[Firewall] IPv6 track table problem

Joshua (TheYOSH) Rubingh theyosh at theyosh.nl
Sun Jul 17 21:24:01 CEST 2011


Hi All,

I am not sure if this is asked before... But I have a problem that is 
described on the page:
https://www.sixxs.net/faq/connectivity/?faq=conntracking

In summary, my IPv6 tunnel broker can't ping me on IPv6 address when I 
have no outgoing IPv6 traffic. When I have some outgoing traffic, like a 
continuous ping, my tunnel broker can ping me.

I have tried the iptables commands on the FAQ page of sixxs but no 
success.
What information is needed to get this solved? I can send the complete 
config file of the firewall.

Some logging of the blocked ping actions:
[ 8410.383381] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8470.805816] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8529.674875] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8628.073487] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=92 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8632.020586] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=92 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8819.357697] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8823.156293] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 8826.210449] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 9302.407483] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 9305.417173] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 9308.429094] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 9311.434425] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
[ 9314.450550] AIF:Other connect: IN=eth0 OUT= 
MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41

Kind regards,
Joshua


-- 
I am a Junkie on the Internet
   But I am not an InternetJunkie


More information about the Firewall mailing list