On 5/19/2021 7:31 PM, [email protected] wrote:
> Hello Matt,
>
> On Wed, May 19, 2021, at 1:17 PM, Matt Darfeuille wrote:
>>> sysctl -a | grep ipv6 | grep "\.forwarding"
>>> net.ipv6.conf.all.forwarding = 1
>>> net.ipv6.conf.default.forwarding = 1
>>> net.ipv6.conf.enp2s0.forwarding = 1
>>> net.ipv6.conf.enp3s0.forwarding = 1
>>> net.ipv6.conf.lo.forwarding = 1
>>>
>>
>> Did you set it via Shorewall, if no,, please ensure that IP_FORWARDING
>> is set to keep/yes in shorewall[6].conf
>
>
> I have it set with
>
> grep -i forwarding /etc/sysctl.d/90-override.conf
> net.ipv6.conf.all.forwarding = 1
> net.ipv4.conf.all.forwarding = 1
>
> in Shorewall lib.private I have
>
> setup_sysctls() {
> echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
> echo 0 > /proc/sys/net/ipv4/ip_dynaddr
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
> echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
> echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
> echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
> echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
> }
>
> and in shorewall6.conf
>
> IP_FORWARDING=Keep
>
>
> As I understand it this is something that I should be able to setup just in
> Shorewall.
> But just in case I also posted the question more generally @ stackexchange,
>
> https://unix.stackexchange.com/questions/650410/setting-up-an-ipv6-router-with-two-interfaces-why-is-only-my-configs-lan-n
>
> I've tried a bunch of various route additions. I'm just guessing at it. So
> far nothing I did gets me 'out' that last leg.
>
I can't help you with routes but here are some hints:
To ensure that Shorewall is the issue:
$ shorewall6 clear
Is everything working if you disable ('cleared') the firewall?
Does it work if you remove your library file and set IP_FORWARDING=Yes
in shorewall6.conf?
Is traffic allowed from your desktop to the net (policy/rules file)?
In shorewall.conf are ipv6 packets not disabled (looks like it isn't)?
1) https://shorewall.org/SharedConfig.html
HTH.
--
Matt Darfeuille <[email protected]>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
