I have a server that I have set up with 2 interfaces, one which has an IPv4 and IPv6 address (dual stack) connecting to the Internet, the other configured dual-stack to a private LAN. The server is running Shorewall and Shorewall6, configured with minimal restrictions. The server can communicate with the Internet using either IPv6 or IPv4 (check IPv6 by going to ipv6.google.com)


The server runs radvd, and a Windows7 client on the private network gets both an IPv4 and an IPv6 address. The client can access IPv4 websites on the Internet via the server (Shorewall is forwarding packets OK). The client cannot access IPv6 sites on the Internet, despite those same sites being available on the server. The client can ping the server on its IPv6 private interface but not its IPv6 public interface. Traceroute from the client to the external IPv6 address shows the route as far as the private IPv6 address, but fails to get to the public IPv6 address.

Routing looks OK, the client has a default IPv6 route to the Server, and the server has a default static route out through my IPv6 provider.

I conclude from the information above that the server is operating two dual-stack interfaces correctly, and stateless autoconfiguration is working correctly, and while shorewall is forwarding IPv4 across the kernel, shorewall6 is not forwarding anything. The Server is running Debian 5.06, with both Shorewall and Shorewall6 running vers 4.4.11.6

Has anyone experience of getting Shorewall6 to work under these circumstances....What am I doing wrong?

I'm shooting into the dark on this one, because I have yet to play with ipv6. But is the forwarding turned on for IPV6?

cat /proc/sys/net/ipv6/ip_forward "1" ?

/etc/sysctl/net/ipv6/ip_forward "1"

at least thats the location for RedHat based OS?

Not a shot in the dark, I checked this, and yes, they are both set to 1

Many issues, partly based upon using a DHCP address for one of the Interfaces. Changes all addresses to static, and it all worked fine. This was not a Shorewall6 problem, but a problem I caused by odd configurations. When all configs were redone on a fresh build, it worked just like it says on the packet!