thad,
look with tcpdump @ icmp6 traffic across your ext router interface while you
ping6 from your lan; for your setup
tcpdump -n -i enp2s0 icmp6
you'll likely see 'echo request' going out, from your desktop IP address, but
no 'echo reply' returning.
the "net" needs to know to return back to your modem's public-facing address --
not the internal, delegated IP handed out by radvd.
one way around this in SW is to declare an IPv6 SNAT rule.
in /snat,
SNAT(<your router's enp2s0 IP6 address>) <your router's enp3s0 internal
network> <your router's external interface>
trying to follow back through your posts :-/, that should be
SNAT([2600:yyyy:yyyy:zzzz::53]) [2600:yyyy:yyyy:yyyy::]/64 enp2s0
with that, you should now see the 'echo reply'.
the in-place IPv6 routing should take care of the rest, routing the packet back
to your desktop, and ping6 -- and general access -- from the lan should work to
the net.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
