Thomas Schneider <c.mo...@web.de> wrote: > However, now I have a weired issue that apt update fails to access IPv6 > addresses on clients loc (= 10.0.0.0/24) and dmz (=10.1.0.0/24): ... > Fehl http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ unstable/main > isc-dhcp-client amd64 4.3.3-9 > Verbindung mit ftp.tu-chemnitz.de:80 kann nicht aufgebaut werden > (2001:638:911:b0e:134:109:228:1). - connect (101: Das Netzwerk ist nicht > erreichbar) [IP: 2001:638:911:b0e:134:109:228:1 80]
> This makes no sense to me, but it's reproducable. OK, to start with, IPv6 and IPv4 support are completely separate. Shorewall has no effect whatsoever on IPv6 connectivity (which is managed by shorewall6) except for : 1) If you have DISABLE_IPV6 in shorewall.conf set to Yes then it will block IPv6 traffic when you next restart shorewall. This needs to be set to no so that shorewall won't interfere with Ipv6 settings. 2) If you use an IPv6 tunnel then you need appropriate rules to permit the tunnelled traffic. But in terms of IPv6 connectivity, the clients are NOT in 10.0.0.0/24 or 10.1.0.0/24 subnets. Those subnets are IPv4 subnets and are unrelated to IPv6. So now you need to start troubleshooting your IPv6 connectivity. The fact that your system is attempting to connect to an IPv6 address does suggest that it thinks it has connectivity (ie it has more than just a link local (fe80:...) address. So where has it got it's local addressing info from ? ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
