well I'm definitely confused then, because I've basically done the bare minimum in getting this set up.
#2 and #3 can definitely be ruled out - I'm running a super bare bones version of openbsd that doesn't have anything besides the os installed - no X, no browsers, and no proxies.
I'm guessing then it has to be a Nat66 thing, since I'm not super familiar with pf. To make things a little more complicated, I'm using PPPoE with my DSL modem from OpenBSD, but I'd be surprised if that has anything to do with this.
When I ran tcpdump and telnet, I got:
09:01:36.690738 PPPoE-Session
code Session, version 1, type 1, id 0xad7a, length 66
IP: 71-212-111-178.tukw.qwest.net.59352 > google-public-dns-a.google.com.domain: 18170+ A? ipv6.test-ipv6.com. (36)
09:01:36.738884 PPPoE-Session
code Session, version 1, type 1, id 0xad7a, length 130
IP: google-public-dns-a.google.com.domain > 71-212-111-178.tukw.qwest.net.59352: 18170 1/1/0 CNAME aaaa.test-ipv6.com. (100)
09:01:36.750550 PPPoE-Session
code Session, version 1, type 1, id 0xad7a, length 66
IP: 71-212-111-178.tukw.qwest.net.58109 > google-public-dns-a.google.com.domain: 64925+ AAAA? ipv6.test-ipv6.com. (36)
09:01:36.798781 PPPoE-Session
code Session, version 1, type 1, id 0xad7a, length 113
IP: google-public-dns-a.google.com.domain > 71-212-111-178.tukw.qwest.net.58109: 64925 2/0/0 CNAME aaaa.test-ipv6.com., (83)
09:01:36.806165 PPPoE-Session
code Session, version 1, type 1, id 0xad7a, length 94
IP: arader-1-pt.tunnel.tserv3.fmt2.ipv6.he.net.50002 > jason-fesler.f0-8.switch2a.fmt.he.net.telnet: S 2660359580:2660359580(0) win 8192 <mss 1440,nop,wscale 2,nop,nop,sackOK> (encap)
You can see here my laptop uses IPv4 to query google's public DNS server for test-ipv6.com's address - could this be a problem? I assumed not (at least until ipv4 is turned off).
Anyway, here's everything I have set up on my router. Thoughts?
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:38
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:24ff:fec7:3738%sis0 prefixlen 64 scopeid 0x1
sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:39
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::200:24ff:fec7:3739%sis1 prefixlen 64 scopeid 0x2
inet6 2001:470:1f05:3dd::1 prefixlen 64
sis2: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:3a
priority: 0
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
priority: 0
groups: enc
status: active
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
priority: 0
dev: sis0 state: session
sid: 0xad7a PADI retries: 7 PADR retries: 0 time: 17:31:12
sppp: phase network authproto pap authname "raderandrew"
groups: pppoe egress
status: active
inet6 fe80::200:24ff:fec7:3738%pppoe0 -> prefixlen 64 scopeid 0x6
inet 71.212.111.178 --> 63.231.10.252 netmask 0xffffffff
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
priority: 0
groups: gif egress
physical address inet 71.212.111.178 --> 72.52.104.74
inet6 fe80::200:24ff:fec7:3738%gif0 -> prefixlen 64 scopeid 0x7
inet6 2001:470:1f04:3dd::2 -> 2001:470:1f04:3dd::1 prefixlen 128
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
# cat /etc/rtadvd.conf
sis1:\
:addr="2001:470:1f05:3dd::":prefixlen#64:raflags#0:
# cat /etc/pf.conf
# Macros
int_if="sis1"
ext_if="pppoe0"
# Options
set block-policy drop
set loginterface $ext_if
set skip on lo
match on pppoe0 scrub (max-mss 1440) # scrub MTU sizes so they fit in PPPoE
# Translation
nat on $ext_if inet from ! ($ext_if) -> ($ext_if)
# Filtering
pass in
pass out