I believe this may be caused by the command being generated with the src <addr> argument I'm not certain this is supported for IPv6 as I have in the past tried to manually add a route and found it would not work unless that argument was eliminated. It could have something to do with the address selection algorithms in IPv6 which are I think different as IPv6 was written from the beginning with multiple addresses per interface in mind plus the added factors introduced by address scoping. I just checked the iproute2 manual though and there is nothing in man ip-route's description of the src attribute to suggest that it's IPv4 only so it's possible that iproute2 has a bug, then a lot of things I guess are possible here given iproute2 is itself more of a frontend could be an issue with the underlying netlink or kernel routing code too. Something doesn't like src for ip6 routes anyway.
Either shorewall shouldn't be generating IPv6 routes with src or iproute2 should be accepting them but I am really not sure which is the case, likely shorewall may have to work around it for a while even if it is an iproute2 issue as I can see it being a while before one can bank on the support being operational. On 08/03/13 11:50, Prachachart Stapornnanon wrote: > Good Afternoon > > I use shorewall to do multi ISP both IPv4 and IPv6 > > About IPv4(shorewall) is no problem > > but ipv6(shorewall6) has problem can’t start when i write config in > /etc/shorewall6/providers > > Spite of is really close config > > I use centos 6.3 – kernel 2.6.32-279.el6.i686 - iptables 1.4.7-5.1 - > shorewall & shorewall6 version 4.5.11.2 > > Thank you for your help ^_^ > > At Iast i attach some involved config file below > > > > /etc/shorewall6/interfaces > >>> #ZONE INTERFACE OPTIONS >>> net eth0 tcpflags,forward=1,sourceroute=0 >>> net eth2 tcpflags,forward=1,sourceroute=0 >>> loc eth1 tcpflags,forward=1 > > > /etc/shorewall6/providers > >>> #NAME NUMBER MARK DUPLICATE > INTERFACE GATEWAY OPTIONS > COPY >>> ISP1 1 1 main eth0 > 1:1:1:1::1 track none > > > Some trace about shorewall6 can’t start > >>> Compiling... >>> Processing /etc/shorewall6/params ... >>> Processing /etc/shorewall6/shorewall6.conf... >>> Loading Modules... >>> Compiling /etc/shorewall6/zones... >>> Compiling /etc/shorewall6/interfaces... >>> Determining Hosts in Zones... >>> Locating Action Files... >>> Compiling /usr/share/shorewall6/action.Drop for chain Drop... >>> Compiling /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs... >>> Compiling /usr/share/shorewall6/action.Broadcast for chain Broadcast... >>> Compiling /usr/share/shorewall/action.Invalid for chain Invalid... >>> Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn... >>> Compiling /usr/share/shorewall6/action.Reject for chain Reject... >>> Compiling /etc/shorewall6/policy... >>> Compiling TCP Flags filtering... >>> Compiling Accept Source Routing... >>> Compiling /etc/shorewall6/providers... >>> Compiling MAC Filtration -- Phase 1... >>> Compiling /etc/shorewall6/rules... >>> Compiling MAC Filtration -- Phase 2... >>> Applying Policies... >>> Generating Rule Matrix... >>> Optimizing Ruleset... >>> Creating ip6tables-restore input... >>> Compiling Interface forwarding... >>> Shorewall configuration compiled to /var/lib/shorewall6/.start >>> Starting Shorewall6.... >>> Initializing... >>> Processing /etc/shorewall6/init ... >>> Processing /etc/shorewall6/tcclear ... >>> Setting up Accept Source Routing... >>> Setting up Proxy NDP... >>> Adding Providers... >>> RTNETLINK answers: Invalid argument >>> ERROR: Command "ip -6 route add default via 1:1:1:1::1 src 1:1:1:1::2 > dev eth0 table 1" Failed >>> Processing /etc/shorewall6/stop ... >>> Processing /etc/shorewall6/tcclear ... >>> Running /sbin/ip6tables-restore... >>> IPv6 Forwarding Enabled >>> Processing /etc/shorewall6/stopped ... >>> /usr/share/shorewall/lib.common: line 112: 5876 Terminated > $SHOREWALL_SHELL $script $options $@ > > > > > > ------------------------------------------------------------------------------ > Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester > Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the > endpoint security space. For insight on selecting the right partner to > tackle endpoint security challenges, access the full report. > http://p.sf.net/sfu/symantec-dev2dev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
