| net.inet.ip.forwarding=1 # Enable IPv4 forwarding between interfaces | |
| net.inet6.ip6.forwarding=1 # Enable IPv6 forwarding between interfaces | |
| net.inet6.ip6.accept_rtadv=1 # Important: Still accept IPv6 Router Adverts even with IPv6 Forwarding | |
| net.inet6.ip6.rfc6204w3=1 # Enable per interface router adverts (?) | |
| net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled | |
| net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface | |
| net.link.bridge.pfil_member=0 # Packet filter on the member interface |
| #### Host networking on igc0 #### | |
| # Host’s own network on igc0 | |
| ifconfig_igc0="up DHCP" | |
| # IPv6 via router advertisements on igc0 | |
| ifconfig_igc0_ipv6="inet6 accept_rtadv auto_linklocal eui64" # accept ipv6 router adverts and use stable addresses | |
| ifconfig_igc1_ipv6="inet6 -accept_rtadv" # don't accept ipv6 router adverts | |
| ipv6_gateway_enable="YES" | |
| ipv6_activate_all_interfaces="YES" | |
| # Bring igc1 up (no address, it's only a bridge member) | |
| ifconfig_igc1="up" | |
| # Enable rtsold so the host actually listens for IPv6 RAs | |
| rtsold_enable="YES" | |
| rtsol_flags="-a -i" | |
| ndp_proxy_all="NO" | |
This is the core config for setting up IPv6 on multiple ethernet interfaces (igc0 and igc1)
with IPv6 forwarding while still accepting IPv6 routes on igc0.
Enabling IPv6 forwarding for vnet/jails breaks IPv6 on the main igc0. The trick is to use
sysctl net.inet6.ip6.accept_rtad=1 to still allow interfaces to accept router advertisements. This still needs rtsold running.
Took a while to find this config!