[Shorewall-users] ipv6-multi-homing

Luke Jordan Mon, 07 May 2018 04:39:08 -0700

Hi,

I wish to have a ipv6-multi-homing with static configuration, nat and
rtrules/mangle. for ipv4 it run without problems with shorewall.


I‘ve set up this in shorewall6 and it's running with one isp without
using providers/rtrules and with default gateway in routing table, but
not with two isp's with providers/rtrules and no default gateway in
routing table.

static configuration with masq is running without problems, but
multi-isp with rtrules/mangle isn't running stable. after a time just
one isp is available. in tcpdump i see either "neighbor solicitation" or
"echo reply", but the reply don't come back to the source. using
proxyndp from shorewall6 has not solved the problem.

the question: what is the solution for this problem?

shorewall:

# shorewall version
5.0.15.6

# shorewall6 version
5.0.15.6

network:

br0: internal network
-> ip: fa12:34:56:a:a:a:a

eth1: isp 1
-> ip: 2a00:23:45:67:a:a:a:a
-> routed subnet: 2a00:23:45:4::/62
-> gateway: 2a00:23:45:1:e228:6dff:abcd:1234

eth2: isp 2
-> ip: 2a01:34:56:e04:a:a:a:a
-> routed subnet: 2a01:34:56:e04:a::/62
-> gateway: 2a01:34:56:e00:e228:6dff:1234:abcd

shorewall6.conf:

IP_FORWARDING=keep
KEEP_RT_TABLES=Yes
USE_DEFAULT_RT=Yes
TC_BITS=8
PROVIDER_BITS=8
PROVIDER_OFFSET=8
MASK_BITS=8

providers:

#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY                 
        OPTIONS         COPY
dsl1    1       256     -               eth1            
2a00:23:45:1:e228:6dff:abcd:1234        track   -
cbl1    2       512     -               eth2            
2a01:34:56:e00:e228:6dff:1234:abcd      track   -

masq:

#INTERFACE      SOURCE                          ADDRESS
eth1            fa12:34:56::/64         2a00:23:45:4:a:a:a:a
eth2            fa12:34:56::/64         2a01:34:56:e04:a:a:a:a

eth1            2a01:34:56:e04:a:a:a:a          2a00:23:45:4:a:a:a:a
eth2            2a00:23:45:4:a:a:a:a            2a01:34:56:e04:a:a:a:a

rtrules:

#SOURCE                         DEST                            PROVIDER        
PRIORITY        MASK
-                               fa12:34:56::/64         main            1000    
        -
lo                              -                               cbl1            
10000           -

br0                             -                               cbl1            
11000           -
br0                             2001:4860:4860::8888            dsl1            
11000           -
br0                             2001:4860:4860::8844            cbl1            
11000           -

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] ipv6-multi-homing

Reply via email to