Re: sendmail vs ipv6 broken after upgrade to 9.1
--Md/poaVZ8hnGTzuv
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, 2013-01-09 at 23:42:10 +0900, Hiroki Sato wrote:
> Ulrich Sp=C3=B6rlein <uqs@FreeBSD.org> wrote
> in <20130109142111.GL35868@acme.spoerlein.net>:
>=20
> > On Wed, 2013-01-09 at 14:14:18 +0100, Michiel Boland wrote:
> > > On 01/08/2013 23:33, Hiroki Sato wrote:
> > > > Ulrich Sp=C3=B6rlein <uqs@freebsd.org> wrote
> > > > in <20130108184051.GI35868@acme.spoerlein.net>:
> > > >
> > > > uq> After setting this, it now looks like this:
> > > > uq> root@acme: ~# ip6addrctl
> > > > uq> Prefix Prec Label Use
> > > > uq> ::1/128 50 0 0
> > > > uq> ::/0 40 1 0
> > > > uq> 2002::/16 30 2 0
> > > > uq> ::/96 20 3 0
> > > > uq> ::ffff:0.0.0.0/96 10 4 0
> > > > uq>
> > > > uq> And even sendmail is happily finding the sockets to bind to. Th=
anks for the hint!
> > > >
> > > > I think this just hides the problem. If gshapiro@'s explanation =
is
> > > > correct, no ::ffff:0.0.0.0/96 address should be returned if the n=
ame
> > > > resolution works fine...
> > > >
> > > > -- Hiroki
> > > >
> > >=20
> > > getipnodebyname(xx, AF_INET6, AI_DEFAULT|AI_ALL) does this:-
> > >=20
> > > If a host has both IPv6 and IPv4 addresses, both are returned.
> > > The IPv4 address is presented as a mapped address.
> > > The order in which the addresses are returns depends on the
> > > address selection policy (_hpreorder in lib/libc/net/name6.c)
> >=20
> > Is this also supposed to work for selecting the source IP address for
> > outgoing packets/sockets? And should it work for ping6?
>=20
> Yes.
>=20
> > Using a tunnel for IPv6, I have this transfer net configured on my
> > router, but for ACL purposes I would like to have all connections come
> > from my real prefix, not the transfer net. So I wrote my own policy, yet
> > ping6 seems to ignore it.
>=20
> > As you can see, source prefix stays 2a02:2528:ff00, though I'd like it
> > to be 2a02:2528:ff0d.
>=20
> This is because the prefix on the interface has the first priority.
> Why don't you use an fe80::/10 address to route packets to the other
> endpoint of tun0?
I don't think I have a choice here. To clarify: the sendmail problem is
on a server that has native IPv6 connectivity, here I setup my actual
prefix as the first address, the address I need to talk to the router is
configured as an alias. This works fine.
The source address problem I'm now talking about is happening on my
router at home, which has a Sixxs tunnel and needs to use AICCU of all
things to talk to the outside world, sixxs-aiccu will create the tun(4)
interface and set it up like this:
tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
options=3D80000<LINKSTATE>
inet6 fe80::230:5ff:fe77:e7a0%tun0 prefixlen 64 scopeid 0xd=20
inet6 fe80::2428:ff00:1b:2%tun0 prefixlen 64 scopeid 0xd=20
inet6 2a02:2528:ff00:1b::2 --> 2a02:2528:ff00:1b::1 prefixlen 128=
=20
nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 82756
and I'd like to have ipv6 connection originating from this host use
2a02:2528:ff0d::1%em0 instead of 2a02:2528:ff00:1b::2%tun0 as the
outgoing address. That tun0 interface can come and go, btw, which
complicates things. Is this possible? Or should I just switch to the one
local DSL provide I have here that actually offers native IPv6 for home
DSL users?
Cheers,
Uli
--Md/poaVZ8hnGTzuv
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (FreeBSD)
iQEcBAEBAgAGBQJQ7cTcAAoJEKOmmGRKr4LOrlQIALBt/oQ4s5CJsW/c7ZNtAwV4
b5H2irOPDni2Vt0II63JE4bRfK8mBi50FVT7crZnfHCNX9/c2H6t5cXgrlcwh00w
oFLhFRnujoBjy0LxgCmOabiXM6H9sKOYo3jWok9iLiA5eeGzJXY6yggTNmuIJw2d
kjigS/GehUG7VpgIYqgsMC7XGR8ucCCEzSJKsZ52lVjWlzL8Yo7mq6dU5jNztQ5M
N/WpAl7H+BMOnv7jya8FvkvKb1b4qS+z5MR458aAjZPFeXL0uqso54Y+Aln2S1Wo
kwB1Cfuidj7SOWgLWzY6UZGWulKHsRbqpNQXeKB1qkpzrK20ewSdIL6+GH/q2vM=
=Q3oo
-----END PGP SIGNATURE-----
--Md/poaVZ8hnGTzuv--
討論串 (同標題文章)
完整討論串 (本文為第 20 之 22 篇):