Hello, I may be totally off base here but... On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote: > hello, > i met a problem in configuratiion of ipv6 gw in my box > i install centos 6.3 (64 bit) on my boxs, which have four netcard. > i use a straight-through cable to connect centosv0:netcard-2 and > centosv1:netcard2 > the topology is this: > client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <---> > centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2 > 32) > 1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64 > 1:2:3::5/64 1:2:3:5::1/64 > 1:2:3:5::2/64 Surely, I hope you jest with those numbers. You are not allowed to pick numbers out of the air and just use them, even if it's for private use. There are specific blocks of addresses for specific uses and assigned "scopes" and all the "private use" addresses are in blocks very high up in the address space beginning with fc or fd. If those are literally the addresses you used, they will not work and I would expect them to give you all sorts of grief at some point or another. > what i want to do is set default gw on centosv0 to centosv1 I take it "centosv0" and "centosv1" are configured for ipv6 forwarding? You didn't provide the information on that. There are some gotcha's in there with default routing on a router (basically there is no such thing) and the router needs to be set up properly for both routing and its routes. But I don't think that's your problem you're describing down below. > i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this > DEVICE="eth2" > BOOTPROTO=static > HWADDR="60:A4:4C:23:2F:6F" > NM_CONTROLLED="yes" > ONBOOT="yes" > TYPE="Ethernet" > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf" > IPV6INIT=yes > IPV6ADDR=1:2:3::4 ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128). > IPV6_DEFAULTGW=1:2:3::5 ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network (/128) > and i also configure /etc/sysconfig/network to this: > NETWORKING=yes > HOSTNAME=centosv0 > NETWORKING_IPV6=yes > IPV6_AUTOCONF=no For forwarding... In that file you're also going to need: IPV6FORWARDING=yes You may also need to add lines to /etc/sysctl.conf (I've needed in the past on Fedora): net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 But those aren't your problem with this... > but i met an error: > Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error I'm not totally sure if this is because you didn't specify a prefix length on your IPV6ADDR line or the fact that it then conflicted with your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it was because you choose and illegal IPv6 prefix or if it was a combination of all of them. The "WARN: [ipv6_add_route] Unknown error" makes me suspicious because your default gatway conflicts with your interface network definition (because you didn't specify the prefix size and it defaulted to /128) and the kernel has no way to route it out any interface. IAC... You won't be able to use a default route on a router anyways (more below). > i do not know how why,and can some one gives me some suggestion? > thanks a lot. If those were literally the addresses you used, It may be an address that's in an illegal scope. IPv6 does not behave quite like IPv4 does and you need to know what some of these blocks of addresses do and what their scope is. "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there are recommended procedures for assigning subnets out of them and choosing network prefixes... http://www.ietf.org/rfc/rfc4193.txt Those may be routed between your machines but may not be routed on the global net either as a source or destination address. Your machines should also be given "link local" addresses which are valid only on that network segment. They're in the fe80::/64 prefix. Global addresses are in the 2000::/3 block. If you are using a Linux system as an IPv6 router, the kernel is going to disable the default route (::/0), preventing non-global addresses from routing. You'll have to add appropriate routes for all your "local" (fc00::/7) subnets and also provide a global unicast default route using 2000::/3 on the routers. Don't try to do your setup above with the two routers pointing default routes at each other. Point specific static routes for each subnet behind each respective opposite router. Wikipedia has a rundown on the various address blocks and formats: http://en.wikipedia.org/wiki/IPv6_address Local addresses in particular are described here: http://en.wikipedia.org/wiki/Unique_local_address Anything in 1::/16 (if that's what you're doing) is going to be illegal afaik as it's not in an assigned block and scope. It should reject it as being unroutable or having a non-valid scope. Certain addresses below 2000::/3 are used for compatibility purposes. ::a.b.c.d use to be an IPv4 compatibility address but is largely deprecated. ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications running in a dual stack environment where they see IPv4 addresses as IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are for internal use and are seriously hands off. You can not treat IPv6 arbitrarily as if it were IPv4 with fat addresses. If you need to learn more about IPv6 and how it works, you probably might want to start looking at Hurricane Electric aka Tunnelbroker.net, http://www.tunnelbroker.net . They have some very good IPv6 interactive tutorials there for free and are very quick for the basic stuff. The first few exercise could be very helpful to you. If you follow it all the way through, you will find yourself learning how to set up DNS properly for IPv6 and registering your own IPv6 glue records with your registrars. Now, if I'm off base here and you were merely obfuscating your real addresses, I would recommend obfuscating them with fc00: instead of 1: and those would be valid example addresses. You could use fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on what you really should chose (generally a random number for fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers, you'll need three network prefixes, which I see you have. Generally, you'll want to manipulate that fourth field as your SLA (Site Local Address) which is IPv6 lingo for your subnet address. Replace the leading "1:" in each of those nets with "fdxx:", add your appropriate subnets, add your appropriate prefix lengths to those static address, and add appropriate static routes, and you might get further along the road. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 482 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20130411/d394e961/attachment-0004.sig>