Steven Kiehl <nano...@gmail.com> wrote:

> Thanks for the response, Simon.  Like everyone else in the world, it's Time 
> Warner service.  It's all negotiated over DHCP/DHCPv6. Do I need to unblock 
> something for RA services perhaps?

Yes, you will need to be able to receive RAs in order to get your gateway. The 
design of IPv6 has some significant differences from IPv4 and this is one of 
them - DHCP does not provide router information in IPv6.
The reason I've read is that in large organisations, DHCP and routing are 
managed by different groups - therefore it's easier to have the routing group 
take care of advertising routes, and not have to have the interaction between 
them and the DHCP group any time the routers change. Personally I think this is 
a bit bogus, and I don't like the fact that it pushes routing decisions down to 
the individual devices rather than managing them at the router level.

Anyway, the Router Advertisements provide information on the routers available, 
what destinations they can reach, what prefixes are on this link, and what 
prefixes are considered "local" - they also indicate if the link is "managed" 
which is an indication for the client to attempt DHCP rather than 
autoconfiguration. Assuming the ISP kit is providing them, and you are 
receiving them, then routing setup should be automagic.

> I found that I can get things working by taking the steps of hooking a 
> Windows machine up first, grabbing the default IPv6 gateway.

That's a reasonable way to do it for initial testing.

> Tried asking TWC support about all this and they blamed my modem, saying 
> "your modem is showing an IPv6 address" "talk to your modem manufacturer." 
> Worst answer I've ever received from them ever.

I really am not surprised.

> So I adding that address as a hard-coded gateway in the shorewall/providers 
> configuration.  I basically followed the multi-isp directions and skipped the 
> multi part of it.

That's a lot of work/complication for what is a very simple task !
Assuming you have the ip tools installed (which should be the default on any 
modern distro) then you just need to "ip route add ..." to install a route.
As I said, Shorewall isn't needed at all to get the IPv6 working - but it is 
needed as soon as you do get it working. It's often best to get the network 
working without the firewall as it removes the "is it the network or the 
firewall that's blocking stuff" problem - at a time when you have a lot of 
variables to get sorted before it all works.


> I don't want to have to re-determine the gateway address every time it 
> magically changes.  I haven't learned of any way to pull it down through any 
> sort of console command.

AFAIK, receiving RAs is the only way to do it.
BTW - as well as not blocking RAs, there are a number of ICMP6 packets that you 
must not block or it breaks several IPv6 basic/mandatory features (such as 
path-MTU detection).

> And TWC still has no IPv6-only DNS either, all delivered over IPv4.

That doesn't really matter, as long as they actually resolve AAAA queries.


I've had a quick search for '"time warner" ipv6 linux' and it's thwon up a few 
interesting looking articles. In particular, this one 
http://www.kloepfer.org/ipv6-homenet.html caught my eye - it raises some valid 
points.

Lastly, what DHCP client are you using ? When I tested native IPv6 through a 
trial my ISP (Plusnet in the UK) ran, I used Dibbler - I can't remember if 
there was a reason for not using the ISC DHCP6 client but I assume there was. 
In this case, using the DHCP client was only for "triggering" the ISP stuff (ie 
getting the ISP kit to route the traffic) as the assignments were all static.
I think having a dynamic prefix will be "interesting" and the preponderance of 
people on the standards bodies that defined IPv6 being used to "big networks 
and static assignments" shows. Personally I think this is a valid use case for 
prefix translation (multiple providers is another) and with the right 
standardisation could be done without the pitfalls of NAPT as used in IPv4.


------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to