On Saturday 13 December 2008 15:28, Tom Eastep wrote: > Steven Jan Springl wrote: > > On Saturday 13 December 2008 12:09, Louis Lagendijk wrote: > >> hello Tom, > >> Thanks for your effort on the IPv6 support. I find it amzing how > >> productive you are! > >> > >> I have the rpm versions of 4.3.1 installed > >> > >> I would like to give some feeback on the IPv6 support. So far I have > >> used 6wall, but I am not exactly up to date on IPv6 support in Linux, so > >> please bear with me if I make silly mistakes: > >> > >> 1) The IP_FORWARDING option 4.3.1 is not accepted: > >> WARNING: Unknown configuration option (IP_FORWARDING) ignored : > >> /etc/shorewall6/shorewall6.conf (line 94) > >> > >> 2) On my (Centos5) there are some lines in macro.AllowICMPs that are not > >> accepted. At the end there are a number of lines where protocol > >> icpv6-icmp is used. This protocol is not in the /etc/protocols file, and > >> I could not find any info on it on the internet. The port values seem to > >> suggest that this is normal icmpv6. Comments? > >> > >> 3) /usr/share/shorewall6/modules file is the same as for ipv4. Did you > >> miss to include the ipv6 version? I copied the modules6 file from 6wall > >> info /etc/shorewall6, but that does not work either > >> > >> 4) It does not work for me. It looks as if connection tracking is not > >> supported. Could that be correct? When I set the policy to accept with > >> logging, I see responses to ssh that I use for testing in the logfile > >> > >> best regards, > >> Louis > > > > Lois > > > > 1) This is a known problem. See: > > http://shorewall.svn.sourceforge.net/shorewall/?rev=9015&view=rev > > > > 2) Can you lets us know which lines don't work and any messages produced. > > I don't understand that one at all. The Shorewall-perl compiler converts > those strings into numeric codes which are passed to ip6tables-restore. > > > 3) & 4) Can you provide us with the output of the following command: > > uname -a > > I should point out that those of us actively working on IPv6 support are > running at least 2.6.25 kernels and are running iptables 1.4.1.1. Also, > we're going to have to have more details than "it doesn't work for me". > > -Tom
Tom IPv6 connection tracking requires kernel 2.6.20 or later. I believe Centos5 uses 2.6.18. I have requested the kernel level for confirmation. It might be an idea to add a note to Shorewall6 regarding the required kernel level. Steven. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
