Hello,
shorewall6 seem to have problems duplicating the main routing table. shorewall6
tries to add the fe80::/64 route of every ipv6 configured interface to routing
table 1.
The first route applies but the other ones not.
If i try to add the routes manually to routing table 1 i have to add the first
fe80::/64 route and append not add the other ones.
does not work:
ip -6 route add table 1 fe80::/64 dev vlan42
ip -6 route add table 1 fe80::/64 dev vlan99
works:
ip -6 route add table 1 fe80::/64 dev vlan42
ip -6 route append table 1 fe80::/64 dev vlan99
Configuration files and error message below.
/etc/shorewall6/interfaces
net eth2 detect mss=1280
loc eth0 detect mss=1280
admin vlan42 detect mss=1280
mgmt vlan99 detect mss=1280
/etc/shorewall6/providers:
ISP1 1 1 main sixxs 2001:xxxx:xxxx:1245::1
track,fallback eth0,vlan42,vlan99
ISP2 2 2 main eth2 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:1
track,balance eth0,vlan42,vlan99
/etc/shorewall6/zones
fw firewall
net
loc
admin
mgmt
Used Versions:
Kernel:
3.8.12-1
iptables:
1.4.18
iproute:
20120521-3+b3
shorewall:
4.5.16.1
main routing table contents:
2001:xxxx:xxxx::/64 dev eth2 proto kernel metric 256
2001:xxxx:xxxx:xxxx::/64 dev sixxs proto kernel metric 256
fd00:xxxx:xxxx:xx::/64 dev eth0 proto kernel metric 256
fd00:xxxx:xxxx:xx::/64 dev vlan42 proto kernel metric 256
fd00:xxxx:xxxx:xx::/64 dev vlan99 proto kernel metric 256
fe80::/64 dev eth2 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev vlan42 proto kernel metric 256
fe80::/64 dev vlan99 proto kernel metric 256
fe80::/64 dev sixxs proto kernel metric 256
error message shorewall:
root@xxxx:/etc/shorewall6# shorewall6 check
Checking...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Checking /etc/shorewall6/zones...
Checking /etc/shorewall6/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /etc/shorewall6/policy...
Checking /etc/shorewall6/providers...
Checking /etc/shorewall6/masq...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall6/rules...
Checking /etc/shorewall6/conntrack...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Checking /usr/share/shorewall6/action.Drop for chain Drop...
Checking /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs...
Checking /usr/share/shorewall6/action.Broadcast for chain Broadcast...
Shorewall6 configuration verified
root@xxxx:/etc/shorewall6# shorewall6 restart
Compiling...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Compiling /etc/shorewall6/zones...
Compiling /etc/shorewall6/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /etc/shorewall6/policy...
Compiling /etc/shorewall6/providers...
Compiling /etc/shorewall6/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall6/rules...
Compiling /etc/shorewall6/conntrack...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall6/action.Drop for chain Drop...
Compiling /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs...
Compiling /usr/share/shorewall6/action.Broadcast for chain Broadcast...
Generating Rule Matrix...
Compiling /usr/share/shorewall6/action.Reject for chain Reject...
Creating ip6tables-restore input...
Shorewall configuration compiled to /var/lib/shorewall6/.restart
Restarting Shorewall6....
Initializing...
Adding Providers...
RTNETLINK answers: File exists
ERROR: Command "ip -6 route add table 1 fe80::/64 dev vlan42 proto kernel
metric 256" Failed
Running /sbin/ip6tables-restore...
IPv6 Forwarding Enabled
Terminated
Cheers
Torsten Fichtner
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
