On 06/28/2017 08:42 PM, Sam wrote: > On 06/28/2017 03:38 PM, Sam wrote: >> Howdy, >> >> I'm embarrassed that I have to ask for help as I've been using shorewall >> for 10+ years, but I've wasted a lot of time trying to add IPV6 >> capability to my small home network (mainly for fun). My home net is >> similar to this: http://shorewall.org/XenMyWay.html only I'm using KVM. >> >> ISP is ATT with adsl2 and the nvg510 modem. It normally only supports >> handing out IPV6 addresses via 6rd. The network that is handed out is a >> /60 but by default the modem only adds a single /64 route. Since one can >> get root access on the modem, I've added additional /64 routes. So one >> network goes to my wan interface, and the other to my lan interface. >> >> From the shorewall box, I can use ping6 just fine and I can wget ipv6 >> only web sites as well. I can also ping devices on the lan and the >> interface on the modem. But from my lan I can only get as far as ping >> the eth0 and eth1 interfaces on the shorewall box. Using tcpdump, I can >> see packets going out from eth0 -> eth1 but then there is some weird >> link local address solicitation going on between the modem and eth1. See >> the attached notes.txt where I show all interfaces and shorewall traces >> of a laptop on lan trying to ping cnn.com. You can see the packets going >> out, but on return, the modem doesn't know where to send them. And then >> also attached the configs. >> >> Probably an idiot mistake, but I'm looking forward to seeing what I did >> wrong :) >> >> Regards, >> Samuel Smith >> >> >> ------------------------------------------------------------------------------ >> >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> Shorewall-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > Ok, so I think I've got it working now. Apparently I'm only used to one > type of static routing. Looking at > http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/chapter-configuration-route.html > > > I see "Add an IPv6 route through a gateway" and "Add an IPv6 route > through an interface". > > I'm obviously wanting to go through a gateway, which the right route > syntax would be: > > ip -6 route add 2602:314:b51b:6088::/64 via > 2602:314:b51b:6080:208:a1ff:fe05:bf34 dev br1 > > > And now my route table on the modem is: > > # ip -6 route > 2602:314:b51b:6080::1 via :: dev sit1 proto kernel metric 256 mtu > 1472 advmss 1412 hoplimit 4294967295 > > 2602:314:b51b:6080::/64 dev br1 metric 1024 mtu 1472 advmss 1412 > hoplimit 4294967295 > > 2602:314:b51b:6088::/64 via 2602:314:b51b:6080:208:a1ff:fe05:bf34 dev > br1 metric 1024 mtu 1472 advmss 1412 hoplimit 4294967295 > > 2602:300::/28 dev sit1 metric 1024 mtu 1472 advmss 1412 hoplimit > 4294967295 > > default dev sit1 metric 1024 mtu 1472 advmss 1412 hoplimit 4294967295 > > I guess that is right?? >
Yes -- that looks correct. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
