On 03/08/2013 09:47 AM, Tom Eastep wrote: > On 3/8/13 9:23 AM, "Matt Joyce" <[email protected]> wrote: > >> I believe this may be caused by the command being generated with the src >> <addr> argument I'm not certain this is supported for IPv6 as I have in >> the past tried to manually add a route and found it would not work >> unless that argument was eliminated. It could have something to do with >> the address selection algorithms in IPv6 which are I think different as >> IPv6 was written from the beginning with multiple addresses per >> interface in mind plus the added factors introduced by address scoping. >> I just checked the iproute2 manual though and there is nothing in man >> ip-route's description of the src attribute to suggest that it's IPv4 >> only so it's possible that iproute2 has a bug, then a lot of things I >> guess are possible here given iproute2 is itself more of a frontend >> could be an issue with the underlying netlink or kernel routing code >> too. Something doesn't like src for ip6 routes anyway. >> >> Either shorewall shouldn't be generating IPv6 routes with src or >> iproute2 should be accepting them but I am really not sure which is the >> case, likely shorewall may have to work around it for a while even if it >> is an iproute2 issue as I can see it being a while before one can bank >> on the support being operational. > > root@gateway:~# fgrep 'route add' /var/lib/shorewall6/firewall > run_ip route add default scope global table $2 $1 > run_ip route add default dev sit2 table 4 > run_ip route add default dev sit1 table 5 > run_ip route add default table 253 dev sit1 metric 5 > qt $IP -6 route add ::192.88.99.1 src $SW_SIT3_ADDRESS dev sit3 > run_ip route add ::192.88.99.1 src $SW_SIT3_ADDRESS dev sit3 table 6 > run_ip route add default via ::192.88.99.1 src $SW_SIT3_ADDRESS dev sit3 > table 6 > run_ip route add default via ::192.88.99.1 src $SW_SIT3_ADDRESS dev sit3 > table 253 metric 6 > run_ip route add default scope global table 250 $DEFAULT_ROUTE > error_message "WARNING: No Default route added (all 'balance' > providers are down)" > root@gateway:~# ip -V > ip utility, iproute2-ss100519 > root@gateway:~# uname -a > Linux gateway 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64 > GNU/Linux > root@gateway:~#
I should have mentioned that Shorewall expects iproute2 to handle 'src' which it is in my case. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
