Torsten Fichtner
2013-Jun-28 09:07 UTC
IPv6 two or more providers, duplicating routing table does not work
Hello, shorewall6 seem to have problems duplicating the main routing table. shorewall6 tries to add the fe80::/64 route of every ipv6 configured interface to routing table 1. The first route applies but the other ones not. If i try to add the routes manually to routing table 1 i have to add the first fe80::/64 route and append not add the other ones. does not work: ip -6 route add table 1 fe80::/64 dev vlan42 ip -6 route add table 1 fe80::/64 dev vlan99 works: ip -6 route add table 1 fe80::/64 dev vlan42 ip -6 route append table 1 fe80::/64 dev vlan99 Configuration files and error message below. /etc/shorewall6/interfaces net eth2 detect mss=1280 loc eth0 detect mss=1280 admin vlan42 detect mss=1280 mgmt vlan99 detect mss=1280 /etc/shorewall6/providers: ISP1 1 1 main sixxs 2001:xxxx:xxxx:1245::1 track,fallback eth0,vlan42,vlan99 ISP2 2 2 main eth2 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:1 track,balance eth0,vlan42,vlan99 /etc/shorewall6/zones fw firewall net loc admin mgmt Used Versions: Kernel: 3.8.12-1 iptables: 1.4.18 iproute: 20120521-3+b3 shorewall: 4.5.16.1 main routing table contents: 2001:xxxx:xxxx::/64 dev eth2 proto kernel metric 256 2001:xxxx:xxxx:xxxx::/64 dev sixxs proto kernel metric 256 fd00:xxxx:xxxx:xx::/64 dev eth0 proto kernel metric 256 fd00:xxxx:xxxx:xx::/64 dev vlan42 proto kernel metric 256 fd00:xxxx:xxxx:xx::/64 dev vlan99 proto kernel metric 256 fe80::/64 dev eth2 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev vlan42 proto kernel metric 256 fe80::/64 dev vlan99 proto kernel metric 256 fe80::/64 dev sixxs proto kernel metric 256 error message shorewall: root@xxxx:/etc/shorewall6# shorewall6 check Checking... Processing /etc/shorewall6/params ... Processing /etc/shorewall6/shorewall6.conf... Loading Modules... Checking /etc/shorewall6/zones... Checking /etc/shorewall6/interfaces... Determining Hosts in Zones... Locating Action Files... Checking /etc/shorewall6/policy... Checking /etc/shorewall6/providers... Checking /etc/shorewall6/masq... Checking MAC Filtration -- Phase 1... Checking /etc/shorewall6/rules... Checking /etc/shorewall6/conntrack... Checking MAC Filtration -- Phase 2... Applying Policies... Checking /usr/share/shorewall6/action.Drop for chain Drop... Checking /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs... Checking /usr/share/shorewall6/action.Broadcast for chain Broadcast... Shorewall6 configuration verified root@xxxx:/etc/shorewall6# shorewall6 restart Compiling... Processing /etc/shorewall6/params ... Processing /etc/shorewall6/shorewall6.conf... Loading Modules... Compiling /etc/shorewall6/zones... Compiling /etc/shorewall6/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /etc/shorewall6/policy... Compiling /etc/shorewall6/providers... Compiling /etc/shorewall6/masq... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall6/rules... Compiling /etc/shorewall6/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall6/action.Drop for chain Drop... Compiling /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs... Compiling /usr/share/shorewall6/action.Broadcast for chain Broadcast... Generating Rule Matrix... Compiling /usr/share/shorewall6/action.Reject for chain Reject... Creating ip6tables-restore input... Shorewall configuration compiled to /var/lib/shorewall6/.restart Restarting Shorewall6.... Initializing... Adding Providers... RTNETLINK answers: File exists ERROR: Command "ip -6 route add table 1 fe80::/64 dev vlan42 proto kernel metric 256" Failed Running /sbin/ip6tables-restore... IPv6 Forwarding Enabled Terminated Cheers Torsten Fichtner ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
Reasonably Related Threads
Wisdom of the Ancients
