no IPv6 Routers present

no IPv6 Routers present

[Markus Feldmann]

Hi All,

i am working on a combined Firewall, means
2 Firewalls on one Personal Computer.

The first firewall is for my <ppp0> and
the second firewall is for <eth0> if i connect
through my Server to the internet.

However, if i plug off and plug in my network
cable, to change the connection from <eth0> to
<ppp0>, the connection to internet fails.
 From <ppp0> to <eth0> works, but than i can
not switch back because of a unkown connection
error.

<dmesg> prints out:
no IPv6 Router present

Ok maybe this is true. There is no IPv6 Router
in my lan, but why do my Kernel not switch back
to IPv4 ?

How can i correct this ?
I do not want to disable the whole IPv6 kernel/program
options.

Is this a Bug ?

Re: no IPv6 Routers present

[Markus Feldmann]

Forgt to write my specifications:

debian lenny with kernel 2.6.28.7

Regards Markus

Re: no IPv6 Routers present

[Vlad Yasevich]

Markus Feldmann wrote:
> Hi All,
> 
> i am working on a combined Firewall, means
> 2 Firewalls on one Personal Computer.
> 
> The first firewall is for my <ppp0> and
> the second firewall is for <eth0> if i connect
> through my Server to the internet.
> 
> However, if i plug off and plug in my network
> cable, to change the connection from <eth0> to
> <ppp0>, the connection to internet fails.
> From <ppp0> to <eth0> works, but than i can
> not switch back because of a unkown connection
> error.
> 
> <dmesg> prints out:
> no IPv6 Router present
> 

This is just an information message when it's trying to
configure IPv6.

> Ok maybe this is true. There is no IPv6 Router
> in my lan, but why do my Kernel not switch back
> to IPv4 ?

It didn't switch to IPv6 in the first place.  There is not switch.
The two work side-by-side.

If IPv4 is correctly configured it should continue to work.

> 
> How can i correct this ?
> I do not want to disable the whole IPv6 kernel/program
> options.

You can do this now in 2.6.29-rcXXX, but not before.  Also,
my bet is that something other then IPv6 is wrong here.

You need to give more information about your interface configurations,
routes, and any firewall rules.

-vlad

> 
> Is this a Bug ?
> 
> -- 
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: no IPv6 Routers present

[feldmaus]

Vlad Yasevich <vladislav.yasevich <at> hp.com> writes:

> You need to give more information about your interface configurations,
> routes, and any firewall rules.
First of all thank you for your answer,

first i post my specifications if my system works well:
/etc/network/interfaces:
########################################################################
auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

iface dsl-provider inet ppp
    pre-up /sbin/ifconfig eth0 up -arp 0 # line maintained by pppoeconf
    provider dsl-provider
########################################################################

$route -n
########################################################################
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
92.76.224.1     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
########################################################################

iptables -L -n -v -->  <http://nopaste.debianforum.de/19638>
firewall for <ppp0> --> <http://nopaste.debianforum.de/19647>
firewall for <eth0> --> <http://nopaste.debianforum.de/19648>

Both firewall script will be started about:
</etc/network/if-up.d/startfirewall> --> <http://nopaste.debianforum.de/19636>
and stoped:
</etc/network/if-post-down.d/stopfirewall> --> <http://nopaste.debianforum.de/19637>

I hope that is not to much. :-)

I post next time a specification which failed !

In both firewall scripts i use:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o "$DSLIF" -j MASQUERADE

I am not sure whether this could let it fail,
when both script will be executed ?

Regards Markus

Re: no IPv6 Routers present

[feldmaus]

feldmaus <feldmann_markus <at> gmx.de> writes:

> I post next time a specification which failed !

Here it comes:
First my Network will be connected
to my DSL Modem and all goes well --> <http://nopaste.debianforum.de/19660>

Then i pluged off my network cable, started my
server and connected my Client PC to my Server, which
works as a Router at this state my internet connection
fails --> <http://nopaste.debianforum.de/19661>

So i pluged off my cable and shutdown my server
and connected the client PC to the DSL Modem again
and all goes well --> <http://nopaste.debianforum.de/19662>

Any Ideas ?

Regards Markus

Re: no IPv6 Routers present

[feldmaus]

I found the Bug.

There was no rule for my chain <lan-in> and <lan-out>,
because i inserted the rule at the wrong place !
###########################################################
iptables -I lan-in 2 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
iptables -I lan-out 2 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
###########################################################

It should be inserted at line 1.

Regards Markus

Re: no IPv6 Routers present

[feldmaus]

Vlad Yasevich <vladislav.yasevich <at> hp.com> writes:

> You need to give more information about your interface configurations,
> routes, and any firewall rules.
Next Bug, but this one should refer to the kernel i think:
This one works not. --> <http://nopaste.debianforum.de/19665>

But this one works not --> <http://nopaste.debianforum.de/19664>

I worked out the syslog messages and the differences:
In the not working configuration i used <NOARP> for eth0.
I don't know why, but i think it come from ppp0 which
uses it:
########################################################################
iface dsl-provider inet ppp
    pre-up /sbin/ifconfig eth0 up -arp 0 # line maintained by pppoeconf
    provider dsl-provider
########################################################################

I also got some syslog Messages, this are for you:
########################################################################
[  775.402699] host used greatest stack depth: 5672 bytes left
########################################################################

And i ran my <firewalllan> manually, so i got the following:
########################################################################
iptables: Resource temporarily unavailable
iptables: Resource temporarily unavailable
iptables: Too many links
iptables: Resource temporarily unavailable
iptables: Too many links
########################################################################

I think this all comes from NOARP ?

Any Idea ?

Regards Markus

Re: no IPv6 Routers present

[Vlad Yasevich]

feldmaus wrote:
> Vlad Yasevich <vladislav.yasevich <at> hp.com> writes:
> 
>> You need to give more information about your interface configurations,
>> routes, and any firewall rules.
> Next Bug, but this one should refer to the kernel i think:
> This one works not. --> <http://nopaste.debianforum.de/19665>
> 
> But this one works not --> <http://nopaste.debianforum.de/19664>
> 
> I worked out the syslog messages and the differences:
> In the not working configuration i used <NOARP> for eth0.
> I don't know why, but i think it come from ppp0 which
> uses it:
> ########################################################################
> iface dsl-provider inet ppp
>     pre-up /sbin/ifconfig eth0 up -arp 0 # line maintained by pppoeconf
>     provider dsl-provider
> ########################################################################
> 
> I also got some syslog Messages, this are for you:
> ########################################################################
> [  775.402699] host used greatest stack depth: 5672 bytes left
> ########################################################################
> 
> And i ran my <firewalllan> manually, so i got the following:
> ########################################################################
> iptables: Resource temporarily unavailable
> iptables: Resource temporarily unavailable
> iptables: Too many links
> iptables: Resource temporarily unavailable
> iptables: Too many links
> ########################################################################
> 
> I think this all comes from NOARP ?
> 
> Any Idea ?

You can't use NOARP on a normal network interface without some static neighbor
entries.  PPP interfaces do not require ARP since they are point-to-point
and you already know everything about the destination.  For ethernet interfaces,
you need arp to resolve the IP to MAC address mappings.

Get rid of NOARP in you eth0 case, and it should work.

-vlad

> 
> Regards Markus
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: no IPv6 Routers present

[feldmaus]

Vlad Yasevich <vladislav.yasevich <at> hp.com> writes:

> Get rid of NOARP in you eth0 case, and it should work.
> 
It seems to better, but i do not know how the <NOARP> comes from ?

I changed my </etc/network/interfaces> from:
iface dsl-provider inet ppp
    pre-up /sbin/ifconfig eth0 up -arp 0# line maintained by pppoeconf
    provider dsl-provider

to this one:
iface dsl-provider inet ppp
    pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
    provider dsl-provider

Should this the key ?

Regards Markus

Re: no IPv6 Routers present

[Vlad Yasevich]

feldmaus wrote:
> Vlad Yasevich <vladislav.yasevich <at> hp.com> writes:
> 
>> Get rid of NOARP in you eth0 case, and it should work.
>>
> It seems to better, but i do not know how the <NOARP> comes from ?
> 
> I changed my </etc/network/interfaces> from:
> iface dsl-provider inet ppp
>     pre-up /sbin/ifconfig eth0 up -arp 0# line maintained by pppoeconf
>     provider dsl-provider
> 
> to this one:
> iface dsl-provider inet ppp
>     pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
>     provider dsl-provider
> 
> Should this the key ?
> 

Aha...  you probably want to add a

	post-down /sbin/ifconfig eth0 arp

So that the next time you configure eth0, it will be able to
arps again.

-vlad

> Regards Markus
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>