Pascal Hambourg wrote at 2010-07-01 06:57 -0500: > green a écrit : > > Debian Squeeze is running on a Soekris net5501 as an internet gateway. > > > > For use with shaping, there is an ip6tables rule like this: > > ip6tables -t mangle -A OUTPUT -j MARK --set-mark 0x4/0xf > > And the same with iptables (ipv4). > > > > radvd is set up to provide ipv6 addresses to LAN clients. > > > > Unfortunately the above ip6tables rule breaks radvd. Nothing different happens > > except clients do not seem to see the advertisements and so get no ipv6 > > address. > > Can you do packet captures on all relevant interfaces/ports and check > whether the router advertisements are actually sent and received ? > > (Regardless of this issue, I would exclude neighbour discovery packets > from any shaping.) (First, I disabled shaping altogether.) Listening with wireshark at a client system. Rule in place: 1. radvd running 2. client connects 3. client sends solicitation to ff02::2 4. no response 5. no advertisements 6. manual rdisc6 solicitations time out (with ipv6 address set manually) No MARK rule: 1. radvd running 2. client connects 3. client sends solicitation to ff02::2 4. server responds with advertisement 5. advertisements continue 6. manual rdisc6 solicitations are successful An advertisement packet: 459 283.294265 fe80::200:24ff:fecc:5cb5 ff02::1 ICMPv6 Router advertisement 0000 00 02 00 01 00 06 00 00 24 cc 5c b5 00 00 86 dd ........$.\..... 0010 60 00 00 00 00 38 3a ff fe 80 00 00 00 00 00 00 `....8:......... 0020 02 00 24 ff fe cc 5c b5 ff 02 00 00 00 00 00 00 ..$...\......... 0030 00 00 00 00 00 00 00 01 86 00 83 3f 40 00 00 3c ...........?@..< 0040 00 00 00 00 00 00 00 00 03 04 40 c0 00 01 51 80 ..........@...Q. 0050 00 00 38 40 00 00 00 00 20 01 04 70 c1 91 00 00 ..8@.... ..p.... 0060 00 00 00 00 00 00 00 00 01 01 00 00 24 cc 5c b5 ............$.\. Shall I run something to capture at the server? Would you like to see some other packets? Shall I use something other than wireshark? Thanks.
Attachment:
signature.asc
Description: Digital signature