I have a little gateway I bought. It’s pretty neat. It has an Intel(R) Celeron(R) N5100 @ 1.10GHz and 4 Intel NICs.
I’ve set it up with Fedora 41 and I want to use it as my gateway.
Networking looks like this:
root@id0:~# nmcli
enp3s0: connected to enp3s0
"Intel I226-V"
ethernet (igc), 60:BE:B4:09:31:E1, hw, mtu 1500
ip4 default, ip6 default
inet4 192.168.0.128/24
route4 192.168.0.0/24 metric 100
route4 default via 192.168.0.1 metric 100
inet6 2806:261:41a:847d::1/128
inet6 2806:261:41a:847d:aa79:398a:aa6f:e3aa/64
inet6 fe80::bc89:f3f2:bab:2b8b/64
route6 fe80::/64 metric 1024
route6 2806:261:41a:847d::/64 metric 100
route6 2806:261:41a:847d::/64 via fe80::ee5c:68ff:fef8:15a4 metric 105
route6 default via fe80::ee5c:68ff:fef8:15a4 metric 100
route6 2806:261:41a:847d::1/128 metric 100
enp2s0: connected to enp2s0
"Intel I226-V"
ethernet (igc), 60:BE:B4:09:31:E0, hw, mtu 1500
inet4 192.168.10.1/24
route4 192.168.10.0/24 metric 100
inet6 2806:261:41a:847d:80ff:8dde:f5d1:afe8/64
inet6 fe80::6a58:fe98:8428:c117/64
route6 fe80::/64 metric 1024
route6 2806:261:41a:847d::/64 metric 100
lo: connected (externally) to lo
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
inet4 127.0.0.1/8
inet6 ::1/128
route6 default metric 1024
enp4s0: disconnected
"Intel I226-V"
1 connection available
ethernet (igc), 60:BE:B4:09:31:E2, hw, mtu 1500
enp5s0: disconnected
"Intel I226-V"
ethernet (igc), 60:BE:B4:09:31:E3, hw, mtu 1500
DNS configuration:
servers: 127.0.0.1
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
root@id0:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 60:be:b4:09:31:e0 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.10.255 scope global noprefixroute enp2s0
valid_lft forever preferred_lft forever
inet6 2806:261:41a:847d:80ff:8dde:f5d1:afe8/64 scope global dynamic noprefixroute
valid_lft 86079sec preferred_lft 14079sec
inet6 fe80::6a58:fe98:8428:c117/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 60:be:b4:09:31:e1 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.128/24 brd 192.168.0.255 scope global dynamic noprefixroute enp3s0
valid_lft 603sec preferred_lft 603sec
inet6 2806:261:41a:847d::1/128 scope global dynamic noprefixroute
valid_lft 2589578sec preferred_lft 602378sec
inet6 2806:261:41a:847d:aa79:398a:aa6f:e3aa/64 scope global dynamic noprefixroute
valid_lft 2591981sec preferred_lft 604781sec
inet6 fe80::bc89:f3f2:bab:2b8b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 60:be:b4:09:31:e2 brd ff:ff:ff:ff:ff:ff
5: enp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 60:be:b4:09:31:e3 brd ff:ff:ff:ff:ff:ff
root@id0:~# ip -6 route
2806:261:41a:847d::1 dev enp3s0 proto kernel metric 100 pref medium
2806:261:41a:847d::/64 dev enp2s0 proto ra metric 100 pref medium
2806:261:41a:847d::/64 dev enp3s0 proto ra metric 100 pref medium
2806:261:41a:847d::/64 via fe80::ee5c:68ff:fef8:15a4 dev enp3s0 proto ra metric 105 pref medium
fe80::/64 dev enp2s0 proto kernel metric 1024 pref medium
fe80::/64 dev enp3s0 proto kernel metric 1024 pref medium
default via fe80::ee5c:68ff:fef8:15a4 dev enp3s0 proto ra metric 100 pref medium
default dev lo proto ra metric 1024 pref medium
root@id0:~# firewall-cmd --zone=public --list-all
public (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: dhcpv6-client mdns ssh
ports:
protocols: ipv6-icmp
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
root@id0:~# firewall-cmd --zone=trusted --list-all
trusted (active)
target: ACCEPT
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp2s0
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
IPv4 works fine. I just masqueraded the public
zone and added the WAN interface there (enp3s0).
for IPv6, I’ve installed radvd
and configured it as follows:
root@id0:~# cat /etc/radvd.conf
interface enp2s0 {
AdvSendAdvert on;
AdvOtherConfigFlag on;
prefix 2806:261:41a:847d::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
My client (desktop) get’s the IPv6 configuration instantly and is able to ping local-link (it’s default ipv6 gateway) without issue. Yet, it cannot ping anything on the Internet via IPv6.
The networking on my client looks as follows:
root@desktop:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 9c:6b:00:2f:0e:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.10.99/24 brd 192.168.10.255 scope global noprefixroute enp8s0
valid_lft forever preferred_lft forever
inet6 2806:261:41a:847d:9e6b:ff:fe2f:e1e/64 scope global dynamic noprefixroute
valid_lft 86159sec preferred_lft 14159sec
inet6 fe80::9e6b:ff:fe2f:e1e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 36:d1:90:87:7f:37 brd ff:ff:ff:ff:ff:ff permaddr 98:43:fa:23:72:3d
root@desktop:~# ip -6 route
2806:261:41a:847d::/64 dev enp8s0 proto ra metric 100 pref medium
fe80::/64 dev enp8s0 proto kernel metric 1024 pref medium
default via fe80::6a58:fe98:8428:c117 dev enp8s0 proto ra metric 20100 pref medium
root@desktop:~# firewall-cmd --list-all
public (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns ssh
ports: 1024-65535/tcp 1024-65535/udp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I tried debugging this using Gemini 2.0 Experimental Advanced and it gave me some pretty good insights, yet, we weren’t able to figure it out. I wanted to share the session but I don’t seem to be able to.
My next step will be getting rid of NetworkManager and Firewalld and use plain systemd-networkd and nftables.
Let’s see how that goes. Wish me luck and/or suggest anything that comes to mind. I’m happy to try stuff out.