Vincent,

I do not have any experience with a configuration like you are
attempting.  Please take your question to the  mailing list
(shorewall-us...@lists.sourceforge.net).  Someone there will
almost certainly be able to help.

My apologies for not being able to offer more assistance.

Regards,

-Roberto

On Thu, Oct 22, 2009 at 01:51:46AM +0200, Vincent Danjean wrote:
> Package: shorewall6
> Version: 4.4.2-1
> Severity: normal
> 
>   Hi,
> 
>   I'm trying to setup a router with ipv6.
> 
>   I've two ipv6 tunnels (one 6to4 tunnel and one from sixxs). So I tried
> to setup shorewall6 with two providers ( http://shorewall.net/MultiISP.html ).
> 
>   I ran into a problem at compile-time:
> 
> /etc/shorewall6# make
> Shorewall6 isn't started
> Compiling...
> Shorewall configuration compiled to /var/lib/shorewall6/.restart
> Restarting Shorewall6....
> Error: an inet address is expected rather than "dev".
>    ERROR: Command "ip -6 route replace ::c058:6301 src dev tun6to4 table 1" 
> Failed
> Restoring Shorewall6...
> Shorewall6 restored from /var/lib/shorewall6/restore
> /sbin/shorewall6: line 604: 15240 Complété              $SHOREWALL_SHELL 
> ${VARDIR}/.restart $debugging restart
> /etc/shorewall6#
> 
> Looking into /var/lib/shorewall6/.restart, I found: 
> # cat /var/lib/shorewall6/.restart | grep -- "route replace"
>                               qt $IP -6 route replace $default_route && \
>           run_ip route replace ::c058:6301 src $TUN6TO4_ADDRESS dev tun6to4 
> table 1 
>           run_ip route replace 2a01:XXXX:XXXX:XXXX::1 src $SIXXS_ADDRESS dev 
> sixxs table 2 
> So it seems that $TUN6TO4_ADDRESS is empty.
> TUN6TO4_ADDRESS is defined in the detect_configuration function that seems 
> never called:
> # cat /var/lib/shorewall6/.restart | grep -- "detect_configuration"
> detect_configuration()
> # 
> 
>   Regards,
>     Vincent
> 
> PS: if I manually execute the commands in detect_configuration, I get the 
> correct IP.
> If I call this function at the begining of the script (and run it manually), 
> then
> this error disappairs (but I'm not sure this function should always been 
> invoked)
> 
> PPS: you might want to know that the iproute bug #551937 also prevent Multi 
> IPv6 ISP
> from working. And http://lists.debian.org/debian-devel/2009/10/msg00472.html
> show yet another problem (but I do not know yet if the latter is a shorewall6
> bug or not)
> 
> 
> -- System Information:
> Debian Release: squeeze/sid
>   APT prefers oldstable
>   APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 
> 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.31-trunk-amd64 (SMP w/2 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages shorewall6 depends on:
> ii  debconf [debconf-2.0]         1.5.27     Debian configuration management 
> sy
> ii  iproute                       20090324-1 networking and traffic control 
> too
> ii  iptables                      1.4.4-2    administration tools for packet 
> fi
> ii  shorewall                     4.4.2-1    Shoreline Firewall, netfilter 
> conf
> 
> shorewall6 recommends no packages.
> 
> Versions of packages shorewall6 suggests:
> ii      2.6.26-19                            Linux 2.6.26 image on AMD64
> ii      2.6.30-8                             Linux 2.6.30 image on AMD64
> ii      2.6.31~rc6-1~experimental.1~snapshot Linux 2.6.31-rc6 image on AMD64
> ii      2.6.31-1~experimental.2              Linux 2.6.31 for 64-bit PCs
> ii      3.81-6                               An utility for Directing 
> compilati
> ii      4.4.2-1                              documentation for Shoreline 
> Firewa
> 
> -- debconf information:
>   shorewall6/major_release:
>   shorewall6/dont_restart:
>   shorewall6/invalid_config:
> 
> 

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature

Reply via email to