----------------------------------------------------------------------------------
@MSGID: <10k9f75$dhhr$1@dont-email.me> 14fe7b89
@REPLY: <sm03448t786.fsf@lakka.kapsi.fi> 800c7e76
@PID: PyGate 1.5.2
@TID: PyGate/Linux 1.5.2
@CHRS: ASCII 1
@TZUTC: 0000
@REPLYADDR Pancho.Jones@protonmail.com
@REPLYTO 3:633/10 UUCP
On 1/14/26 17:49, Anssi Saari wrote:
> Pancho <
Pancho.Jones@protonmail.com> writes:
>
>> On 12/30/25 20:00, David Higton wrote:
>>> In message <10iv40e$1e1ba$1@dont-email.me>
>>> Pancho <Pancho.Jones@protonmail.com> wrote:
>>>
>>>> IPv6 seems like a world of pain.
>>> In my experience it just works.
>>>
>>
>> I`m surprised. Accepting that you do not do some of the things I do,
>> like policy routing rules based upon a host computer IP...
>
> I actually do that. I route my IPTV boxes out via an alternate interface
> due to some stupid contractual issues. So all I did was add routing
> rules with ip -6 rule add from $addr table Magic and all the Magic table
> has is a defaultroute out via the other interface. Same as IPv4. But
> maybe your policy routing is something different?
>
> For sure this would be a problem if the IPv6 addresses were changing all
> the time but they haven`t.
Yes, that is the kind of thing but.. there was a bug in the pfSense
firewall rules. pfSense is a freeBSD firewall/router.
The bug was that pfSense allows you to predicate firewall rules on an
"alias", which can be a list of Full Qualified Domain Names. Something
like if the source host FQDN is in this alias, route over this gateway
to the WAN. The FQDNs resolve to an IPv4 and IPv6 addresses and then
checks the IP value in a packet and routes accordingly. This works fine
for a WAN FQDN, like e.g. www.google.com, it includes both IPv4 and IPv6
addresses. However, for hosts on my LAN, e.g. myhost.home.arpa if there
was an IPv4 address it gave only IPv4 and ignored the IPv6 one. I can
work around it by creating an extra FQDN for IPv6 e.g.
myhost.ipv6.home.arpa, but it takes time to understand why things don`t
work.
Then there is the issue of the extra random IPv6 addresses it was
creating, which aren`t included in DNS, in the FQDN at all.
That is the second IPv6 bug in pfSense, after the MTU/packet
fragmentation bug I mentioned earlier, which I`m still trying to get to
the bottom of.
IPv6 seems surprisingly hard. Surprising if a significant proportion of
people are using it.
--- PyGate Linux v1.5.2
* Origin: Dragon`s Lair, PyGate NNTP<>Fido Gate (3:633/10)
SEEN-BY: 19/10 50/109 153/757 218/840 840 220/70
221/1 6 360 226/17 100
SEEN-BY: 229/426 240/1120 267/800 301/1 113 812
310/31 335/364 341/66 463/68
SEEN-BY: 633/10 280 414 418 420 422 509 2744
712/848 770/1 3 100 340 350
SEEN-BY: 772/210 220 230 5019/40 5020/715 848 1042
4441 12000 5030/49 722
SEEN-BY: 5030/1081 1474 5053/55 5061/133 5075/128
@PATH: 633/10 280 770/1 218/840 221/6 301/1
5020/1042 4441