[Firewall] Some questions regarding IPv6/IPv4 dual stack
gustin at meganerd.ca
Tue Oct 29 10:35:43 CET 2013
I tried it again tonight and it seems to be working. Maybe I just forgot
to re-initialize arnos script. I had a working outbound config so I don't
think it was a routing issue, I suspect that I just needed to actually
apply the updated settings first.
Thanks again for your help,
On Mon, Oct 28, 2013 at 11:44 AM, Gustin Johnson <gustin at meganerd.ca> wrote:
> On Mon, Oct 28, 2013 at 9:50 AM, Lonnie Abelbeck <
> lists at lonnie.abelbeck.com> wrote:
>> Hi Gustin,
>> First, I assume you had a typo and meant:
> Correct, this was a typo. There is no ">" at the end.
>> BTW, "0/0" will work equally well as "::/0"
> Your setup looks very similar to mine, your AIF configuration looks good
>> to me. Try...
>> $ ip6tables -nvL EXT_FORWARD_IN_CHAIN
>> and see if you are getting any 'hits' on your INET_FORWARD_TCP rules.
>> There are some hits, though not many:
> 8 832 ACCEPT icmpv6 he-ipv6 !he-ipv6 ::/0 2001:
>> Question, is the (phony) 2001:1234:b:11c::/64 prefix assigned on one of
>> the AIF box's interfaces or is it "hidden" downstream ? If so you need a
>> static route on the AIF box on how to reach the 2001:1234:b:11c::/64
>> network. Something like:
> I statically assigned an IP from the /64 to the "internal" NIC. This is
> my home and thus is a pretty flat (and reasonably simple) network.
> ip -6 route add 2001:1234:b:11c::1/64 via 2001:1234:b:a::2 dev eth1 metric
>> Do you have a /64 or /48 prefix from your provider ?
>> My guess you have a routing issue, your AIF config looks good at first
>> I will check again, thanks for the tips.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firewall