[Firewall] IPv6 track table problem

Lonnie Abelbeck lists at lonnie.abelbeck.com
Mon Jul 18 02:06:33 CEST 2011


Joshua,

Are you enabling the IPv6-over-IPv4 plugin?  When enabled that will open IP proto 41 all the time. (set IPV6_OVER_IPV4_SERVER="192.87.102.107" if appropriate)

For what it is worth, I have a Hurricane Electric (tunnelbroker.net) tunnel with a local public static IPv4 address, and it works flawlessly.

IPv6 Eye Chart — RIPE Network Coordination Centre
http://ipv6eyechart.ripe.net/

Lonnie



On Jul 17, 2011, at 2:24 PM, Joshua (TheYOSH) Rubingh wrote:

> Hi All,
> 
> I am not sure if this is asked before... But I have a problem that is described on the page:
> https://www.sixxs.net/faq/connectivity/?faq=conntracking
> 
> In summary, my IPv6 tunnel broker can't ping me on IPv6 address when I have no outgoing IPv6 traffic. When I have some outgoing traffic, like a continuous ping, my tunnel broker can ping me.
> 
> I have tried the iptables commands on the FAQ page of sixxs but no success.
> What information is needed to get this solved? I can send the complete config file of the firewall.
> 
> Some logging of the blocked ping actions:
> [ 8410.383381] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8470.805816] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8529.674875] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8628.073487] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=92 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8632.020586] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=92 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8819.357697] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8823.156293] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 8826.210449] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 9302.407483] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 9305.417173] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 9308.429094] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 9311.434425] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> [ 9314.450550] AIF:Other connect: IN=eth0 OUT= MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
> 
> Kind regards,
> Joshua
> 
> 
> -- 
> I am a Junkie on the Internet
>  But I am not an InternetJunkie
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list