[Firewall] Some questions regarding IPv6/IPv4 dual stack
lists at lonnie.abelbeck.com
Mon Oct 28 16:50:17 CET 2013
First, I assume you had a typo and meant:
BTW, "0/0" will work equally well as "::/0"
Your setup looks very similar to mine, your AIF configuration looks good to me. Try...
$ ip6tables -nvL EXT_FORWARD_IN_CHAIN
and see if you are getting any 'hits' on your INET_FORWARD_TCP rules.
Question, is the (phony) 2001:1234:b:11c::/64 prefix assigned on one of the AIF box's interfaces or is it "hidden" downstream ? If so you need a static route on the AIF box on how to reach the 2001:1234:b:11c::/64 network. Something like:
ip -6 route add 2001:1234:b:11c::1/64 via 2001:1234:b:a::2 dev eth1 metric 1
Do you have a /64 or /48 prefix from your provider ?
My guess you have a routing issue, your AIF config looks good at first blush.
On Oct 27, 2013, at 5:23 PM, Gustin Johnson wrote:
> I now have an IPv6 tunnel and I am able to connect out from LAN computers via IPv6. The problem is the return path. I would to allow ssh and https to a couple of hosts as well as ICMP (protocol 58 for IPv6) for the entire subnet.
> What I have done so far is to put entries in INET_FORWARD_TCP and INET_FORWARD_IP. I have put some examples below (with example IPs, not my actual ones) because I can't seem to figure out why it is not working. Any help with the syntax would be appreciated.
> I also have my tunnel interface listed in the EXT_IF (this was needed to get outbound access, which makes sense). I also have radvd configured and seemingly working correctly.
More information about the Firewall