dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
35

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf to NetFixer

MVM

to NetFixer

Re: IPv6 floods my router log.

fe80::201:5cff:fe22:c9c1 is my IPv6 gateway.

There are occasionally other entries in the system log not related to IPv6, but the one cited appears at least 160 times every ten minutes in the form of "last message repeated 173 times."

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

NetFixer

Premium Member

said by graysonf:

fe80::201:5cff:fe22:c9c1 is my IPv6 gateway.

There are occasionally other entries in the system log not related to IPv6, but the one cited appears at least 160 times every ten minutes in the form of "last message repeated 173 times."

In that case, I can't imagine why m0n0wall would be logging that message so often. I only see the IPv6 RA messages in my syslog during a reboot or DHCP renewal time frame (and I have debug logging enabled since the DIR655 is a new router that I am currently still evaluating).

Such an intensive logging level may just be normal for IPv6 in m0n0wall if you are using DHCPv6-PD. My D-Link router may also be seeing additional RAs from Comcast's gateway, but just simply ignores them (and doesn't bother to log them) if they are unexpected (and unneeded). If my curiosity were roused enough, I could probably run my DIR655's WAN through a VLAN segment on my Netgear GS108e switch with a monitor port configured so that I could capture packets to/from that interface (but it would be a PITA to physically setup). Does m0n0wall have a built-in packet capture capability? I know that BSD can do it, but I am not sure what resources are available on m0n0wall's implementation.

Hopefully you will get some information from the vendor's support site. You might also try posting your question in this site's »Unix and Linux forum; maybe some of the regulars there have seen something similar.

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

There is no packet capture capability in m0n0wall, at least not in the as delivered product. Anything is possible though if one would go thru the trouble of altering the sources and rebuilding it from scratch.

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude

Premium Member

said by graysonf:

There is no packet capture capability in m0n0wall, at least not in the as delivered product. Anything is possible though if one would go thru the trouble of altering the sources and rebuilding it from scratch.

Have you tried to bring up a shell and see if tcpdump is installed? Eg. tcpdump -i your_int -vvn icmp6

It's totally normal to see an RA say every 1000 seconds (default on IOS retrans time I think). The default reachable time on an RA is 9000 seconds so you will at least see the retrans timer under every 9000 seconds.

This is why I'm thinking it's just some over aggressive debug logging. I'd submit a bug report if you haven't yet.

I'd also suggest everyone read RFC 2461 if you haven't yet, it's a good read!

NetDog
Premium Member
join:2002-03-04
Hollywood, FL

1 recommendation

NetDog

Premium Member

said by whfsdude:

I'd also suggest everyone read RFC 2461 if you haven't yet, it's a good read!

I dont think I have seen RFC and good read in the same sentence before.. and yes I have read that RFC..

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

1 recommendation

graysonf to whfsdude

MVM

to whfsdude
There is no shell or other tools in m0n0wall as delivered. There have been occasional versions with such tools in them to aid in debugging problems, but they are not part of the available to the general public releases.

I have submitted a bug report. But things don't happen instantly there.

As I said, these RAs appear to be coming 160+ times over every ten minute period. I'd like to think m0n0wall wouldn't report them if they weren't actually being sent.