Woops. sorry, let me try attaching this again.  Seem to have attached the
stopped-state dump.  Attached here is the started-state dump with all the
active changes and whatnot.

By the way, do you accept these dumps via GitHub Gists, or just via
attached gz/bzip2s?

- Steve Kiehl

On Sat, Sep 17, 2016 at 6:22 PM, Steven Kiehl <nano...@gmail.com> wrote:

> Hi again!
> So, after several months, I've decided to take another crack at upgrading
> to IPv6.  I followed the directions on the shorewall IPv6 support page as
> far as I can tell, and also dug well into the Linux documentation noted in
> that article. Thanks for all your efforts in putting that page together,
> btw.
> I'm attempting a simple two-interface firewall setup. I've gotten as far
> as being able to connect to the firewall from the insides, resolve DNS, but
> all IPv6 traffic leaving the outside interface seems to fail with "Network
> unreachable" messages, trying both ping6 and traceroute6 and verifying no
> REJECT/DROP errors in the logs.  I can confirm that IPv6 is working on the
> ISP by hooking up a Windows box to the cable modem (only problem there is
> the ISP doesn't have an IPv6 DNS server, but otherwise all is well).
> But, try as I have tweaking the network/interfaces and
> shorewall/shorewall6 configurations and even attempting to add routes
> directly to the tables, I can't seem to get any traffic to move.  I have a
> DHCP-issued IPv6 address from the ISP, but running 'ip -6 route' shows no
> default routes.  I do have default routes on IPv4, and disabling IPv6 on my
> clients does result in successful IPv4 connections and data transmission.
> But, IPv6 remains unreachable for some mysterious reason.
> Attempted to get some support from the ISP, but they are just following
> script as usual.
> I've attached the shorewall6 dump to this message. Let me know if any
> other info is needed.
> Thanks for any help you can provide!
> - Steve Kiehl

Attachment: shorewall6_dump_started.txt.bz2
Description: BZip2 compressed data

Shorewall-users mailing list

Reply via email to