On 03/05/2016 07:00 PM, Steven Kiehl wrote: > Hey all, > > I could use some help getting Shorewall6 working stable in concert with > Shorewall. > > I just installed Shorewall6 on my router machine about 2 weeks ago and > had no trouble, but notice sudden slowdown today after having no visible > issue for the couple weeks. After investigating, I discovered that > there's some 30% packet loss and sustained ping times (to Google) in the > 45-55ms range. I hooked up a Windows machine to the cable modem and > there was 0% packet loss and ping times in the 35-40ms range. > > Also, I noticed that pings to the modem directly would respond for the > first 5-10 requests, and then drop completely (Destination host > unreachable). I also noticed that the modem's web interface worked for > the first 1-3 page loads and then I would get connection reset errors > for every request onward until I rebooted my modem. I'd then get 5-10 > pings and 1-3 page loads and then total drop. The Internet still > (kinda) works, but not the modem web interface. > > So, I turned off Shorewall6 and stripped IPv6 from my Internet-facing > interface. Now, running with IPv4-only, there is 0% packet loss and > 35-40ms pings just like my laptop was showing, but my laptop could do it > with both IPv4 and IPv6, and the web interface worked flawlessly from my > laptop. > > What could I be doing wrong that would cause conflict between IPv4 and > IPv6? Mind you, all these ping tests were run from my router machine > directly and just with IPv4 addresses. > > My goal is this: Have my router get both an IPv4 and IPv6 address from > my ISP, and allow clients to access the Internet in whichever form > they'd like. But I can't even seem to get it to play nicely on the > router box. I've got this same setup on a couple server endpoints, and > they both have had no issues, but they don't do any masquerading or > client routing of any sort. > > With IPv4/v6, my /etc/network/interfaces was set up as follows: > > auto eth2 > iface eth2 inet dhcp > iface eth2 inet6 dhcp > up sysctl net.ipv6.conf.$IFACE.accept_ra=1 > pre-down ip link set dev $IFACE up > post-up /sbin/ifconfig $IFACE mtu 1500 > > > I only have a basic IPv6 setup on the router right now with masq only > configured for IPv4 until I'm confident that the router is running > stable. So, for the most part, Shorewall6 is set up default with very > vanilla interfaces, policy, and rules files. Everything is very > reflective of my IPv4 configs, just adjusted for IPv6. > > At present, shorewall and shorewall6 are version 4.4.26.1, standard > Ubuntu repo packages. > > Any immediate thoughts? Anything else I should provide for diagnostics? >
With IPv6 enabled, if you 'shorewall clear' and 'shorewall6 clear', do the symptoms between the router and the modem go away? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
