Received: from out.smtp-auth.no-ip.com (smtp-auth.no-ip.com [8.23.224.60]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 1F3E6781055 for <~alpine/users@lists.alpinelinux.org>; Mon, 11 Jul 2022 03:45:36 +0000 (UTC) X-No-IP: flyn.org@noip-smtp X-Report-Spam-To: abuse@no-ip.com Received: from www.flyn.org (unknown [137.26.240.243]) (Authenticated sender: flyn.org@noip-smtp) by smtp-auth.no-ip.com (Postfix) with ESMTPA id 4Lh8t60Grpz7qYQ for <~alpine/users@lists.alpinelinux.org>; Mon, 11 Jul 2022 03:45:34 +0000 (UTC) Received: by www.flyn.org (Postfix, from userid 1001) id 326E71EE009B; Sun, 10 Jul 2022 22:45:33 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=flyn.org; s=mail; t=1657511133; bh=5p2eoMR2SgColOArqTkneO/4wEuvoIvPsYeIkB8eHec=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=JYmJuioKu50cN7EMQIha8ELVTVY5/5/OaKnpGsBylUh+tZvMTceAIyKVwmMGTwpp8 UWyU9dKgYPI5oA6ZwRQpD/5VGeKLPu0WYkyad9xz342aFbaESjrHtSu5K39PpkkwMK 4ppwusl28TvfMtE06xlXs5mwL8aLSnt/7Fldd98yKYJRhfGShiBRoC97zhk1oBNSAt cKYJg3MFwSb8h1oWB8TzciPWFKPft5X/g7DxhEdDCIKwSv1fmfJwRkRXQb1+QoATZT yi9x8kD2F5e6g+EIn/xysQ/cs/p09/R2LrtoTHo9Q2BwOrsPVWT2+q/zR4tqHsoGz5 js39r7Hxxy+AjPbs8oFpEnfyMd7WSNN3rnmV9SDYFfCoOzRQFUSTRyZW1FXSjLpm2g 7YPDLBgQ+4pv2u1MBhnHbLqJdbhN0STUQMXwNnCM8HsDDPcHvfnSPz1b0jRoLIZnss 4ThRaiNTm3g79fzZM5ynB1XYSNXRMBB+nxxhVz/pkoXx/NkcOqI Received: from imp.flyn.org (guardian.flyn.org [137.26.240.242]) by www.flyn.org (Postfix) with ESMTPSA id 0C6871EE0036; Sun, 10 Jul 2022 22:45:33 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=flyn.org; s=mail; t=1657511133; bh=5p2eoMR2SgColOArqTkneO/4wEuvoIvPsYeIkB8eHec=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=JYmJuioKu50cN7EMQIha8ELVTVY5/5/OaKnpGsBylUh+tZvMTceAIyKVwmMGTwpp8 UWyU9dKgYPI5oA6ZwRQpD/5VGeKLPu0WYkyad9xz342aFbaESjrHtSu5K39PpkkwMK 4ppwusl28TvfMtE06xlXs5mwL8aLSnt/7Fldd98yKYJRhfGShiBRoC97zhk1oBNSAt cKYJg3MFwSb8h1oWB8TzciPWFKPft5X/g7DxhEdDCIKwSv1fmfJwRkRXQb1+QoATZT yi9x8kD2F5e6g+EIn/xysQ/cs/p09/R2LrtoTHo9Q2BwOrsPVWT2+q/zR4tqHsoGz5 js39r7Hxxy+AjPbs8oFpEnfyMd7WSNN3rnmV9SDYFfCoOzRQFUSTRyZW1FXSjLpm2g 7YPDLBgQ+4pv2u1MBhnHbLqJdbhN0STUQMXwNnCM8HsDDPcHvfnSPz1b0jRoLIZnss 4ThRaiNTm3g79fzZM5ynB1XYSNXRMBB+nxxhVz/pkoXx/NkcOqI Received: by imp.flyn.org (Postfix, from userid 1101) id C7C2B592C00; Sun, 10 Jul 2022 22:45:32 -0500 (CDT) Date: Sun, 10 Jul 2022 22:45:32 -0500 From: "W. Michael Petullo" To: Jakub Jirutka Cc: ~alpine/users@lists.alpinelinux.org Subject: Re: IPv6 firewall blocking router advertisements Message-ID: References: <7a1d4e10-02c8-7e48-9e6f-31979f28ed69@jirutka.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7a1d4e10-02c8-7e48-9e6f-31979f28ed69@jirutka.cz> X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=1.2.5 X-Virus-Scanned: clamav-milter 0.104.2 at herald.flyn.org X-Virus-Status: Clean >> I am trying to configure an Alpine host to use DHCPv6 to obtain an IPv6 >> address. I have performed this task before using OpenWrt and Fedora. >> >> On Alpine, it appears that the IPv6 firewall (ip6tables) prevents router >> advertisements from working. I use "dhclient -6 ..." [...] > do you have IPFORWARD disabled ("no") in /etc/conf.d/ip6tables? See https://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/. Very interesting! After some time spent reading the source code for ifupdown-ng, I elected to remove dhclient and install dhcpcd. The latter can interact with DHCP and DHCPv6 in the same process, and thus ifupdown-ng suddenly does the right thing for IPv6. Using dhclient had required a "post-up" kludge in /etc/network/interfaces. Using dhcpcd seems to simplify things. Back to Jakub's suggestion: I am still investigating, but the router advertisements now work even though the host has forwarding on. I am not sure why this is the case, but I suspect the dhcpcd arrangement is better at getting things setup before the firewall activates. I hope to experiment tomorrow to reach a stronger conclusion. Until then, I would appreciate any input as to why dhcpcd seems to have fixed things without turning off forwarding. -- Mike :wq