| View previous topic :: View next topic |
| Author |
Message |
wobblytickle
n00b
Joined: 08 Feb 2003
Posts: 26
|
 Posted: Wed Nov 11, 2009 12:27 pm Post subject: IPv6 routing table & /proc/sys/net/ipv6/conf/all/forward |
 |
|
The following just cost me a day of debugging and endless firewall reboots.
Short version: Running "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" seems to blow away my routing table:
This is good:
| Code: |
gate ~ # route -n -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 4 lo
2a01:348:ad51:80b:240:63ff:fee8:eab7/128 :: Un 0 1 6 lo
2a01:348:ad51:80b::/64 :: UAe 256 0 2 ppp0
fe80::240:63ff:fee8:eab7/128 :: Un 0 1 0 lo
fe80::240:63ff:fee8:eab7/128 :: Un 0 1 0 lo
fe80::a00:20ff:feeb:7b28/128 :: Un 0 1 0 lo
fe80::a00:20ff:feeb:7b29/128 :: Un 0 1 0 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 ppp0
fe80::/10 :: U 1 0 0 ppp0
fe80::/10 :: U 256 0 0 ppp0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 ppp0
::/0 fe80::21f:caff:fe45:f860 UGDAe 1024 0 7 ppp0
::/0 :: !n -1 1 855 lo
|
Enabling forwarding (as done by, for example, net-firewall fwbuilder) completely blows the table away meaning non-functional IPv6 networking. This is bad and results in a network unreachable message for the likes of ping6:
| Code: |
gate firewall # route -n -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 3 lo
2a01:348:ad51:80b::/128 :: Un 0 1 0 lo
2a01:348:ad51:80b:240:63ff:fee8:eab7/128 :: Un 0 1 234 lo
2a01:348:ad51:80b::/64 :: UAe 256 0 7 ppp0
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::240:63ff:fee8:eab7/128 :: Un 0 1 0 lo
fe80::240:63ff:fee8:eab7/128 :: Un 0 1 0 lo
fe80::a00:20ff:feeb:7b28/128 :: Un 0 1 0 lo
fe80::a00:20ff:feeb:7b29/128 :: Un 0 1 0 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 ppp0
fe80::/10 :: U 1 0 0 ppp0
fe80::/10 :: U 256 0 0 ppp0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 ppp0
::/0 :: !n -1 1 547 lo
|
I'm new to IPv6 and this behaviour baffles me.
Long version: Trying to get IPv6 networking up and running on my DSL account. My provider do IPv6 natively and have assigned to me a /48 which I'm eventually going to migrate to. At the moment the firewall is doing v4 for several hosts behind it NAT'ing the lot behind the public address. I use firewall builder to manage my firewalls and I was using it to build a new v6 policy. I pick up the 4&6 addresses just fine from ppp and things seem hunky dory until I install the firewall policy at which time the above routing change happens. I eventually located the problem to the enabling of forwarding for IPv6. I don't (yet) need the forwarding on IPv6 but am going to need to once I use the /48;
Does anyone have any ideas?
Anyone seen this one before? |
|
| Back to top |
|
 |
luispa
Guru
Joined: 17 Mar 2006
Posts: 359
Location: España
|
| Posted: Fri Nov 20, 2009 9:06 pm Post subject: |
|
|
Hi,
I'm also starting with IPv6 and ip6tables, so probably can't help much. What I have noticed is that the default route doesn't change in my case doing "echo 1 > ../forwarding", and I can ping a host in the IPv6 net. However, I can't ping anymore my nexthop on the other side of the tunnel (I'm receiving a /64 through a GRE tunnel).
I'm using "ip -6 route" and don't see any change.
Luis |
|
| Back to top |
|
|
mrness
Retired Dev
Joined: 17 Feb 2004
Posts: 375
Location: bucharest.ro
|
| Posted: Sat Nov 21, 2009 8:55 am Post subject: |
|
|
If you want your box to act as a IPv6 router, you need to run a router advertisement daemon (radvd) on it.
I never had this setup on Linux, but I think radvd daemon will enable IPv6 forwarding, no need to do it yourself. |
|
| Back to top |
|
|
wobblytickle
n00b
Joined: 08 Feb 2003
Posts: 26
|
| Posted: Sat Nov 21, 2009 1:01 pm Post subject: |
|
|
| mrness wrote: | If you want your box to act as a IPv6 router, you need to run a router advertisement daemon (radvd) on it.
I never had this setup on Linux, but I think radvd daemon will enable IPv6 forwarding, no need to do it yourself. |
Yeah I know I want to do radvd or dhcpv6 and I'm presuming that my firewall is going to be the route to the /48 with it's ppp0 having the current address. I'll need to have a play but it's annoying in that fwbuilder automatically enables forwarding on the compiled policy which breaks everything. In another forum people have said that my default route's flags look a bit odd so I need to investigate that too.
Cheers,
Steph |
|
| Back to top |
|
|
mrness
Retired Dev
Joined: 17 Feb 2004
Posts: 375
Location: bucharest.ro
|
| Posted: Sat Nov 21, 2009 2:18 pm Post subject: |
|
|
| I don't understand how could this happen. Try to enable IPv6 routing before starting the PPP link and see if ppp0 default route gets created. |
|
| Back to top |
|
|
luispa
Guru
Joined: 17 Mar 2006
Posts: 359
Location: España
|
| Posted: Sun Nov 22, 2009 8:28 am Post subject: |
|
|
Forgot to mention that I do have radvd running, and my routes do not dissapear, only this problem with the ping I mention
Luis |
|
| Back to top |
|
|
|
Networking & Security
