Matt,
On Wed, May 19, 2021, at 3:15 PM, Matt Darfeuille wrote:
> To ensure that Shorewall is the issue:
>
> $ shorewall6 clear
>
> Is everything working if you disable ('cleared') the firewall?
If I do that^^ clear, nothing changes. I can ping everywhere, just like
before, EXCEPT from DESKTOP/LAN to the 'NET.
But doesn't that just tell me that Shorewall hasn't been setup properly by me
-- to set the routes, rules, whatever? Not that Shorewall's doing something
wrong?
> Does it work if you remove your library file and set IP_FORWARDING=Yes
> in shorewall6.conf?
No difference; same behavior as before.
> Is traffic allowed from your desktop to the net (policy/rules file)?
I thought it is. Open to finding out I'm wrong.
I have
/interfaces
net EXTIF physical=enp2s0,tcpflags,forward=1,accept_ra=1,nosmurfs
- INTIF physical=enp3s0,tcpflags,forward=1,accept_ra=1
/hosts
lan INTIF:[fd81:17:15::]/116
lan2 INTIF:[2600:yyyy:yyyy:yyyy::]/64
/zones
fw firewall
net ipv6
lan ipv6
lan2 ipv6
/policy
$FW $FW ACCEPT err
$FW all+ ACCEPT err
lan lan ACCEPT err
lan lan2 ACCEPT err
lan net ACCEPT err
lan $FW ACCEPT err
lan2 lan2 ACCEPT err
lan2 lan ACCEPT err
lan2 net ACCEPT err
lan2 $FW ACCEPT err
net all DROP debug
all all REJECT debug
where,
ip -6 addr show enp3s0
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2600:yyyy:yyyy:yyyy::1/64 scope global dynamic
noprefixroute
valid_lft 2876sec preferred_lft 2876sec
inet6 fd81:17:15::128/116 scope global
valid_lft forever preferred_lft forever
inet6 fe80::e310:84ed:bda1:a331/64 scope link
valid_lft forever preferred_lft forever
> In shorewall.conf are ipv6 packets not disabled (looks like it isn't)?
Sorry I don't understand this one. What setting am I looking for?
Thad
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
