[GLLUG] Firewall with multiple IPv6 addresses on multiple interfaces

Tim Woodall t at woodall.me.uk
Thu May 24 13:30:11 UTC 2018

On Mon, 21 May 2018, Chris Bell via GLLUG wrote:

> Hello,
> I have tried to configure Shorewall6 on Debian to use an allocated IPv6 prefix
> for external connections but nearly identical private addresses in the range
> fd??:?:?:?::/48 (actually /60) for all internal traffic between local networks.
> I have managed to configure multiple addresses on an interface with Debian
> Stretch by using the "ip address add" command, and configured radvd on the
> firewall according to "man radvd.conf" with
> interface name {
>            list of interface specific options
>            list of prefix definitions
>            list of clients (IPv6 addresses) to advertise to
>            list of route definitions
>            list of RDNSS definitions
>            list of DNSSL definitions
>            list of ABRO definitions
>       };
> but the clients appear to get confused about which prefix to use and do not
> respond. Perhaps radvd should be configured to show multiple complete entries
> for the same interface, each one giving only the relevant details for a single
> IPv6 prefix? There is no suggestion in the manual page that this could work,
> and it may not comply with the relevant RFC 6106.
It's not obvious what your setup is but if clients have both prefixes on
an interface then they might chose either.

They should respond with the same prefix the incoming packet had.

I don't recall the rules for selecting a prefix but I wouldn't be
surprised if globally routed takes precidence.

More information about the GLLUG mailing list