[Firewall] IPv6 track table problem

Joshua (TheYOSH) Rubingh theyosh at theyosh.nl
Sun Jul 24 23:28:32 CEST 2011


Hi Lonnie,

thanks that works a lot better :D. Wasn't aware of that plugin...

Regars,
Joshua

On Sun, 17 Jul 2011 19:06:33 -0500, Lonnie Abelbeck wrote:
> Joshua,
>
> Are you enabling the IPv6-over-IPv4 plugin?  When enabled that will
> open IP proto 41 all the time. (set
> IPV6_OVER_IPV4_SERVER="192.87.102.107" if appropriate)
>
> For what it is worth, I have a Hurricane Electric (tunnelbroker.net)
> tunnel with a local public static IPv4 address, and it works
> flawlessly.
>
> IPv6 Eye Chart — RIPE Network Coordination Centre
> http://ipv6eyechart.ripe.net/
>
> Lonnie
>
>
>
> On Jul 17, 2011, at 2:24 PM, Joshua (TheYOSH) Rubingh wrote:
>
>> Hi All,
>>
>> I am not sure if this is asked before... But I have a problem that 
>> is described on the page:
>> https://www.sixxs.net/faq/connectivity/?faq=conntracking
>>
>> In summary, my IPv6 tunnel broker can't ping me on IPv6 address when 
>> I have no outgoing IPv6 traffic. When I have some outgoing traffic, 
>> like a continuous ping, my tunnel broker can ping me.
>>
>> I have tried the iptables commands on the FAQ page of sixxs but no 
>> success.
>> What information is needed to get this solved? I can send the 
>> complete config file of the firewall.
>>
>> Some logging of the blocked ping actions:
>> [ 8410.383381] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8470.805816] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8529.674875] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=124 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8628.073487] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=92 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8632.020586] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=92 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8819.357697] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8823.156293] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 8826.210449] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 9302.407483] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 9305.417173] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 9308.429094] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 9311.434425] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>> [ 9314.450550] AIF:Other connect: IN=eth0 OUT= 
>> MAC=00:1e:2a:c1:f9:41:00:90:1a:a3:20:dd:08:00 SRC=192.87.102.107 
>> DST=83.98.238.219 LEN=80 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=41
>>
>> Kind regards,
>> Joshua
>>
>>
>> --
>> I am a Junkie on the Internet
>>  But I am not an InternetJunkie
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
> !DSPAM:4e23792444281886221360!

-- 
I am a Junkie on the Internet
   But I am not an InternetJunkie


More information about the Firewall mailing list