IPv6 Configuration in FreeBSD

Jul 19, 2023 • FreeBSDSoftware

Understanding and working with FreeBSD’s network configuration is undoubtedly an integral part of system administration. A big part of these configuration settings is about managing the IPv6 settings on FreeBSD based systems.

Getting Started

To get started, you’ll need to have a functioning installation of FreeBSD and network interface configured for IPv6. If you are new to FreeBSD, you might want to check out our intro guide to networking in FreeBSD before proceeding.

IPv6 Address Configuration

The first factor to consider is if your system already has an IP address. You can check this with FreeBSD’s ifconfig command:

$ ifconfig

Look for lines that begin with “inet6.” The address following this label is your system’s IPv6 address. If it hasn’t been manually configured yet, FreeBSD chooses a link-local address by default. Your network should also be providing an IPv6 address via auto-configuration.

If your network doesn’t provide this or you wish to set up a static IP address, add the following to /etc/rc.conf:

ifconfig_<interface name>="inet6 <IPv6 address> prefixlen <prefix length>"

But replace <interface name>, <IPv6 address>, and <prefix length> with your actual values.

Enabling IPv6 Forwarding

The second step is to enable IPv6 forwarding on FreeBSD, which can be done by adjusting settings in the kernel. To understand this process, you may want to check our article about kernel tuning for FreeBSD optimization. To enable this, update /etc/sysctl.conf with:

net.inet6.ip6.forwarding=1

Then, use command sysctl to apply the setting:

$ sysctl net.inet6.ip6.forwarding=1

This will let the kernel forwards packets not addressing it.

Configure IPv6 Privacy Extensions

Privacy extensions for Stateless Address Autoconfiguration in IPv6 is a mechanism for hosts to automatically generate randomised IPv6 addresses with an additional privacy benefit. To enable the IPv6 privacy extensions, add the following to /etc/sysctl.conf:

net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.prefer_tempaddr=1

Remember to use sysctl command to apply these changes.

IPv6 with PF (Packet Filter)

One of FreeBSD’s greatest strengths is its robust firewall options. Implementing Firewalls Security in FreeBSD will ensure the security of your network. PF, the built-in firewall on FreeBSD, supports IPv6. Open /etc/pf.conf and configure according to your network needs. Don’t forget to reload PF:

# /etc/rc.d/pf reload

If you’re unsure or insecure about working on your firewall settings, FreeBSD has a great port available for network security scanning as nmap.

By following these steps, your FreeBSD machine should be appropriately configured for IPv6. Experiment with the settings that work best for your network and business needs. Don’t be afraid to consult the FreeBSD man pages as you continue to explore FreeBSD as they are a great resource.

Remember that before making major configuration changes, backing up your FreeBSD system is always good practice.

Feel free to explore other fascinating topics around FreeBSD such as disk management and high availability on our blog. Happy FreeBSD learning and exploration!


Checkout these related ports: