On Tue, 2016-11-08 at 18:31 -0500, Brian J. Murrell wrote: > > Ahh. OK. I will see about getting an upgrade under way.
Done, and the IPv6 policy does load but I just want to confirm if the routing is as expected. Given the providers: CGCO 1 0x100 - 6to4-cableco ::192.8.9.1 balance,nohostroute - DSL 2 0x200 - pppoe-wan1 - balance,nohostroute - Squid 3 0x400 - br-lan fd31:aeb1:48df:0:214:d1ff:fe13:45ac loose,notrack HENET 4 0x300 - 6in4-henet 2001:123:aa:ccc::1 balance,nohostroute - My routing looks like: # ip -6 rule ls 0: from all lookup 128 1: from all lookup local 999: from all lookup main 2000: from all to 2001:888:0:18::119 lookup CGCO 2000: from all to 2001:4de0:2101:119e::20 lookup DSL 2000: from all to 2001:4de0:2101:119e::21 lookup DSL 10000: from all fwmark 0x100/0xff00 lookup CGCO 10001: from all fwmark 0x200/0xff00 lookup DSL 10002: from all fwmark 0x400/0xff00 lookup Squid 10003: from all fwmark 0x300/0xff00 lookup 4 11000: from 2002:aaaa:bbbb::/64 lookup CGCO 11000: from 2607:aaa:bbb:cccc::/64:/64 lookup DSL 11000: from 2001:123:ab:ccc::/64 lookup 4 20000: from 2607:f2c0:a000:13d:3c09:c77f:a0bd:cf6b lookup DSL 20000: from 2001:123:aa:ccc::2 lookup 4 32765: from all lookup balance 32767: from all lookup default 4200000000: from 2002:aaaa:bbbb::1/60 iif br-lan unreachable 4200000000: from 2001:123:ab:cc::1/64 iif br-lan unreachable 4200000000: from 2607:aaa:bbb:cccc::/64:1/60 iif br-lan unreachable 4200000001: from all iif lo failed_policy 4200000001: from all iif lo failed_policy 4200000040: from all iif br-guest failed_policy 4200000040: from all iif br-guest failed_policy 4200000042: from all iif br-lan failed_policy 4200000042: from all iif br-lan failed_policy 4200000045: from all iif eth0.2 failed_policy 4200000045: from all iif eth0.2 failed_policy 4200000046: from all iif pppoe-wan1 failed_policy 4200000046: from all iif pppoe-wan1 failed_policy 4200000046: from all iif pppoe-wan1 failed_policy 4200000046: from all iif pppoe-wan1 failed_policy 4200000049: from all iif 6to4-cableco failed_policy 4200000049: from all iif 6to4-cableco failed_policy 4200000050: from all iif 6in4-henet failed_policy 4200000050: from all iif 6in4-henet failed_policy # ip -6 route ls table main default from 2001:123:aa:ccc::/64 dev 6in4-henet proto static metric 1024 default from 2001:123:ab:ccc::/64 dev 6in4-henet proto static metric 1024 default from 2002:aaaa:bbbb::/48 via ::192.8.9.1 dev 6to4-cableco proto static metric 1024 default from 2002::/16 via ::192.8.9.1 dev 6to4-cableco proto static metric 1024 ... # ip -6 route ls table balance default via 2001:123:aa:ccc::1 dev 6in4-henet metric 1024 # ip -6 route ls table default # I'm guessing since balance is provided for all routes, they just remain in the main routing table instead of being put into either balance or default? On the subject of preferring an IPv6 provider, is there really any way that can work given that all providers are given to hosts in the LAN by way of RAs and it's the clients that choose provider with source address selection. To truly have provider selection/preference at the shorewall router wouldn't we need ip6tables NAT there to rewrite the source address that the LAN host selected? Or is there another way to do provider preference that is less of a hack? Cheers, b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
