On a NanoBSD firewall, I want to have a separate MAC address on one of the Ethernet interfaces to act as the outer endpoint for IPv6 traffic. This is achieved using a Netgraph eiface:
1 2 3 4 5 6 7 8 9
Note that this does not include an ifconfig call to set the interface’s IPv6 address: this is done by devd, which calls the boot scripts’ ifconfig routine when the interface comes up. Thus I have the following line in /etc/rc.conf:
If instead of this line I have an explicit ifconfig
/etc/rc.local then there is a race condition between
rc.local and devd. If devd runs last, the boot scripts
won’t see any IPv6 address configured for the newly
created interface in
/etc/rc.conf, and they will set
ifdisabled on it (blocking all IPv6 traffic, and marking
the configured link local address as “tentative”).
If devd runs first, the problem is dormant, because setting
the link local address clears
ifdisabled as a side effect.