From: Jeff T. <shd...@so...> - 2011-10-22 07:35:38
|
All right, so I have spent the evening upgrading my firewall to Natty, then installing the deb packages for shorewall 4.4.23.3. I've made a few changes in my shorewall config that were needed for the newer versions, and I made your changes to Providers.pm again after my last update, so now both shorewall and shorewall6 are starting without errors and everything seems to be working as expected... except I am still not getting the correct routing of IPv6 traffic. For example... # ping6 2001:470:8388:10::9 does not work # ping6 2001:470:f032:10::9 DOES work Try doing a traceroute6 of each, and you'll see where the packets appear to hop across my tunnels, and always end up on sit2 (2001:470:f032::1). My providers files (under shorewall6): ISP1 1 10 main sit1 2001:470:1f04:262::1 track eth1,eth2,eth3,eth5 ISP2 2 20 main sit2 2001:470:c:316::1 track eth1,eth2,eth3,eth5 My route_rules file: 2001:470:1f04:262::1/64 ::/0 ISP1 11000 2001:470:c:316::1/64 ::/0 ISP2 11001 At this point I've been working on the computer for way too many hours and need to get some sleep, but if you can possibly think of anything else for me to check, I would be very appreciative. Are there any files that should or should not be used under shorewall6 (masq, tc*, or others)? On 10/21/2011 07:49 AM, Tom Eastep wrote: > On Thu, 2011-10-20 at 21:41 -0600, Jeff Taylor wrote: >> Ubuntu Lucid. >> >> I applied the patch to Providers.pm that you gave, and I tried to use >> the Server IPv6 Address provided by HE as the gateway in the providers >> file, but I still getting the same failure when I try to enable the >> providers entries. It should be noted that I don't think I'm actually >> using shorewall-perl on my setup. >> >> Here's my providers file as it sits now: >> ISP1 3 - main sit1 2001:470:1f04:262::1 >> track eth1,eth2,eth3,eth5 >> ISP2 4 - main sit2 2001:470:c:316::1 >> track eth1,eth2,eth3,eth5 >> >> And here's the error I get when I try to restart shorewall6: >> 21:39:59 Adding Providers... >> RTNETLINK answers: No route to host >> ERROR: Command "ip -6 route add default via 2001:470:1f04:262::1 >> src 2001:470:8388::1 dev sit1 table 3" Failed >> >> So... any thoughts as to what I'm doing wrong at this point? > Shorewall 4.4.6 is almost two years old and had not been tried on IPv6. > So it isn't surprising that it doesn't work. If I look at the history of > changes to the Providers module, much of the IPv6 code was added/changed > in April/May of this year. > > I see that Oneiric has 4.4.21 which should work much better for you. > > -Tom > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Cisco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users |