Hey all, I could use some help getting Shorewall6 working stable in concert with Shorewall.
I just installed Shorewall6 on my router machine about 2 weeks ago and had no trouble, but notice sudden slowdown today after having no visible issue for the couple weeks. After investigating, I discovered that there's some 30% packet loss and sustained ping times (to Google) in the 45-55ms range. I hooked up a Windows machine to the cable modem and there was 0% packet loss and ping times in the 35-40ms range. Also, I noticed that pings to the modem directly would respond for the first 5-10 requests, and then drop completely (Destination host unreachable). I also noticed that the modem's web interface worked for the first 1-3 page loads and then I would get connection reset errors for every request onward until I rebooted my modem. I'd then get 5-10 pings and 1-3 page loads and then total drop. The Internet still (kinda) works, but not the modem web interface. So, I turned off Shorewall6 and stripped IPv6 from my Internet-facing interface. Now, running with IPv4-only, there is 0% packet loss and 35-40ms pings just like my laptop was showing, but my laptop could do it with both IPv4 and IPv6, and the web interface worked flawlessly from my laptop. What could I be doing wrong that would cause conflict between IPv4 and IPv6? Mind you, all these ping tests were run from my router machine directly and just with IPv4 addresses. My goal is this: Have my router get both an IPv4 and IPv6 address from my ISP, and allow clients to access the Internet in whichever form they'd like. But I can't even seem to get it to play nicely on the router box. I've got this same setup on a couple server endpoints, and they both have had no issues, but they don't do any masquerading or client routing of any sort. With IPv4/v6, my /etc/network/interfaces was set up as follows: auto eth2 > iface eth2 inet dhcp > iface eth2 inet6 dhcp > up sysctl net.ipv6.conf.$IFACE.accept_ra=1 > pre-down ip link set dev $IFACE up > post-up /sbin/ifconfig $IFACE mtu 1500 I only have a basic IPv6 setup on the router right now with masq only configured for IPv4 until I'm confident that the router is running stable. So, for the most part, Shorewall6 is set up default with very vanilla interfaces, policy, and rules files. Everything is very reflective of my IPv4 configs, just adjusted for IPv6. At present, shorewall and shorewall6 are version 4.4.26.1, standard Ubuntu repo packages. Any immediate thoughts? Anything else I should provide for diagnostics? Thank you, Steve Kiehl
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
