.\n\n1.2 How FreeBSD machines works in IPv6 world?\nA FreeBSD machine works as a router or a host in IPv6 world.  \nRouter is a machine to forward packets, and the other machine is regarded\nas Host.\n\n1.3 Configuration files\nMost of the configuration information is given in \/etc\/rc.conf and\nobtained automatically via network.  Of cource, application-specific\ninformation has to be written in that application-specific configuration\nfiles (e.g. DNS record information should be written in DNS record \nconfiguration files.)\n\n\n2. Host Part\n2.1. how to enable IPv6 on this machine\nIPv6 prefix will automatically assigned by router-advertisement, so all\nyou have to do is just to enable IPv6.\n\n[Mandatory]\n-------\/etc\/rc.conf---------\n\tipv6_enable=\"YES\"\n\t\t# by default it's \"NO\" \n----------------------------\n\n[Optional]\nYou can use the following option to limit the interface to enable IPv6.\nBy default it's \"auto\", meaning to enable IPv6 on all the interfaces.\nSince IPv6 protocol assumes host has only one interface, its configuration\nis recommended for hosts with multiple interfaces.\n-------\/etc\/rc.conf---------\n\tipv6_network_interface=\"fxp0\"\n\t\t# by default it's \"auto\" \n----------------------------\n\n2.2 how to configure IPv6 address\nyou don't have to configure anything but 2.1, since IPv6 address is \nautomatically given by the router advertisements from the neighboring routers.\n\n[Mandatory]\n(nothing)\n\n[Optional]\nIf you want to create a non-EUI-64-based IPv6 address on host,\nthen you can configure in either of the following manners.\n\nmethod 1) completely static configuration like IPv4\nLinklocal prefix (fe80:....) is automatically generated, so you \ndon't have to configure it.\n-------\/etc\/rc.conf---------\n\tipv6_network_interfaces=\"fxp0\"\n\tipv6_ifconfig_fxp0=\"3ffe:501:ffff:2::1 prefixlen 64\"\n\tipv6_ifconfig_fxp0_alias0=\"2001:ffff:0:2::2 prefixlen 64\"\n\tipv6_defaultrouter=\"fe80::1%fxp0\"\n----------------------------\n\nmethod 2) semi-automatic configuration using router-advertisement\nIn this case, you only have to configure the latter 64 bits of IPv6 address;\nremaining information is automatically configured by router advertisement.\n-------\/etc\/rc.conf---------\n\tipv6_network_interface=\"fxp0\"\n\tipv6_network_interface_non_eui64=\"fxp0\"\n\tinterface_ipv6_ifid_fxp0=\"::1\"\n----------------------------\n\n--- rc.network6\tMon Apr 22 15:19:32 2002\n+++ rc.network6.new\tMon Apr 22 15:16:30 2002\n@@ -516,6 +516,21 @@\n }\n \n network6_getladdr() {\n+\t# first searches non-eui64 if-id.\n+\tfor i in $ipv6_network_interface_non_eui64; do\n+\t\tif [ $1 != $i ]; then\n+\t\t\tcontinue;\n+\t\tfi\n+\t\teval lladdr=$interface_ipv6_ifid_$i\n+\t\tif [ $lladdr ]; then\n+\t\t\tsysctl -w net.inet6.ip6.auto_linklocal=0\n+\t\t\techo fe80$lladdr%$i\n+\t\t\treturn\n+\t\tfi\n+\t\t# no non-EUI64 if-id specified\n+\t\tbreak;\n+\tdone\n+\n \tifconfig $1 2&gt;\/dev\/null | while read proto addr rest; do\n \t\tcase ${proto} in\n \t\tinet6)\n\n2.3 how to configure IPv6 host entry\nWrite an entry on \/etc\/hosts in the same manner as IPv4, except \nfor the IP address format.  Below is an example.\nPlease take care that scoped address (e.g. fe80::1%fxp0) is not \nsupported now in this file.\n\n--------\/etc\/hosts----------\n\t3ffe:501:4819:1000:5054:ff:feda:cfc7    banana\n----------------------------\n\n\n3. Router Part\n3.1 How to enable IPv6 routing on this machine\nBy default, IPv6 routing is disabled.  So you have to configure the following\noptions to enable IPv6 packet forwarding on this machine.\n[Mandatory]\n-------\/etc\/rc.conf---------\n\tipv6_enable=\"YES\"\n\t\t# enable IPv6\n\tipv6_gateway_enable=\"YES\"\n\t\t# enable IPv6 routing. By default it's \"NO\".\n----------------------------\n\n[Optional]\nTheoretically you can operate IPv6 router only with IPv6 linklocal addresses,\nhowever it is often convenient to assign site local or global addresses to routers.  \n\nmethod 1) specify just the first 64 bits of IPv6 address\nLatter 64 bits will be calculated automatically.\n-------\/etc\/rc.conf---------\n\tipv6_network_interfaces=\"ed0 ep0\"\n\t\t# specifies interfaces to assign IPv6 prefix\n\tipv6_prefix_ed0=\"fec0:0000:0000:0001 fec0:0000:0000:0002\"\n\tipv6_prefix_ep0=\"fec0:0000:0000:0003 fec0:0000:0000:0004\"\n\t\t# gives the first 64 bits of the IPv6 address\n----------------------------\n\nmethod 2) specify the whole part of IPv6 address\nQuite same as IPv4.\n-------\/etc\/rc.conf---------\n\tipv6_network_interfaces=\"ed0 ep0\"\n\t\t# specifies interfaces to assign IPv6 address\n\tipv6_ifconfig_ed0=\"fec0:0:0:5::1 prefixlen 64\"\n\tipv6_ifconfig_ed0_alias0=\"fec0:0:0:5::2 prefixlen 64\"\n----------------------------\n\n\n3.2. How to enable IPv6 routing protocols on this machine \n3.2.1. Unicast routing protocols\nyou can use IPv6-enabled routing software (e.g. route6d, zebra) to configure \nIPv6 routing protocols.\n\n[Mandatory]\n-------\/etc\/rc.conf---------\n\tipv6_router_enable=\"YES\"\n\t\t# enable an IPv6 routing daemon. By default it's \"NO\".\n\tipv6_router=\"\/usr\/sbin\/route6d\"\n\t\t# Name of IPv6 routing daemon (in this case, RIPng)\n----------------------------\n\n[optional]\nYou can give arguments to routing daemon with the following option.\n\tipv6_router_flags=\"-l\"\t\t\n\t\t# route6d option to exchange site local prefix\n\nYou can write some number of static routers with the following option.\n-------\/etc\/rc.conf---------\n\tipv6_static_routes=\"foo bar baz\"\n\tipv6_route_foo=\"fec0:0000:0000:0006:: -prefixlen 64 ::1\"\n\tipv6_route_bar=\"fec0:0000:0000:0007:: -prefixlen 64 ::1\"\n\tipv6_route_baz=\"fec0:0000:0000:0008:: -prefixlen 64 ::1\"\n----------------------------\n\n3.2.2. Router-advertisement\nIn IPv6, IPv6 router should distribute its prefix to the downstream hosts via\nrouter advertisement.  You can control the behavior of rtadvd (FreeBSD's router advertisement daemon) using the following options.  If you would like to send router-advertisement via some other IPv6 routing daemons (e.g. zebra), you don't need to enable it.\n\n[Mandatory]\n-------\/etc\/rc.conf---------\n\trtadvd_enable=\"YES\"\n\t\t# By default it's \"NO\".\n----------------------------\n\n[Optional]\nNormally router-advertisement will be announced on all the IPv6-ready \ninterfaces, however you can restrict this advertisement using the following\noptions.\n-------\/etc\/rc.conf---------\n\trtadvd_interfaces=\"fxp0\"\n\t\t# by default it's \"auto\", enable router-advertisement\n\t\t# on all interfaces\n----------------------------\n\n3.2.3 multicast routing\nBy default IPv6 multicast routing is disabled, so you have to explicitly \nconfigure it in rc.conf.  \n\nCurrently there are two IPv6 multicast routing daemons available in\npackage or ports (pim6sd = PIM-SM and pim6dd = PIM-DM), but please keep \nin mind that they are not installed in FreeBSD-RELEASE by default due to its \nlicensing issue.\n\n[Mandatory]\n-------\/etc\/rc.conf---------\n\tmroute6d_enable=\"YES\"\t\t\n\t\t# Do IPv6 multicast routing.  By default it's \"NO\".\n\tmroute6d_program=\"\/usr\/local\/sbin\/pim6sd\"\n\t\t# Name of IPv6 multicast routing daemon.  \n\t\t# You need to install it from package or port.\n----------------------------\n\n[Optional]\nYou can give arguments to IPv6 multicast routing daemon.  Normally\nnothing is required.\n-------\/etc\/rc.conf---------\n\tmroute6d_flags=\"-d pim\"\n\t\t# debugging option for pim6sd\n----------------------------\n\n\n4. Others\n4.1. How to configure static IPv6 over IPv4 tunnel\nYou have to specify the following three items to use static \nIPv6 over IPv4 tunnel.\n\t- tunnel device name (gifXXX)\n\t- local IPv4 address\n\t\tmust be a remote IPv4 address of the remote host\n\t- remote IPv4 address\n\t\tmust be a local IPv4 address of the remote host\n\nIn the following example, IPv6 over IPv4 tunnels is configured.\n\t   10.1.1.1          10.1.10.2\n\tmachine-----------------------tunnel server1\n\t    +-------------------------tunnel server2\n                             10.1.20.2\t     \n[Mandatory]\n-------\/etc\/rc.conf---------\n\tgif_interfaces=\"gif0 gif1\"\t\t\n\t\t# List of GIF tunnels to be configured\n\tgifconfig_gif0=\"10.1.1.1 10.1.10.2\"\n\t\t# to tunnel server1\n\tgifconfig_gif1=\"10.1.1.1 10.1.20.2\"\t\n\t\t# to tunnel server2\n----------------------------\n\n\n4.2. How to configure 6to4 tunnel\nYou have to specify the following two items to use 6to4 interface.\n\t- IPv4 local address of 6to4 interface\n\t\t(its IPv6 address will automatically created)\n\t- IPv6 default router via 6to4 interface\n\t\tipv6_defaultrouter=\"2002:c058:6301::\"\n\t\t(corresponding IPv4 address is c0586301 = 192.88.99.1)\n\n[Mandatory]\n-------\/etc\/rc.conf---------\n\tstf_interface_ipv4addr=\"192.168.0.1\"\n\t\t# Local IPv4 address for 6to4 tunneling interface. \n\t\t# its IPv6 address will be \"2002:c0a0:0001::1\"\n\tipv6_defaultrouter=\"2002:c058:6301::\"\n\t\tRFC3068 suggests anycast IPv4 address 192.88.99.1\n\t\tfor 6to4 routers, but you can use other IPv4 address\n\t\taccording to the site-adminitrator configuration.\n----------------------------\n\n[Optional]\nUsing the following options, you can specify prefix length for 6to4 \ninterface to limit 6to4 peer.  By default it's 0 (i.e. all 6to4 machine \nis accepted).  Effective value is 0-31.\n\tstf_interface_ipv4plen=\"16\"\n\nBy default, IPv6 interface-id for 6to4 interface is \"::1\",  so\nthe IPv6 address of 6to4 interface is \"2002:(IPv4address)::1\".\nHowever you can use EUI-64-based interface-id (using \"AUTO\" keyword) or \nother static interface-id.\n-------\/etc\/rc.conf---------\n\tstf_interface_ipv6_ifid=\"1234:5678:9abc:def0\"\n\t\t# By default, it is \"::1\"\n----------------------------\n\nNormally 49-64th bit of IPv6 address on 6to4 interface is zero, i.e.\nIPv6 Site Level Aggregator for 6to4 interface is 0.  If you like, you\ncan specify some appropriate value (it's not necessary at all in normal\ncases, though).\n-------\/etc\/rc.conf---------\n\tstf_interface_ipv6_slaid=\"0001\"\t\n\t\t# By default, it is \"0\"\n----------------------------\n\n\n4.3. how to configure IPv4-IPv6 translator\nThere are many technologies to translate traffic between IPv4 and IPv6.\nBy default FreeBSD include transport relay translator called FAITH (RFC3142),\nwhich translates TCP traffic from IPv6 to IPv4.  \n\n[Mandatory]\nYou need to specify two things to enable FAITH; FAITH prefix and protocols\nto be translated\n\nTo enable a FAITH translator,  you must define FAITH prefix.\nIf you'd like to disable FAITH, please specify \"NO\" here.\n-------\/etc\/rc.conf---------\n\tipv6_faith_prefix=\"3ffe:501:ffff:ffff::\"\n\t\t# By default, it's \"NO\"\n----------------------------\n\nThe above configuration creates a routing entry on this machine\nto forward packets for 3ffe:501:ffff:ffff::\/96 to faith interface.\nWhen you use FAITH from other machine, you must control routing \nto lead packets for 3ffe:501:ffff:ffff::\/96 to this machine by some way\n(e.g. by RIPng).\n\n\nBy default no protocol is tranlated via faith even when \nthe above configuration is given.  So you have to specify the protocols\nto be translated in either of the following manner:\n\nmethod 1) invoke faithd manually\nWrites the following statement in \/etc\/rc.local or\n\/usr\/local\/etc\/rc.d\/faithd.sh etc.\n-------\/etc\/rc.local--------\n\t\/usr\/sbin\/faithd http\n\t\t# translates HTTP traffic\n\t\/usr\/sbin\/faithd ftp \/usr\/libexec\/ftpd ftpd -l\n\t\t# translates FTP traffic unless bound for myself\n----------------------------\n\nmethod 2) invoke faithd via inetd\nadds the following statement in \/etc\/inetd.conf\nThis is dedicated for the cases where translation is required for \ntraffic not for myself and traffic bound for myself would be handled \nnormally.\n-------\/etc\/inetd.conf------\n\tftp     stream  tcp6\/faith  nowait  root  \/usr\/sbin\/faithd  ftpd -l\n----------------------------\n\n[Optional]\nyou can set an faith-specific access control list to prevent malicious \naccess with \/etc\/faithd.conf.  If you configured FAITH on \/etc\/inetd.conf,\nyou can use a tcpwrapper to control access to FAITH as normal inetd control.\n\nBelow is an example access control list using \/etc\/faithd.conf.\n------\/etc\/faithd.conf------\n\t3ffe:501:ffff::\/64 deny 3ffe:501:ffff:ffff::192.168.0.0\/112\n\t\t# deny translation from 3ffe:501:ffff:0::\/64 to 192.168.0.0\/16\n\t3ffe:501:ffff::\/64 permit 3ffe:501:ffff:ffff::10.0.0.0\/104\n\t\t# all ther other traffic from 3ffe:501:ffff::\/64 is translated\n\t# unmatched traffic won't be translated.\n----------------------------\n\n\n4.4 how to control IPv4-mapped IPv6 address\nIPv4-mapped IPv6 address is used to let IPv6-only programs speaks IPv4\non its IPv6 sockets.  \n\nNormally this feature is not required as there are not many IPv6-only \nprograms (as far as I know only mozilla make use of this) and can be \na security hole (you have to configure IPv6 filter to block IPv4 \ntraffic.  How awkard...)\n\n[Mandatory]\n-------\/etc\/rc.conf---------\n\tipv6_ipv4mapping=\"\"\n\t\t# Leave empty to disable IPv4 mapped IPv6 addr communication. \n\t\t# (like ::ffff:a.b.c.d).  By default it's enabled.\n----------------------------\n\n\n4.5. how to configure IPv6 firewall\nFreeBSD provides an IPv6 packet filter called \"ip6fw\".  Here its usage is described.\n\n[Mandatory]\nBy default it's disabled and removed from GENERIC kernel, so you have to \n  - rebuild kernel with the following options\n-------kernel-config--------\n\toptions IPV6FIREWALL\n\t#options IPV6FIREWALL_VERBOSE\n\t#options IPV6FIREWALL_VERBOSE_LIMIT=100\n\t#options IPV6FIREWALL_DEFAULT_TO_ACCEPT\n----------------------------\n\n - enable it on \/etc\/rc.conf\n-------\/etc\/rc.conf---------\n\tipv6_firewall_enable=\"YES\"\n----------------------------\n\nWhen you define IPv6 firewall, you should define its type, too.\nValid values are listed below:\n\topen     - will allow anyone in\n\tclient   - will try to protect just this machine\n\tsimple   - will try to protect a whole network\n\tclosed   - totally disables IP services except via lo0 interface\n\tUNKNOWN  - disables the loading of firewall rules.\n\tfilename - will load the rules in the given filename \n\t\t   (full path required)\nFor ``client'' and ``simple'' the optional entries should be \ncustomized appropriately.\n-------\/etc\/rc.conf---------\n\tipv6_firewall_type=\"simple\"\n----------------------------\n\n[Optional]\n-------\/etc\/rc.conf---------\n\tipv6_firewall_quiet=\"YES\"\n\t\t# suppress rule display. (By default, it's NO)\n\tipv6_firewall_logging=\"YES\"\t\n\t\t# enable events logging. (By default, it's NO)\n\tipv6_firewall_flags=\"\"\n\t\t# Flags passed to ip6fw when type is a \"filename\"\n----------------------------\n\n5 how to configure IPv6 IPsec.\nTo be written...<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>IPv6 configuration guide for FreeBSD users $Id: freebsd-ipv6-config-guide.txt,v 1.1 2002\/05\/24 05:43:11 suz Exp $ suz@freebsd.orgmce:1 This document is for those who would like to configure IPv6 on FreeBSD. If you want a generic information about IPv6, please refer to the following pages. NetBSD IPv6 Networking http:\/\/www.netbsd.org\/Documentation\/network\/ipv6<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,5],"tags":[],"class_list":["post-98","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-old-post-dari-unilanet"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/98"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=98"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/98\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=98"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=98"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=98"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}