I have had IPv6 working on my BigV machine, but yesterday I discovered that it wasn’t working anymore. The IPv6 address is configured (it’s defined as static so that’s not too surprising), but there are only routes to the /56, /64 and fe80::/64, but no default route.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback interface auto lo iface lo inet loopback iface lo inet6 loopback # The primary network interface auto eth0 iface eth0 inet static address 126.96.36.199 netmask 255.255.255.0 broadcast 188.8.131.52 gateway 184.108.40.206 iface eth0 inet6 static address 2001:41c8:51:655::85 netmask 64 gateway fe80::1 pre-up /sbin/modprobe ipv6 2>/dev/null || true pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf pre-up echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
(I added the last line yesterday when I found it on https://www.bytemark.co.uk/docs/network/ipv6/).
Most guides say that you should just allow anything ICMPv6 traffic, but I believe that shouldn’t be neccessary with a static configuration, so I have made the following rules:
IP6TABLES="/sbin/ip6tables" $IP6TABLES -P INPUT DROP $IP6TABLES -P OUTPUT DROP $IP6TABLES -P FORWARD DROP $IP6TABLES -F INPUT $IP6TABLES -F OUTPUT $IP6TABLES -F FORWARD $IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IP6TABLES -A INPUT -m state --state INVALID -j DROP $IP6TABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IP6TABLES -A OUTPUT -m state --state INVALID -j DROP # IPv6 depends heavily on ICMPv6 $IP6TABLES -A INPUT -s fe80::0/64 -p icmpv6 -j ACCEPT # - and apparently the replies aren't related? # $IP6TABLES -A OUTPUT -d fe80::0/64 -p icmpv6 -j ACCEPT # - that might not be enough? $IP6TABLES -A OUTPUT -p icmpv6 -j ACCEPT
Shouldn’t that still (as I said it has worked) be enough? What (else) might be wrong?