This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way to use NDP proxy?

Hi everyone

I am currently using Sophos UTM 9.1 and would now like to realize a dual-stack setup. Because I do not manage the whole network infrastructure (hosted at OVH) and the firewall is just virtualized, I am required to use NDP proxy, otherwise my VM's wont be seen from the outside.

Now there are two ways to achieve this:

1) Execute these commands via SSH or some startup script:

sysctl -w net.ipv6.conf.all.proxy_ndp=1

ip -6 neigh add proxy  dev eth0

ip -6 neigh add proxy  dev eth0

2) Compile ndppd (ndppd) and copy the binary to the firewall. Then search some way to start it as a service. Didn't find anyway to include own daemons :/

Now I'm struggling a bit. Method 1 does not sound really clean and it is really annoying to add every IPv6 which gets used via "ip -6 neigh". The "ndppd" service would be much better, but how can I use it?

Is there any folder where I can put startup scripts? Anyway to run ndppd as a daemon? Or does any direct solution from Sophos exist? Thanks in advance for your answer,

Regards
NeoXiD

This thread was automatically locked due to age.

Parents

0 NeoXiD over 11 years ago

Hi, NeoXiD, and welcome to the User BB!

So, OVH won't give you an IPv6 subnet? What does Sophos Support have to say about addressing your requirement?

Cheers - Bob

Hi BAlfson

Thanks for your reply. OVH gives me a /64 subnet, but there is not any kind of static routing. So that my VMs can be reached from the outside, they have to announce theirself via NDP, which is why I require some sort of ndp proxy.

Regards
NeoXiD
Cancel
Vote Up 0 Vote Down

Cancel
0 Harro Verton over 9 years ago in reply to NeoXiD

Was this issue ever solved / addressed? The way OVH does their networking drives me up the wall! [:'(]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Harro Verton over 9 years ago in reply to NeoXiD

Was this issue ever solved / addressed? The way OVH does their networking drives me up the wall! [:'(]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Harro Verton over 9 years ago in reply to Harro Verton

And in absence of a solution:

Does anyone now if the sysctl and permanent proxy settings are replicated to the slave in an HA setup? And if not, how to achieve that, or how to manually add them to the slave too?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to Harro Verton

To have a command run at any restart, add it to /etc/crontab-static and to /etc/crontab using the @reboot parameter.

To do the same in the Slave, ha_utils ssh, enter the loginuser password, su - and enter the root password.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Harro Verton over 9 years ago in reply to BAlfson

Ok thanks.

In the meantime I've created a new service script in /etc/init.d, with a symlink in /etc/init.d/rc3.d, so I can start and stop it (i.e. add and remove them).

Didn't know ha_utils, I guess I need to read more. Thanks for the tip!
Cancel
Vote Up 0 Vote Down

Cancel