All right, so I have spent the evening upgrading my firewall to Natty, then
installing the deb packages for shorewall 4.4.23.3. I've made a few changes in
my shorewall config that were needed for the newer versions, and I made your
changes to Providers.pm again after my last update, so now both shorewall and
shorewall6 are starting without errors and everything seems to be working as
expected... except I am still not getting the correct routing of IPv6 traffic.
For example...
# ping6 2001:470:8388:10::9
does not work
# ping6 2001:470:f032:10::9
DOES work
Try doing a traceroute6 of each, and you'll see where the packets appear to hop
across my tunnels, and always end up on sit2 (2001:470:f032::1).
My providers files (under shorewall6):
ISP1 1 10 main sit1 2001:470:1f04:262::1 track
eth1,eth2,eth3,eth5
ISP2 2 20 main sit2 2001:470:c:316::1 track
eth1,eth2,eth3,eth5
My route_rules file:
2001:470:1f04:262::1/64 ::/0 ISP1 11000
2001:470:c:316::1/64 ::/0 ISP2 11001
At this point I've been working on the computer for way too many hours and need
to get some sleep, but if you can possibly think of anything else for me to
check, I would be very appreciative. Are there any files that should or should
not be used under shorewall6 (masq, tc*, or others)?
On 10/21/2011 07:49 AM, Tom Eastep wrote:
On Thu, 2011-10-20 at 21:41 -0600, Jeff Taylor wrote:
Ubuntu Lucid.
I applied the patch to Providers.pm that you gave, and I tried to use
the Server IPv6 Address provided by HE as the gateway in the providers
file, but I still getting the same failure when I try to enable the
providers entries. It should be noted that I don't think I'm actually
using shorewall-perl on my setup.
Here's my providers file as it sits now:
ISP1 3 - main sit1 2001:470:1f04:262::1
track eth1,eth2,eth3,eth5
ISP2 4 - main sit2 2001:470:c:316::1
track eth1,eth2,eth3,eth5
And here's the error I get when I try to restart shorewall6:
21:39:59 Adding Providers...
RTNETLINK answers: No route to host
ERROR: Command "ip -6 route add default via 2001:470:1f04:262::1
src 2001:470:8388::1 dev sit1 table 3" Failed
So... any thoughts as to what I'm doing wrong at this point?
Shorewall 4.4.6 is almost two years old and had not been tried on IPv6.
So it isn't surprising that it doesn't work. If I look at the history of
changes to the Providers module, much of the IPv6 code was added/changed
in April/May of this year.
I see that Oneiric has 4.4.21 which should work much better for you.
-Tom
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
