Results 1 to 7 of 7

Thread: IPv6 and Firewall settings

  1. #1

    Default IPv6 and Firewall settings

    Moving to ipv6. I have a router that’s sending out RA messages and the local SUSE interface (eth0) is generating ipv6 addresses locally with the firewall set to Trusted for the interface. All as expected. I can ping with the -6 option external addresses like www.google.com.

    Moving to a custom firewall configuration and rebooting I don’t get any local ipv6 addresses other that the Unicast (I think I have the right term here) address, beginning fe80:.... I can no longer ping external addresses. I presume I need open a service. So far tried dhcpv6-client but no luck.

    To check addresses i have been using:

    Code:
    ip -6 address
    Any ideas or suggestions?

  2. #2

    Default Re: IPv6 and Firewall settings

    Should have added that I am not using DHCPV6 in the configuration so it should all be SLAAC.

  3. #3

    Default Re: IPv6 and Firewall settings

    OK, solved but not sure why. I had IPv4 masquerading set. Would really be interested in why that would mess up SLAAC.

  4. #4

    Default Re: IPv6 and Firewall settings

    Only half solved. I now know that masquerading is messing up SLAAC to obtain my IPv6 address but for various reasons I need to have NAT enabled so incoming VPN connections have access to all of my network. After a bit of digging I found the "Basic Networking" documentation and section 13.7 covers setting up a router which is exactly what I want. My /etc/sysctl.conf now looks like this:
    Code:
    # net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv4.ip_forward = 1
    net.ipv4.conf.all.forwarding = 1  
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.enp0s3.accept_ra = 2
    net.ipv6.conf.enp0s3.autoconf = 0
    But it's still not generating local IPv6 address. Everything else works. Any ideas anyone?

  5. #5
    Join Date
    Oct 2011
    Location
    Germany (Ore Mountains)
    Posts
    427

    Default Re: IPv6 and Firewall settings

    Do you need ipv6 forwarding?
    If not, try
    net.ipv6.conf.all.forwarding=0

  6. #6

    Default Re: IPv6 and Firewall settings

    Thanks for the idea. Yes, had tried that an it still didn't work.

    Tried adding net.ipv6.conf.all.accept_ra = 2 and still no joy.

    Just as a random idea I added another interface and used the default "trusted" non-NATed zone for the new interface. The new interface didn't get an IPv6 generated address. Kind of looks like enabling NAT/Masquerading or any interface kills IPv6 SLAAC!

  7. #7

    Default Re: IPv6 and Firewall settings

    OK. Now actually solved. This is what worked for me:

    net.ipv6.conf.all.forwarding = 0
    net.ipv6.conf.enp0s3.accept_ra = 2
    net.ipv6.conf.enp0s3.autoconf = 1
    autoconf = 1 seems to be needed which is not what the documentation says.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •