# ipv6 forwarding kills ipv6 route table [solved]

## Joker11

My faithfull gentoo box that has operated for years is recieving some attention.

I have fought it to bring it up to date, and learnt a lot in the process of updating gclib, gcc, kernel, and everything else.

It seems to be rather happily working now as a ipv4 nat router again.

My aim it to get IPv6 working with my ISP's native support over pppoe.  I am at the stage where I can ping6 ipv6.google.com after a reboot.

My problem is when I enable forwarding (as shorewall and radvd do) the IPv6 stops working.

I am a bit lost when it comes to route tables, so I am not even sure what I am looking at and I am pretty stumped at the moment.

Added some X for privacy.

acfxlinux etc # route -A inet6

Kernel IPv6 routing table

Destination                    Next Hop                   Flag Met Ref Use If

::1/128                        ::                         Un   0   1     8 lo

2001:44b8:65:4x8:209d:4b5d:f242:c3c2/128 ::                         Un   0   1     8 lo

2001:44b8:65:4x8::/64          ::                         UAe  256 0     3 ppp0

fe80::213:d4ff:fe07:d835/128   ::                         Un   0   1     0 lo

fe80::213:d4ff:fe07:e3eb/128   ::                         Un   0   1     0 lo

fe80::209d:4b5d:f242:c3c2/128  ::                         Un   0   1     0 lo

fe80::/64                      ::                         U    256 0     0 eth2

fe80::/64                      ::                         U    256 0     0 eth0

fe80::/64                      ::                         U    256 0     0 ppp0

fe80::/10                      ::                         U    1   0     0 ppp0

fe80::/10                      ::                         U    256 0     0 ppp0

ff00::/8                       ::                         U    256 0     0 eth2

ff00::/8                       ::                         U    256 0     0 eth0

ff00::/8                       ::                         U    256 0     0 ppp0

::/0                           fe80::20c:86ff:feda:dc1b   UGDAe 1024 0    10 ppp0

::/0                           ::                         !n   -1  1     1 lo

acfxlinux etc # /etc/init.d/radvd start

 * Enabling IPv6 forwarding ...                                                                                         [ ok ]

 * Starting IPv6 Router Advertisement Daemon ...                                                                        [ ok ]

acfxlinux etc # route -A inet6

Kernel IPv6 routing table

Destination                    Next Hop                   Flag Met Ref Use If

::1/128                        ::                         Un   0   1     9 lo

2001:44b8:65:4x8::/128         ::                         Un   0   1     0 lo

2001:44b8:65:4x8:209d:4b5d:f242:c3c2/128 ::                         Un   0   1     8 lo

2001:44b8:65:4x8::/64          ::                         UAe  256 0     3 ppp0

fe80::/128                     ::                         Un   0   1     0 lo

fe80::/128                     ::                         Un   0   1     0 lo

fe80::/128                     ::                         Un   0   1     0 lo

fe80::213:d4ff:fe07:d835/128   ::                         Un   0   1     0 lo

fe80::213:d4ff:fe07:e3eb/128   ::                         Un   0   1     0 lo

fe80::209d:4b5d:f242:c3c2/128  ::                         Un   0   1     3 lo

fe80::/64                      ::                         U    256 0     0 eth2

fe80::/64                      ::                         U    256 0     0 eth0

fe80::/64                      ::                         U    256 0     0 ppp0

fe80::/10                      ::                         U    1   0     0 ppp0

fe80::/10                      ::                         U    256 0     0 ppp0

ff00::/8                       ::                         U    256 0     0 eth2

ff00::/8                       ::                         U    256 0     0 eth0

ff00::/8                       ::                         U    256 0     0 ppp0

::/0                           ::                         !n   -1  1     5 lo

acfxlinux etc # 

Another symptom that is probably related is when the ppp interface is restarted the ipv6 address is lost :S

acfxlinux ~ # ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:203.122.198.2x4  P-t-P:203.16.215.200  Mask:255.255.255.255

          inet6 addr: 2001:44b8:65:4X8:209d:4b5d:f242:c3c2/64 Scope:Global

          inet6 addr: fe80::209d:4b5d:f242:c3c2/10 Scope:Link

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

          RX packets:93829 errors:0 dropped:0 overruns:0 frame:0

          TX packets:113561 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:14731272 (14.0 MiB)  TX bytes:42970468 (40.9 MiB)

acfxlinux ~ # /etc/init.d/net.ppp0 restart

 * Stopping ppp0

 *   Bringing down ppp0

 *     Stopping pppd on ppp0                                                                                            [ ok ]

 * Starting ppp0

 *   Bringing up ppp0

 *     ppp

 *       Running pppd ...

 *       Backgrounding ...

acfxlinux ~ # ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:203.122.198.2x8  P-t-P:203.16.215.200  Mask:255.255.255.255

          inet6 addr: fe80::d9ca:7929:b7f0:cc4/10 Scope:Link

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

          RX packets:83 errors:0 dropped:0 overruns:0 frame:0

          TX packets:316 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:7772 (7.5 KiB)  TX bytes:104334 (101.8 KiB)

I hope someone can help point me in the right direction, most of the information is related to 6to4 tunnels and I have no idea what is requesting the IPv6 address or why it isnt being renewed.

acfxlinux etc # emerge --info

Portage 2.1.9.25 (default/linux/x86/10.0/server, gcc-4.4.4, glibc-2.11.2-r3, 2.6.36-gentoo-r5 i686)

=================================================================

System uname: Linux-2.6.36-gentoo-r5-i686-Intel-R-_Pentium-R-_D_CPU_3.00GHz-with-gentoo-1.12.14

Timestamp of tree: Fri, 28 Jan 2011 03:20:01 +0000

app-shells/bash:     4.1_p9

dev-lang/python:     2.6.6-r1, 3.1.2-r4

dev-util/cmake:      2.8.1-r2

sys-apps/baselayout: 1.12.14-r1

sys-apps/sandbox:    2.4

sys-devel/autoconf:  2.13::<unknown repository>, 2.65-r1

sys-devel/automake:  1.6.3::<unknown repository>, 1.7.9-r1::<unknown repository>, 1.9.6-r2::<unknown repository>, 1.11.1

sys-devel/binutils:  2.20.1-r1

sys-devel/gcc:       4.1.2::<unknown repository>, 4.4.4-r2

sys-devel/gcc-config: 1.4.1

sys-devel/libtool:   2.2.10

sys-devel/make:      3.81-r2

virtual/os-headers:  2.6.30-r1 (sys-kernel/linux-headers)

ACCEPT_KEYWORDS="x86"

ACCEPT_LICENSE="* -@EULA"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-march=i686 -O2 -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-march=i686 -O2 -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"

GENTOO_MIRRORS="http://mirror.internode.on.net/pub/gentoo/ "

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS=""

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://mirror.internode.on.net/gentoo-portage"

USE="ADS X acl ads apache2 berkdb bzip2 cli cracklib crypt cups curl curlwrappers cxx dbus dri fortran gd gdbm gpm iconv ipv6 kerberos ldap modules mudflap mysql ncurses nls nptl nptlonly opengl openmp pam pcre php pppd python qt3support readline session simplexml snmp sql ssl svg swat symlink sysfs tcpd truetype unicode webkit winbind x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

I have unmasked shorewall4 for its ipv6 support, and I understand this isnt supported.Last edited by Joker11 on Thu Feb 10, 2011 10:59 am; edited 1 time in total

----------

## Joker11

Well it pays to read sometimes, althought this didnt get my network working, I am atleast one step closer with my box mostly working.

ip -6 ro add default dev ppp0

 *Quote:*   

> Why does the IPv6 default route and IPv6 address on my PPP interface disappear?
> 
> Linux/BSD will ignore all further ICMPv6 RA messages when IPv6 forwarding is enabled. You will need to manually configure a default route to your PPP interface after it is brought up. You can also assign an address from your DHCPv6 PD lease to your PPP interface if you would like a link address (optional).

 

Now to translate the magical instructions for WIDE DHCPv6 to the gentoo version......  If only it was this easy:

 *Quote:*   

> Configure DHCPv6 PD to obtain a prefix lease. Not all DHCPv6 client support Prefix Delegation. The WIDE DHCPv6 client is known to work. The user manual for Dibbler suggests that it may work, but this hasn't been tested. Example dhcp6c.conf:
> 
> interface ppp0 {
> 
>     send ia-pd 0;
> ...

 

----------

## Joker11

For the next person who follows, trying to setup a dual stack ip4 ip6 setup.  ppp0 is my pppoe interface, and eth0 my lan.

the DHCP client emerged from gentoo isnt co-operative.

I ended up unmasking and using dibbler.

Client.conf:

 *Quote:*   

> log-mode short
> 
> log-level 7
> 
> experimental
> ...

 

This obtains the prefix from the ISP.

this script puts the prefix into radvd.conf and sets up the route tables.

/var/lib/dibbler/mappingprefixadd

 *Quote:*   

> #!/bin/bash
> 
> echo "Prefix $1 to be added"
> 
> PREFIX=$1
> ...

 

/var/lib/dibbler/mappingprefixdel

 *Quote:*   

> echo "Prefix $1 to be deleted."
> 
> PREFIX=$1
> 
> IF="eth0"
> ...

 

Hope this helps someone in the right direction, its a bit of a nasty way of setting it up with no implied suggestion of it working.

One thing I did find out was with all my playing my windows 7 boxes had that many ipv6 addresses they needed a reboot before they started working.

And lastly many thanks to the person who pointed me in the direction of dibbler, and wrote me the mapping scripts, you know who you are  :Smile: 

----------

