Hello Matt,
On Wed, May 19, 2021, at 1:17 PM, Matt Darfeuille wrote:
> > sysctl -a | grep ipv6 | grep "\.forwarding"
> > net.ipv6.conf.all.forwarding = 1
> > net.ipv6.conf.default.forwarding = 1
> > net.ipv6.conf.enp2s0.forwarding = 1
> > net.ipv6.conf.enp3s0.forwarding = 1
> > net.ipv6.conf.lo.forwarding = 1
> >
>
> Did you set it via Shorewall, if no,, please ensure that IP_FORWARDING
> is set to keep/yes in shorewall[6].conf
I have it set with
grep -i forwarding /etc/sysctl.d/90-override.conf
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.all.forwarding = 1
in Shorewall lib.private I have
setup_sysctls() {
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 0 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
}
and in shorewall6.conf
IP_FORWARDING=Keep
As I understand it this is something that I should be able to setup just in
Shorewall.
But just in case I also posted the question more generally @ stackexchange,
https://unix.stackexchange.com/questions/650410/setting-up-an-ipv6-router-with-two-interfaces-why-is-only-my-configs-lan-n
I've tried a bunch of various route additions. I'm just guessing at it. So
far nothing I did gets me 'out' that last leg.
Thad
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
