Re: [Shorewall-users] Unable to have ipv6 connectivity on client once shorewall6 is started

Thu, 23 Jul 2009 20:20:56 -0700 

Laurent CARON wrote:
> Hi,
> 
> I'm currently facing a rather strange problem.
> 
> I did order a dedicated server at a hosting company.
> 
> This server is provided with ipv4 and ipv6 connectivity.
> 
> The default ipv6 gateway is given through radvd (from what i've seen in
> tcpdump logs):
> 
> 21:17:25.260848 IP6 fe80::215:2cff:fe6e:b000 > ip6-allnodes: ICMP6,
> router advertisement, length 64
> 
> default via fe80::215:2cff:fe6e:b000 dev eth0  proto kernel  metric 1024
>  expires 1797sec mtu 1500 advmss 1440 hoplimit 64
> 
> If I start shorewall, this default route immediately disappears thus
> preventing any ipv6 communication.
> 
> I think my setup might block ipv6 router advertisment messages.

Unless you explicitly block these messages, Shorewall allows them.

The system that I am writing this on runs Shorewall6 and gets its IPV6
address via autoconfiguration and its default route via radv:

teas...@ursa:~/shorewall/trunk/Shorewall/Perl$ ip -6 route ls
2002:ce7c:92b4:1::/64 dev eth1  proto kernel  metric 256  expires
2591978sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440
hoplimit 4294967295
default via fe80::2a0:ccff:fedb:31c4 dev eth1  proto kernel  metric 1024
 expires 8816sec mtu 1500 advmss 1440 hoplimit 64
teas...@ursa:~/shorewall/trunk/Shorewall/Perl$

What I have found is that neighbor discovery sometimes breaks down. I
don't understand why that happens but it really doesn't seem to have
anything to do with Shorewall6.

When communication fails, I suggest that you execute this command on
both the Shorewall box and on the router (assuming that it runs Linux):

        ip -6 neigh ls

Each display should show the other host. If not, let us know.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to