Shorewall users - Oct 2010 - Interaction of Shorewall and Shorewall6 with a Teredo relay?

I looked online for documentation about this, but couldn''t find it.

Is anybody else running a Teredo relay, on a firewall that has both
Shorewall and Shorewall6 installed?

I''m running IPv6 at home (thanks to a Hurricane Electric tunnel).

I''m having trouble with external Teredo clients being able to ping my
home IPv6 addresses.  All of these clients can reliably ping
"ipv6.google.com" 100% of the time, so I know it''s not a
fault with
these clients or whatever firewalls of their own that they are behind.

My interfaces, on my firewall box:

eth0 = Local network

eth1 = DSL modem (via PPPOE)

eth2 = IPv4 upstream, cable modem (via DHCP)

ppp0 = IPv4 upstream tunneled over eth1

heipv6 = IPv6 upstream (tunnel to Hurricane Electric)

teredo = Teredo relay

IPv4 pings work great.

IPv6 pings work great.

The Teredo relay is in place to help communicate with Teredo clients.
I''d rather run my own local Teredo relay, instead of use Hurricane
Electric''s, because that way there will be less traffic that needs to
go
over my tunnel to them.  My box already has IPv4 service, so I should be
able to terminate the IPv6 connection locally and send replies over IPv4
with Teredo.  Good idea, or bad idea?

Shorewall6 "net" zone''s interfaces: heipv6, teredo

Shorewall "net" zone''s interfaces: ppp0, eth2, teredo

The "local" zone for both is eth0.

There is another zone, "modem", just so I can get diagnostic access to
the modem''s internal webpage.  This zone isn''t used for any
other traffic.

I''m pretty sure Teredo isn''t being blocked upstream, by either
cable or
DSL.  Doing tcpdump on the "heipv6" tunnel revealed IPv6 ping requests
coming in from the Teredo clients, so I''m seeing the requests OK, they
just never get farther than that.  That leads me to suspect a
routing/Shorewall misconfiguration.

Curious if there''s a best-practices guide to follow for using Teredo
with Shorewall and Shorewall6, as there are for so my other useful
configurations.

Thank you!

Josh



------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev

On 10/16/10 1:34 PM, Josh Lehan wrote:
> I''m pretty sure Teredo isn''t being blocked upstream, by
either cable or
> DSL.  Doing tcpdump on the "heipv6" tunnel revealed IPv6 ping
requests
> coming in from the Teredo clients, so I''m seeing the requests OK,
they
> just never get farther than that.  That leads me to suspect a
> routing/Shorewall misconfiguration.
So ''shorewall clear'' and ''shorwall6 clear''
and see if it works. If it
does, then then start them one at a time and see when it stops working.
If it doesn''t work with both firewalls cleared then you are posting on
the wrong mailing list. If it doesn''t work when you restart one of the
firewalls then look at that firewall''s log to see what it is blocking.
> 
> Curious if there''s a best-practices guide to follow for using
Teredo
> with Shorewall and Shorewall6, as there are for so my other useful
> configurations.
Not that I''m aware of.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev