[GLLUG] Firewall with multiple IPv6 addresses on multiple interfaces
Chris Bell
chrisbell at chrisbell.org.uk
Mon May 21 16:39:34 UTC 2018
Hello,
I have tried to configure Shorewall6 on Debian to use an allocated IPv6 prefix
for external connections but nearly identical private addresses in the range
fd??:?:?:?::/48 (actually /60) for all internal traffic between local networks.
I have managed to configure multiple addresses on an interface with Debian
Stretch by using the "ip address add" command, and configured radvd on the
firewall according to "man radvd.conf" with
interface name {
list of interface specific options
list of prefix definitions
list of clients (IPv6 addresses) to advertise to
list of route definitions
list of RDNSS definitions
list of DNSSL definitions
list of ABRO definitions
};
but the clients appear to get confused about which prefix to use and do not
respond. Perhaps radvd should be configured to show multiple complete entries
for the same interface, each one giving only the relevant details for a single
IPv6 prefix? There is no suggestion in the manual page that this could work,
and it may not comply with the relevant RFC 6106.
--
Chris Bell
Website http://chrisbell.org.uk
More information about the GLLUG
mailing list