[leaf-user] IPv6 Problem on Bering 5.0.4

Mon, 16 Jun 2014 12:52:28 -0700 

I am trying to add IPv6 capability to my LAN.  I have successfully 
installed a SixXS IPv4 to IPv6 tunnel (i.e. I can ping6 IPv6 hosts from 
the LEAF command line).  My problem is when I try to ping6 an IPv6 host 
from one of the systems on the LAN I get "Network unreachable".  I 
followed the Bering-uClibc 5.x Users Guide when configuring Shorewall 
and dnsmasq; however, I suspect that is where I have made a mistake. The 
changes I made are shown below. I would appreciate any help in solving 
the problem.

Phil Faris

######################################################################

The only change to my working IP4 dnsmasq was adding:

    dhcp-range=2604:8800:100:2a2::, ra-only

where the value is the subnet prefix assigned by SixSX.

########################################################################

The following modifications were made to shorewall6.conf:

**ZONES**
    #ZONE    TYPE        OPTIONS        IN
    fw         firewall
    loc         ipv6
    net         ipv6

**INTERFACES**
    #ZONE        INTERFACE        OPTIONS
     net                sixxs            -
     loc                 eth1            -

**POLICY**
    #SOURCE    DEST    POLICY        LOG    LIMIT:
     fw    loc    ACCEPT
     loc    net    ACCEPT
     net    all    DROP        NFLOG(4)
     all    all    REJECT        NFLOG(4)

**RULES**
SECTION NEW
#      Accept DNS connections from the firewall to the network
#      and from the local network to the firewall (in case dnsmasq is 
running)
DNS(ACCEPT)   fw          net
DNS(ACCEPT)   loc         fw

#      Accept SSH connections from the local network for administration
#
SSH(ACCEPT)   loc         fw

#      Allow Ping to Firewall
#
Ping(ACCEPT)  net         fw
Ping(ACCEPT)  loc         fw
#
#      Allow all ICMP types (including ping) from firewall
ACCEPT    fw           loc                     icmp
ACCEPT    fw           net                     icmp
#      Allow local network to access weblet/webconf
#
HTTP(ACCEPT)   loc        fw
HTTPS(ACCEPT)   loc        fw
# timeserver (allow syncing with time servers (default: pool.ntp.org))
NTP(ACCEPT)         fw       net
# timeserver (allow LAN clients to sync with the time service on the router)
NTP(ACCEPT)         loc    fw
# IPv6 Tunnel
SixXS(ACCEPT)        fw     net






------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to