Re: [Shorewall-users] A can't Ping B until C has pinged A (ipv6)

Fri, 25 Feb 2011 04:14:37 -0800 

On 25/02/11 11:04, shorewall shorewall wrote:
I have two Debian 6 x64 VMs running under ESXi4.1_U1. One of the VMs is acting as an ipv4 and ipv6 firewall/router using shorewall and has three virtual NICs, LAN, WAN and DMZ. I've set up a 6in4 ipv6 tunnel from Hurricane Electric on the router but have a peculiar problem. The router can ping ipv6.google.com <http://ipv6.google.com> without problem, however any other VMs or physical boxes on the LAN can't ping ipv6.google.com <http://ipv6.google.com> until I ping the box from the router. 

The sequence of events is:

higgers@ubuntu904:~$ ping6 ipv6.google.com <http://ipv6.google.com>

PING ipv6.google.com <http://ipv6.google.com>(2a00:1450:8006::63) 56 
data bytes1.




ubuntu904 is client VM that sits behind the router VM. There is no 
feedback from ping6 command other than what you see above.


root@debian6:/etc/shorewall# ping6 ubipv6
PING ubipv6(2001:blah:blah:blah:blah:29ff:feb3:490f) 56 data bytes

64 bytes from 2001:blah:blah:blah:blah:29ff:feb3:490f: icmp_seq=1 
ttl=64 time=3.57 ms

etc
etc
etc



debian6 is the router VM. As soon as it pings ubuntu904 (ipv6 AAAA 
record on my internal DNS server uses the name ubipv6) I start getting 
responses from the ping6 on ubuntu904:



I have had this kind of behaviour when I've forgotten to add an entry in 
/etc/shorewall/tunnels. The exact manifestation depends on your 
zone-zone policies, but if you have logging on rejects and that is 
showing rejected proto 41 packets coming in, then that could be the problem.




------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to