On Jun 3, 2010, at 10:54 PM, James Babiak wrote: > Hey, > > Recently I've been playing around with ipv6 and using he.net's very awesome > and free ipv6 tunnel broker service (just got my Sage certification, > woohoo!). With almost no effort, I was able to manually bring up the he.net > tunnel on my astlinux box, configure my /64 on the lan side, and use radvd to > route the traffic. After a bit more effort, I was even able to tunnel ipv6 > inside my openvpn tunnel to remote client computers (double tunnel). All very > fun and exciting stuff to say the least.
Cool. > But I was curious to see if Astlinux supported any easy and native way of > setting up ipv6 support. I get in the habit of doing things manually and > forget that a lot of the stuff is more easily configurable in the GUI or conf > files. So I did a bit of Googling and found some old message from Kris about > enabling IPV6. It was from a long time ago, and there wasn't much in it, so I > started looking around. I found a relevant rc.conf variable (IPV6=yes) and > saw that it did a few things in the init scripts like loading the ipv6 kernel > module, enabling ipv6 ftp and ssh support, etc. Not a perfect solution, since > I would have to still deal with a lot of things manually, but I enabled it to > cut down on some of the custom work. > > Everything seemed like it was going fine until I changed a firewall rule to > enable openvpn tunnel connections access to eth1. Using the GUI to reload the > firewall, I noticed a red warning that not all rules could be applied. > Curious as to what was causing the issue, I reloaded iptables manually and > saw this: > > http://pastebin.com/cEKT5SqJ > > I removed the IPV6=yes variable from /etc/rc.conf and tried again. All the > warnings disappeared and it reloaded fine (in the GUI as well). > > I did some more searching and messing around and I get those errors > regardless of whether using ipv6 or not. I can't find any init script that > changes anything iptables related based on that variable, but apparently it > does make a big difference. > > Now I am not an iptables/arno firewall guru, so my first question is: are > those warning messages very bad? Will it cause any issues with ipv4 iptables? > I am a bit concerned because according to the arno firewall configuration > file: > > # (EXPERT SETTING!) Enable this if you want to enable IPv6 traffic support > # (and disable IPv4 support). > # > ----------------------------------------------------------------------------- > IPV6_SUPPORT=0 > > It's still set to 0 in the config file like above, but it seems to imply the > loss of ipv4 support if ipv6 is enabled. Yes, with the current version of Arno's firewall, iptables is setup as either only pure IPv4 or pure IPv6, not mixed. So any rules using NAT in IPv6 will show an error. Arno has talked about adding 'mixed' mode, but he has not had the time. If the rc.conf variable IPV6="yes" is set, then Arno's variable IPV6_SUPPORT=1 is automatically set, as you have noticed. Clearly there is work waiting to be done on this front. Lonnie ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
