Also, please make sure to follow the support guidelines: http://www.shorewall.net/support.htm
Regards, -Roberto On Thu, Oct 22, 2009 at 01:51:46AM +0200, Vincent Danjean wrote: > Package: shorewall6 > Version: 4.4.2-1 > Severity: normal > > Hi, > > I'm trying to setup a router with ipv6. > > I've two ipv6 tunnels (one 6to4 tunnel and one from sixxs). So I tried > to setup shorewall6 with two providers ( http://shorewall.net/MultiISP.html ). > > I ran into a problem at compile-time: > > /etc/shorewall6# make > Shorewall6 isn't started > Compiling... > Shorewall configuration compiled to /var/lib/shorewall6/.restart > Restarting Shorewall6.... > Error: an inet address is expected rather than "dev". > ERROR: Command "ip -6 route replace ::c058:6301 src dev tun6to4 table 1" > Failed > Restoring Shorewall6... > Shorewall6 restored from /var/lib/shorewall6/restore > /sbin/shorewall6: line 604: 15240 Complété $SHOREWALL_SHELL > ${VARDIR}/.restart $debugging restart > /etc/shorewall6# > > Looking into /var/lib/shorewall6/.restart, I found: > # cat /var/lib/shorewall6/.restart | grep -- "route replace" > qt $IP -6 route replace $default_route && \ > run_ip route replace ::c058:6301 src $TUN6TO4_ADDRESS dev tun6to4 > table 1 > run_ip route replace 2a01:XXXX:XXXX:XXXX::1 src $SIXXS_ADDRESS dev > sixxs table 2 > So it seems that $TUN6TO4_ADDRESS is empty. > TUN6TO4_ADDRESS is defined in the detect_configuration function that seems > never called: > # cat /var/lib/shorewall6/.restart | grep -- "detect_configuration" > detect_configuration() > # > > Regards, > Vincent > > PS: if I manually execute the commands in detect_configuration, I get the > correct IP. > If I call this function at the begining of the script (and run it manually), > then > this error disappairs (but I'm not sure this function should always been > invoked) > > PPS: you might want to know that the iproute bug #551937 also prevent Multi > IPv6 ISP > from working. And http://lists.debian.org/debian-devel/2009/10/msg00472.html > show yet another problem (but I do not know yet if the latter is a shorewall6 > bug or not) > > > -- System Information: > Debian Release: squeeze/sid > APT prefers oldstable > APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, > 'stable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.31-trunk-amd64 (SMP w/2 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages shorewall6 depends on: > ii debconf [debconf-2.0] 1.5.27 Debian configuration management > sy > ii iproute 20090324-1 networking and traffic control > too > ii iptables 1.4.4-2 administration tools for packet > fi > ii shorewall 4.4.2-1 Shoreline Firewall, netfilter > conf > > shorewall6 recommends no packages. > > Versions of packages shorewall6 suggests: > ii 2.6.26-19 Linux 2.6.26 image on AMD64 > ii 2.6.30-8 Linux 2.6.30 image on AMD64 > ii 2.6.31~rc6-1~experimental.1~snapshot Linux 2.6.31-rc6 image on AMD64 > ii 2.6.31-1~experimental.2 Linux 2.6.31 for 64-bit PCs > ii 3.81-6 An utility for Directing > compilati > ii 4.4.2-1 documentation for Shoreline > Firewa > > -- debconf information: > shorewall6/major_release: > shorewall6/dont_restart: > shorewall6/invalid_config: > > -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
