# IPv6 routing table & /proc/sys/net/ipv6/conf/all/forwarding

## wobblytickle

The following just cost me a day of debugging and endless firewall reboots.

Short version: Running "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" seems to blow away my routing table:

This is good:

```

gate ~ # route -n -6

Kernel IPv6 routing table

Destination                    Next Hop                   Flag Met Ref Use If

::1/128                        ::                         Un   0   1     4 lo

2a01:348:ad51:80b:240:63ff:fee8:eab7/128 ::                         Un   0   1     6 lo

2a01:348:ad51:80b::/64         ::                         UAe  256 0     2 ppp0

fe80::240:63ff:fee8:eab7/128   ::                         Un   0   1     0 lo

fe80::240:63ff:fee8:eab7/128   ::                         Un   0   1     0 lo

fe80::a00:20ff:feeb:7b28/128   ::                         Un   0   1     0 lo

fe80::a00:20ff:feeb:7b29/128   ::                         Un   0   1     0 lo

fe80::/64                      ::                         U    256 0     0 eth0

fe80::/64                      ::                         U    256 0     0 eth1

fe80::/64                      ::                         U    256 0     0 eth2

fe80::/64                      ::                         U    256 0     0 ppp0

fe80::/10                      ::                         U    1   0     0 ppp0

fe80::/10                      ::                         U    256 0     0 ppp0

ff00::/8                       ::                         U    256 0     0 eth0

ff00::/8                       ::                         U    256 0     0 eth1

ff00::/8                       ::                         U    256 0     0 eth2

ff00::/8                       ::                         U    256 0     0 ppp0

::/0                           fe80::21f:caff:fe45:f860   UGDAe 1024 0     7 ppp0

::/0                           ::                         !n   -1  1   855 lo

```

Enabling forwarding (as done by, for example, net-firewall fwbuilder) completely blows the table away meaning non-functional IPv6 networking. This is bad and results in a network unreachable message for the likes of ping6:

```

gate firewall # route -n -6

Kernel IPv6 routing table

Destination                    Next Hop                   Flag Met Ref Use If

::1/128                        ::                         Un   0   1     3 lo

2a01:348:ad51:80b::/128        ::                         Un   0   1     0 lo

2a01:348:ad51:80b:240:63ff:fee8:eab7/128 ::                         Un   0   1   234 lo

2a01:348:ad51:80b::/64         ::                         UAe  256 0     7 ppp0

fe80::/128                     ::                         Un   0   1     0 lo

fe80::/128                     ::                         Un   0   1     0 lo

fe80::/128                     ::                         Un   0   1     0 lo

fe80::/128                     ::                         Un   0   1     0 lo

fe80::240:63ff:fee8:eab7/128   ::                         Un   0   1     0 lo

fe80::240:63ff:fee8:eab7/128   ::                         Un   0   1     0 lo

fe80::a00:20ff:feeb:7b28/128   ::                         Un   0   1     0 lo

fe80::a00:20ff:feeb:7b29/128   ::                         Un   0   1     0 lo

fe80::/64                      ::                         U    256 0     0 eth0

fe80::/64                      ::                         U    256 0     0 eth1

fe80::/64                      ::                         U    256 0     0 eth2

fe80::/64                      ::                         U    256 0     0 ppp0

fe80::/10                      ::                         U    1   0     0 ppp0

fe80::/10                      ::                         U    256 0     0 ppp0

ff00::/8                       ::                         U    256 0     0 eth0

ff00::/8                       ::                         U    256 0     0 eth1

ff00::/8                       ::                         U    256 0     0 eth2

ff00::/8                       ::                         U    256 0     0 ppp0

::/0                           ::                         !n   -1  1   547 lo

```

I'm new to IPv6 and this behaviour baffles me. 

Long version: Trying to get IPv6 networking up and running on my DSL account. My provider do IPv6 natively and have assigned to me a /48 which I'm eventually going to migrate to. At the moment the firewall is doing v4 for several hosts behind it NAT'ing the lot behind the public address. I use firewall builder to manage my firewalls and I was using it to build a new v6 policy. I pick up the 4&6 addresses just fine from ppp and things seem hunky dory until I install the firewall policy at which time the above routing change happens. I eventually located the problem to the enabling of forwarding for IPv6. I don't (yet) need the forwarding on IPv6 but am going to need to once I use the /48; 

Does anyone have any ideas?

Anyone seen this one before?

----------

## luispa

Hi, 

I'm also starting with IPv6 and ip6tables, so probably can't help much. What I have noticed is that the default route doesn't change in my case doing "echo 1 > ../forwarding", and I can ping a host in the IPv6 net. However, I can't ping anymore my nexthop on the other side of the tunnel (I'm receiving a /64 through a GRE tunnel). 

I'm using "ip -6 route" and don't see any change. 

Luis

----------

## mrness

If you want your box to act as a IPv6 router, you need to run a router advertisement daemon (radvd) on it. 

I never had this setup on Linux, but I think radvd daemon will enable IPv6 forwarding, no need to do it yourself.

----------

## wobblytickle

 *mrness wrote:*   

> If you want your box to act as a IPv6 router, you need to run a router advertisement daemon (radvd) on it. 
> 
> I never had this setup on Linux, but I think radvd daemon will enable IPv6 forwarding, no need to do it yourself.

 Yeah I know I want to do radvd or dhcpv6 and I'm presuming that my firewall is going to be the route to the /48 with it's ppp0 having the current address. I'll need to have a play but it's annoying in that fwbuilder automatically enables forwarding on the compiled policy which breaks everything. In another forum people have said that my default route's flags look a bit odd so I need to investigate that too.

Cheers,

Steph

----------

## mrness

I don't understand how could this happen. Try to enable IPv6 routing before starting the PPP link and see if ppp0 default route gets created.

----------

## luispa

Forgot to mention that I do have radvd running, and my routes do not dissapear, only this problem with the ping I mention

Luis

----------

