On Fri, Feb 25, 2011 at 12:09 PM, Dominic Benson <[email protected]>wrote:
> On 25/02/11 11:04, shorewall shorewall wrote: > > I have two Debian 6 x64 VMs running under ESXi4.1_U1. One of the VMs is > acting as an ipv4 and ipv6 firewall/router using shorewall and has three > virtual NICs, LAN, WAN and DMZ. I've set up a 6in4 ipv6 tunnel from > Hurricane Electric on the router but have a peculiar problem. The router can > ping ipv6.google.com without problem, however any other VMs or physical > boxes on the LAN can't ping ipv6.google.com until I ping the box from the > router. > > The sequence of events is: > > higgers@ubuntu904:~$ ping6 ipv6.google.com > PING ipv6.google.com(2a00:1450:8006::63) 56 data bytes1. > > > ubuntu904 is client VM that sits behind the router VM. There is no > feedback from ping6 command other than what you see above. > > root@debian6:/etc/shorewall# ping6 ubipv6 > PING ubipv6(2001:blah:blah:blah:blah:29ff:feb3:490f) 56 data bytes > 64 bytes from 2001:blah:blah:blah:blah:29ff:feb3:490f: icmp_seq=1 ttl=64 > time=3.57 ms > etc > etc > etc > > > debian6 is the router VM. As soon as it pings ubuntu904 (ipv6 AAAA record > on my internal DNS server uses the name ubipv6) I start getting responses > from the ping6 on ubuntu904: > > > I have had this kind of behaviour when I've forgotten to add an entry in > /etc/shorewall/tunnels. The exact manifestation depends on your zone-zone > policies, but if you have logging on rejects and that is showing rejected > proto 41 packets coming in, then that could be the problem. > I've got the following in /etc/shorewall/tunnels: ############################################################################### #TYPE ZONE GATEWAY GATEWAY # ZONE 6to4 net Regards, Steve. > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT > data > generated by your applications, servers and devices whether physical, > virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
