Joie de courte durée... si j'ai bien récupéré mon préfixe, y'a un problème de routage, car rien ne sort... J'ai loupé quoi ?
La route vers ba0bab à l'air pourant en place :
ip -6 route show
default from 2a01:xxx:d2a:xxx::/56 via fe80::ba0:bab dev dsl0 metric 4096
2a01:xxx:d2a:xxx::/64 dev br-lan metric 1024
unreachable 2a01:xxx:d2a:xxx:/56 dev lo metric 2147483647 error -148
fd63:13cf:cda4::/64 dev br-lan metric 1024
unreachable fd63:13cf:cda4::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.832 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev dsl0 metric 256
fe80::/64 dev wlan0 metric 256
anycast 2a01:cb14:d2a:9400:: dev br-lan metric 0
anycast fd63:13cf:cda4:: dev br-lan metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev eth0.832 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev wlan1 metric 0
anycast fe80:: dev dsl0 metric 0
anycast fe80:: dev wlan0 metric 0
EDIT : un tcpdump plus tard, les deux se répondent continuellement avec des NS et NA sans autre trafic.
21:50:50.476425 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:50:50.498362 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:50:51.495616 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:50:51.518453 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:50:52.519651 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:50:52.548770 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:51:06.358137 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:51:06.388594 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:51:07.367618 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:51:07.408681 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:51:08.391615 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:51:08.418769 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:51:11.420250 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:51:11.448769 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:51:11.639009 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor solicitation, who has fe80::200:1ff:fe00:0, length 32
21:51:12.423614 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
21:51:12.448841 IP6 fe80::ba0:bab > fe80::200:1ff:fe00:0: ICMP6, neighbor advertisement, tgt is fe80::ba0:bab, length 32
21:51:13.447617 IP6 fe80::200:1ff:fe00:0 > ff02::1:ffa0:bab: ICMP6, neighbor solicitation, who has fe80::ba0:bab, length 32
EDIT : Problème résolu ! La config de mon parefeu est aux fraises, je suis obligé de mettre la zone wan pour que ça fonctionne, alors même que l'interface WAN6_DHCP a sa propre zone, comme dans le tuto... J'y comprends rien pour le coup.
EDIT2 : J'ai essayé de réarranger le bouzin mais ça ne fonctionne toujours pas et lors d'un reload, j'ai ces lignes :
Warning: fw3_ipt_rule_append(): Can't find target 'input_wan6_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'output_wan6_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'forwarding_wan6_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan6_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan6_rule'
Je ne comprends pas d'où ça sort. Et je suppose que c'est pour ça que les règles chient dans la colle.
Voici ma conf :
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option input 'DROP'
option forward 'DROP'
option mtu_fix '1'
option network 'WAN_DHCP HENET'
config zone
option name 'wan6'
option output 'ACCEPT'
option forward 'DROP'
option network 'WAN6_DHCP'
option input 'DROP'
config zone
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'tellb'
option name 'SIPLB4'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option src 'wan6'
config rule
option name 'Allow-MLD'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option src 'wan6'
config rule
option name 'Allow-ICMPv6-Forward'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option icmp_type 'echo-reply destination-unreachable echo-request time-exceeded'
option src 'wan6'
option dest '*'
config rule
option name 'Allow-ICMPv6-Input'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'neighbour-advertisement'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'router-solicitation'
list icmp_type 'time-exceeded'
option src 'wan6'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'wan'
option src 'SIPLB4'
config rule
option src 'SIPLB4'
option dest_port '53'
option proto 'tcpudp'
option target 'ACCEPT'
option name 'DNS Livebox'
config rule
option src 'SIPLB4'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
option name 'DHCP Livebox'
config rule
option name 'Allow-DHCP-Renew for Livebox'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option src 'SIPLB4'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan6'
option src 'lan'
EDIT3 :
Je crois avoir enfin résolu le pb pour de bon ! : j'avais oublié de restreindre en v4/v6 chaque zone. Cette fois si je sélectionne wan6, j'ai bien mon préfixe. Par contre les lignes warning n'ont pas disparues.