On 06/28/2017 03:38 PM, Sam wrote:
Howdy,
I'm embarrassed that I have to ask for help as I've been using shorewall
for 10+ years, but I've wasted a lot of time trying to add IPV6
capability to my small home network (mainly for fun). My home net is
similar to this: http://shorewall.org/XenMyWay.html only I'm using KVM.
ISP is ATT with adsl2 and the nvg510 modem. It normally only supports
handing out IPV6 addresses via 6rd. The network that is handed out is a
/60 but by default the modem only adds a single /64 route. Since one can
get root access on the modem, I've added additional /64 routes. So one
network goes to my wan interface, and the other to my lan interface.
From the shorewall box, I can use ping6 just fine and I can wget ipv6
only web sites as well. I can also ping devices on the lan and the
interface on the modem. But from my lan I can only get as far as ping
the eth0 and eth1 interfaces on the shorewall box. Using tcpdump, I can
see packets going out from eth0 -> eth1 but then there is some weird
link local address solicitation going on between the modem and eth1. See
the attached notes.txt where I show all interfaces and shorewall traces
of a laptop on lan trying to ping cnn.com. You can see the packets going
out, but on return, the modem doesn't know where to send them. And then
also attached the configs.
Probably an idiot mistake, but I'm looking forward to seeing what I did
wrong :)
Regards,
Samuel Smith
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Ok, so I think I've got it working now. Apparently I'm only used to one
type of static routing. Looking at
http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/chapter-configuration-route.html
I see "Add an IPv6 route through a gateway" and "Add an IPv6 route
through an interface".
I'm obviously wanting to go through a gateway, which the right route
syntax would be:
ip -6 route add 2602:314:b51b:6088::/64 via
2602:314:b51b:6080:208:a1ff:fe05:bf34 dev br1
And now my route table on the modem is:
# ip -6 route
2602:314:b51b:6080::1 via :: dev sit1 proto kernel metric 256 mtu
1472 advmss 1412 hoplimit 4294967295
2602:314:b51b:6080::/64 dev br1 metric 1024 mtu 1472 advmss 1412
hoplimit 4294967295
2602:314:b51b:6088::/64 via 2602:314:b51b:6080:208:a1ff:fe05:bf34 dev
br1 metric 1024 mtu 1472 advmss 1412 hoplimit 4294967295
2602:300::/28 dev sit1 metric 1024 mtu 1472 advmss 1412 hoplimit
4294967295
default dev sit1 metric 1024 mtu 1472 advmss 1412 hoplimit 4294967295
I guess that is right??
Regards,
Samuel Smith
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
