Op 26-04-13 14:08, James Knott schreef: ...
OK, so they're using a tunnel, not native IPv6. Linux can handle various tunnel types. In addition to installing RADVD, I had to manually add a forwarding rule to /etc/sysconfig/SuSEfirewall2 to forward the subnet to my local network. Here's that line:
FW_FORWARD="2001:x:y:z::/56,2000::/3 \ 2000::/3,2001:x:y:z::/56,tcp,imaps \ 2000::/3,2001:x:y:z::/56,tcp,ssh"
This is line 592 in that file. As shown, it forwards to and from my subnet and also allows only ssh and imaps incoming. I replaced part of my actual address with x:y:z. If you don't want to filter any protocols, delete everything after /56 on the second line. If you want to filter more, just create additional lines as shown. The usual Yast Firewall filters work fine for traffic destined for the firewall/router computer, but not routing IPv6 traffic to your network.
BTW, why are you using dhcp6 for addresses? That's normally not necessary. The router advertises the local network and the computers combine that with their MAC address and/or random number to create a valid IPv6 address.
No, I don't think they are using a tunnel. My prefix starts with 2a02: AFAIK not a tunneled prefix. When I asked the xDSL-router's manufacturer for support how to configure static ipv6-routes they said I could not, but I should use dhcpv6-client. Schematic situation : xDSL-router-----NIC1:router2:NIC2---internal network router2 is a linux-box After investigating found I can automatically assign prefixes to NIC2 of router2. The dhcpv6-client of router2 asks for a IA_PD via NIC1. It then receives a prefix and a prefix-length from the dhcpv6 server, my xDSL-router. A script in router2 then assigns an address to NIC2 in the received prefix-range. radvd should pick this up and announce the prefix of NIC2 via that NIC. Of course there remains the problem how the xDSL-router knows where to route packets for the prefixes it just gave to router2. And why does the xDSL-router only gives a prefix-length of 2, i.e. a /62 prefix. Maybe it's because it's only a SOHO-router (Fritzbox 7390) so it's not configurable ? I should study dhcpv6-server configuration. I'm absolutely not certain but I think routing should not be done by modifying the firewall. The book I studied (IPv6 in Practice) says everyting should be automatic, when configured right. And when the prefix changes, it should propagate automatically. Modifying a firewall can hardly be called automatically. Maybe I misunderstand ? The network is for my home, but it serves also as a testbed for my company's network. Playground/exercise-field ;-) It has a dhcpv4 server, dns-server, mail-server, ... Thanks for your comments. B.T.W. by no means I pretend to know all about ipv6, on the contrary. I just hope someone gives me the final hint so I can have a sound ipv6 inter-network. I still have to learn very much. Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org