Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 9835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way to use NDP proxy?

NeoXiD
Hi everyone

I am currently using Sophos UTM 9.1 and would now like to realize a dual-stack setup. Because I do not manage the whole network infrastructure (hosted at OVH) and the firewall is just virtualized, I am required to use NDP proxy, otherwise my VM's wont be seen from the outside.

Now there are two ways to achieve this:

1) Execute these commands via SSH or some startup script: 
sysctl -w net.ipv6.conf.all.proxy_ndp=1

ip -6 neigh add proxy  dev eth0

ip -6 neigh add proxy  dev eth0


2) Compile ndppd (ndppd) and copy the binary to the firewall. Then search some way to start it as a service. Didn't find anyway to include own daemons :/

Now I'm struggling a bit. Method 1 does not sound really clean and it is really annoying to add every IPv6 which gets used via "ip -6 neigh". The "ndppd" service would be much better, but how can I use it?

Is there any folder where I can put startup scripts? Anyway to run ndppd as a daemon? Or does any direct solution from Sophos exist? Thanks in advance for your answer,

Regards
NeoXiD


This thread was automatically locked due to age.
Parents
  • 0
    Hi, NeoXiD, and welcome to the User BB!

    So, OVH won't give you an IPv6 subnet?  What does Sophos Support have to say about addressing your requirement?

    Cheers - Bob


    Hi BAlfson

    Thanks for your reply. OVH gives me a /64 subnet, but there is not any kind of static routing. So that my VMs can be reached from the outside, they have to announce theirself via NDP, which is why I require some sort of ndp proxy.

    Regards
    NeoXiD
  • 0 in reply to NeoXiD

    Was this issue ever solved / addressed? The way OVH does their networking drives me up the wall! [:'(]

  • 0 in reply to Harro Verton

    And in absence of a solution:


    Does anyone now if the sysctl and permanent proxy settings are replicated to the slave in an HA setup? And if not, how to achieve that, or how to manually add them to the slave too?

  • 0 in reply to Harro Verton

    To have a command run at any restart, add it to /etc/crontab-static and to /etc/crontab using the @reboot parameter.

    To do the same in the Slave, ha_utils ssh, enter the loginuser password, su - and enter the root password.

    Cheers - Bob

  • 0 in reply to BAlfson

    Ok thanks.

    In the meantime I've created a new service script in /etc/init.d, with a symlink in /etc/init.d/rc3.d, so I can start and stop it (i.e. add and remove them).

    Didn't know ha_utils, I guess I need to read more. Thanks for the tip!

Reply Children
No Data