I have two Debian 6 x64 VMs running under ESXi4.1_U1. One of the VMs is acting as an ipv4 and ipv6 firewall/router using shorewall and has three virtual NICs, LAN, WAN and DMZ. I've set up a 6in4 ipv6 tunnel from Hurricane Electric on the router but have a peculiar problem. The router can ping ipv6.google.com without problem, however any other VMs or physical boxes on the LAN can't ping ipv6.google.com until I ping the box from the router.
The sequence of events is: higgers@ubuntu904:~$ ping6 ipv6.google.com PING ipv6.google.com(2a00:1450:8006::63) 56 data bytes1. ubuntu904 is client VM that sits behind the router VM. There is no feedback from ping6 command other than what you see above. root@debian6:/etc/shorewall# ping6 ubipv6 PING ubipv6(2001:blah:blah:blah:blah:29ff:feb3:490f) 56 data bytes 64 bytes from 2001:blah:blah:blah:blah:29ff:feb3:490f: icmp_seq=1 ttl=64 time=3.57 ms etc etc etc debian6 is the router VM. As soon as it pings ubuntu904 (ipv6 AAAA record on my internal DNS server uses the name ubipv6) I start getting responses from the ping6 on ubuntu904: higgers@ubuntu904:~$ ping6 ipv6.google.com PING ipv6.google.com(2a00:1450:8006::63) 56 data bytes 64 bytes from 2a00:1450:8006::63: icmp_seq=141 ttl=53 time=321 ms 64 bytes from 2a00:1450:8006::63: icmp_seq=142 ttl=53 time=321 ms 64 bytes from 2a00:1450:8006::63: icmp_seq=143 ttl=53 time=321 ms 64 bytes from 2a00:1450:8006::63: icmp_seq=144 ttl=53 time=322 ms Happy days! The client VM can ping6 google! I've verified the same behaviour on a physical client machine running ubuntu 10.10. I'd like to test the behaviour on my opensolaris box but I can't find out how to enable ipv6 on it without rebooting it. It's hosting the NFS share that the VM images sit on and it's a bit of a ball ache to reboot it, especially when it hosts the image for the main router for the LAN and I'm currently offsite. ipv6 addresses are issued using radvd on the router VM. Hurricane Electric have assigned me a /64 subnet and the router/firewall creates a 6in4 tunnel with the ::1/64 address on the subnet as the HE endpoint of the tunnel and the ::2/64 address as my endpoint of the tunnel. I use radvd on the router to hand out addresses in the same subnet to the clients on the LAN. So, all the devices on my LAN end up with an address on my /64 Hurricane Electric subnet meaning they should all be externally accessible without any need for NAT. Hurricane electric assign two /64 subnets, one for the tunnel and one for the local network, they refer to this second subnet as the routed network. If I configure radvd to hand addresses out on the routed network I get the same issue, clients can't ping external sites until the router has pinged the client. Any ideas what I should check?
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
