|
Hey, Recently I've been playing around with ipv6 and using he.net's very awesome and free ipv6 tunnel broker service (just got my Sage certification, woohoo!). With almost no effort, I was able to manually bring up the he.net tunnel on my astlinux box, configure my /64 on the lan side, and use radvd to route the traffic. After a bit more effort, I was even able to tunnel ipv6 inside my openvpn tunnel to remote client computers (double tunnel). All very fun and exciting stuff to say the least. But I was curious to see if Astlinux supported any easy and native way of setting up ipv6 support. I get in the habit of doing things manually and forget that a lot of the stuff is more easily configurable in the GUI or conf files. So I did a bit of Googling and found some old message from Kris about enabling IPV6. It was from a long time ago, and there wasn't much in it, so I started looking around. I found a relevant rc.conf variable (IPV6=yes) and saw that it did a few things in the init scripts like loading the ipv6 kernel module, enabling ipv6 ftp and ssh support, etc. Not a perfect solution, since I would have to still deal with a lot of things manually, but I enabled it to cut down on some of the custom work. Everything seemed like it was going fine until I changed a firewall rule to enable openvpn tunnel connections access to eth1. Using the GUI to reload the firewall, I noticed a red warning that not all rules could be applied. Curious as to what was causing the issue, I reloaded iptables manually and saw this: http://pastebin.com/cEKT5SqJ I removed the IPV6=yes variable from /etc/rc.conf and tried again. All the warnings disappeared and it reloaded fine (in the GUI as well). I did some more searching and messing around and I get those errors regardless of whether using ipv6 or not. I can't find any init script that changes anything iptables related based on that variable, but apparently it does make a big difference. Now I am not an iptables/arno firewall guru, so my first question is: are those warning messages very bad? Will it cause any issues with ipv4 iptables? I am a bit concerned because according to the arno firewall configuration file: # (EXPERT SETTING!) Enable this if you want to enable IPv6 traffic support # (and disable IPv4 support). # ----------------------------------------------------------------------------- IPV6_SUPPORT=0 It's still set to 0 in the config file like above, but it seems to imply the loss of ipv4 support if ipv6 is enabled. And obviously those errors will in turn cause other errors when trying to reload the firewall from the GUI, which is one of the reasons I am bringing it up here since it seems like that variable being set is breaking other things. I saw some ipv4 over ipv6 firewall plugin, but haven't messed with that yet. Anyone else run into any similar issues getting ipv6 up and running? Also, for future releases, it would be nice to have some added built-in ipv6 functionality (it's coming...). Minor things like setting up a tunnel, enabling radvd, configuring INTV6IP, etc. Not sure if any of this is already there or in the planning stages, but I couldn't find anything other then the one variable to turn on the basics. Thanks. -James |
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
