Steven Kiehl <nano...@gmail.com> wrote: > Thanks for the response, Simon. Like everyone else in the world, it's Time > Warner service. It's all negotiated over DHCP/DHCPv6. Do I need to unblock > something for RA services perhaps?
Yes, you will need to be able to receive RAs in order to get your gateway. The design of IPv6 has some significant differences from IPv4 and this is one of them - DHCP does not provide router information in IPv6. The reason I've read is that in large organisations, DHCP and routing are managed by different groups - therefore it's easier to have the routing group take care of advertising routes, and not have to have the interaction between them and the DHCP group any time the routers change. Personally I think this is a bit bogus, and I don't like the fact that it pushes routing decisions down to the individual devices rather than managing them at the router level. Anyway, the Router Advertisements provide information on the routers available, what destinations they can reach, what prefixes are on this link, and what prefixes are considered "local" - they also indicate if the link is "managed" which is an indication for the client to attempt DHCP rather than autoconfiguration. Assuming the ISP kit is providing them, and you are receiving them, then routing setup should be automagic. > I found that I can get things working by taking the steps of hooking a > Windows machine up first, grabbing the default IPv6 gateway. That's a reasonable way to do it for initial testing. > Tried asking TWC support about all this and they blamed my modem, saying > "your modem is showing an IPv6 address" "talk to your modem manufacturer." > Worst answer I've ever received from them ever. I really am not surprised. > So I adding that address as a hard-coded gateway in the shorewall/providers > configuration. I basically followed the multi-isp directions and skipped the > multi part of it. That's a lot of work/complication for what is a very simple task ! Assuming you have the ip tools installed (which should be the default on any modern distro) then you just need to "ip route add ..." to install a route. As I said, Shorewall isn't needed at all to get the IPv6 working - but it is needed as soon as you do get it working. It's often best to get the network working without the firewall as it removes the "is it the network or the firewall that's blocking stuff" problem - at a time when you have a lot of variables to get sorted before it all works. > I don't want to have to re-determine the gateway address every time it > magically changes. I haven't learned of any way to pull it down through any > sort of console command. AFAIK, receiving RAs is the only way to do it. BTW - as well as not blocking RAs, there are a number of ICMP6 packets that you must not block or it breaks several IPv6 basic/mandatory features (such as path-MTU detection). > And TWC still has no IPv6-only DNS either, all delivered over IPv4. That doesn't really matter, as long as they actually resolve AAAA queries. I've had a quick search for '"time warner" ipv6 linux' and it's thwon up a few interesting looking articles. In particular, this one http://www.kloepfer.org/ipv6-homenet.html caught my eye - it raises some valid points. Lastly, what DHCP client are you using ? When I tested native IPv6 through a trial my ISP (Plusnet in the UK) ran, I used Dibbler - I can't remember if there was a reason for not using the ISC DHCP6 client but I assume there was. In this case, using the DHCP client was only for "triggering" the ISP stuff (ie getting the ISP kit to route the traffic) as the assignments were all static. I think having a dynamic prefix will be "interesting" and the preponderance of people on the standards bodies that defined IPv6 being used to "big networks and static assignments" shows. Personally I think this is a valid use case for prefix translation (multiple providers is another) and with the right standardisation could be done without the pitfalls of NAPT as used in IPv4. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
