I've been debugging a IPv6 problem and just recently realized that Shorewall's
started file
can help:
/usr/sbin/sysctl net.ipv6.fwmark_reflect net.ipv6.conf.all.proxy_ndp
/usr/sbin/sysctl net.ipv6.conf.ccast.proxy_ndp net.ipv6.conf.ccast.accept_ra net.ipv6.conf.ccast.accept_redirects
net.ipv6.conf.ccast.accept_ra_defrtr
/usr/sbin/sysctl net.ipv6.conf.lan4.proxy_ndp net.ipv6.conf.lan4.accept_ra
/usr/sbin/sysctl net.ipv6.conf.wifi.proxy_ndp net.ipv6.conf.wifi.accept_ra
'shoreall start' reports:
Processing /etc/shorewall6/started ...
net.ipv6.fwmark_reflect = 1
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.ccast.proxy_ndp = 0
net.ipv6.conf.ccast.accept_ra = 2
net.ipv6.conf.ccast.accept_redirects = 1
net.ipv6.conf.ccast.accept_ra_defrtr = 1
net.ipv6.conf.lan4.proxy_ndp = 1
net.ipv6.conf.lan4.accept_ra = 0
net.ipv6.conf.wifi.proxy_ndp = 1
net.ipv6.conf.wifi.accept_ra = 0
done.
You could put your restart command in there.
Bill
On 1/11/2019 12:00 AM, Matt Darfeuille wrote:
On 1/10/2019 10:58 PM, C. Cook wrote:
On 1/10/19 8:53 AM, Tom Eastep wrote:
On 1/9/19 3:08 PM, C. Cook wrote:
I got it. I was missing a snat MASQUERADE entry on the WG server.
WireGuard service for my LAN is now fully functional. The VM running WG
server has channels for in from my phone, etc, and out through
AzireVPN. Soon I'll set up another out channel to serve websites and email.
The Spain PoP looks like it's going to be slow.
Glad to hear that you got it sorted,
-Tom
Whenever I restart Shorewall, my WireGuard tunnel goes down. (CentOS 7.6).
Is there a mechanism to restart a service after Shorewall is restarted?
Please see:
http://shorewall.org/shorewall_extension_scripts.htm
-Matt
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
