On Wed, May 20, 2015 at 02:36:28PM -0700, Rick Stevens wrote: > On 05/20/2015 02:13 PM, Richard W.M. Jones wrote: > >I'm totally baffled by how to get firewalld to forward IPv6 packets. > > > >On my home network, every machine has a public IPv6 address (from > >radvd). My ISP has IPv6. In between is a Fedora machine running > >firewalld, but packets simply do not transition from one network > >interface to the other. > > > >If I ping ipv6.google.com from inside, I can see the packets as far as > >the internal interface on the firewall, but they simply disappear. No > >ICMP rejected messages or anything like that. If I ping an internal > >machine from outside, I can see the packets at the external interface > >of the firewall, but again they disappear into the aether. > > > >I don't even know where to start looking. Any idea what to look for? > > Uhm, try > > $ sudo cat /proc/sys/net/ipv6/conf/all/forwarding > > If it comes back as "0", you don't have IPV6 forwarding enabled. You > could (as root): > > echo "1" >/proc/sys/net/ipv6/conf/all/forwarding > > to enable it off immediately. You could add a rule file in /etc/sysctl.d > to set it for future boots. As root, create a file called > "/etc/sysctl.d/50-ipv6rules.conf" and put the following content in it: > > net.ipv6.conf.all.forwarding = 1 > net.ipv6.conf.default.forwarding = 1 It look as if all relevant forwarding options are enabled. For reference, ppp0 is the external interface, and enp3s0 is the internal LAN. # sysctl -a | grep ipv6.*forward net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.mc_forwarding = 0 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.default.mc_forwarding = 0 net.ipv6.conf.enp0s20u1.forwarding = 1 net.ipv6.conf.enp0s20u1.mc_forwarding = 0 net.ipv6.conf.enp3s0.forwarding = 1 net.ipv6.conf.enp3s0.mc_forwarding = 0 net.ipv6.conf.lo.forwarding = 1 net.ipv6.conf.lo.mc_forwarding = 0 net.ipv6.conf.ppp0.forwarding = 1 net.ipv6.conf.ppp0.mc_forwarding = 0 (mc_forwarding seems to be multicast forwarding, so I assume it's not relevant) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
