[Firehol-support] router_ra pppoe and firehol ?!

Phil Whineray phil at sanewall.org
Tue Jul 21 07:11:23 BST 2015


> My latest results, I can ping out with ipv6 but in the logs are:
> 
> Jul 20 03:26:28 livetool kernel: OUT-inet:IN= OUT=enp6s1
> SRC=fe80:0000:0000:0000:02e0:53ff:fe0c:9d18
> DST=fe80:0000:0000:0000:021d:aaff:fe87:cd28 LEN=72 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0

Here is a list of the ICMPv6 types:

http://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-2

You will see that type 135 is Neighbour Solicitation, and it is going
OUT on enp6s1 which means that interface is missing the line:
  client ipv6neigh accept

> and as I suggest, later ip6 won't work anymore.... (sniff.... i guess).

NS works similarly to ARP in IPv4 and is cached so it will work for a
little while until the value becomes stale and there is no way to refresh
it. You can inspect the tables by running `ip -6 nei`.

Cheers
Phil



More information about the Firehol-support mailing list