Steven Kiehl <nano...@gmail.com> wrote: > So, after several months, I've decided to take another crack at upgrading to > IPv6. I followed the directions on the shorewall IPv6 support page as far as > I can tell, and also dug well into the Linux documentation noted in that > article. Thanks for all your efforts in putting that page together, btw. > > I'm attempting a simple two-interface firewall setup. I've gotten as far as > being able to connect to the firewall from the insides, resolve DNS, but all > IPv6 traffic leaving the outside interface seems to fail with "Network > unreachable" messages, trying both ping6 and traceroute6 and verifying no > REJECT/DROP errors in the logs. I can confirm that IPv6 is working on the > ISP by hooking up a Windows box to the cable modem (only problem there is the > ISP doesn't have an IPv6 DNS server, but otherwise all is well). > > But, try as I have tweaking the network/interfaces and shorewall/shorewall6 > configurations and even attempting to add routes directly to the tables, I > can't seem to get any traffic to move. I have a DHCP-issued IPv6 address > from the ISP, but running 'ip -6 route' shows no default routes. I do have > default routes on IPv4, and disabling IPv6 on my clients does result in > successful IPv4 connections and data transmission. But, IPv6 remains > unreachable for some mysterious reason. > > Attempted to get some support from the ISP, but they are just following > script as usual.
Yes, so many support departments do tend to do that. The starting point is that you don't need Shorewall (or rather, Shorewall6) to do IPv6. So start without Shorewall - but bear in mind that you will be rather exposed between getting IPv6 working and setting up the firewall. Starting from the basics, which ISP is it - someone may know how they manage stuff ? Failing that, how are they handing out the IPv6 information - DHCPv6, PPP, something else ? Does this ISP have any support forums where you could ask - if there are any power users in there then they are the most likely to know just how to do it with that ISP ? ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
