[Firehol-support] router_ra pppoe and firehol ?!

Tamer Higazi th982a at googlemail.com
Mon Jul 13 22:31:25 BST 2015 

Doesn't work :(

Here is the updated script, if I do that before I start the pppoe
connection, the global link address will not appear.
And if I start the pppoe connection, I get the ip but after a time it
disappears.

If you have further ideas, let me now. I'd love to use firehol and
fireqos in future, instead of the self written firewall iptables and
ip6tables script.

Thanks again.


Best, Tamer


Here is my script:

server_tvoip_ports="udp/5070 udp/5080 udp/30000:31000 udp/40000:41000"
client_tvoip_ports="default"

server_voipc_ports="udp/1010 tcp/1010 udp/1012 tcp/1012 tcp/5000:5010
udp/5000:5010"
client_voipc_ports="default"

interface46 lo local
        policy accept
        client all accept

interface46 enp2s0 lnet
        policy accept
        client all accept

interface46 ppp+ inet
         server ipv6error accept
         server ipv6neigh accept
         server icmp accept
         server icmpv6 accept
         server tvoip accept
         client all accept

router46 lnet2inet inface enp2s0 outface ppp+
         masquerade
         server ipv6error accept
         route all accept

router46 inet2lnet inface ppp+ outface enp2s0
         masquerade reverse
         route all accept


Am 13.07.2015 um 07:50 schrieb Phil Whineray:
> Hi Tamer
>
> On Sun, Jul 12, 2015 at 05:38:55PM +0200, Tamer Higazi wrote:
>> Hi people!
>>
>> I have firgured out, that my firewall configuration doesn't work with
>> router advertisement (for ipv6).
>> My current firehol configuration in the section "ppp0" (I guess) need to
>> be modified to accept router advidement for ipv6 DHCP.
>>
>> I fugured that out, that if If I dialin with pppd I get a global ipv6
>> address. But the moment I activate firehol, I am not receiving a ipv6
>> global link address.
>> Can somebody tell me, how to change the firewall that way that it's
>> possible to accomplish this ?!
> Take a look here:
>    http://firehol.org/upgrade/#config-version-6
>
> In particular, towards the bottom there is information called
> "Important ICMP differences" which includes some suggestions
> for services ipv6error, ipv6neigh and ipv6router
>
> Hope that helps
> Phil
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support

More information about the Firehol-support mailing list