From: Undertacker <undertacker@areanetworking.it>
To: netfilter@lists.netfilter.org
Subject: problem with applying a state match rules for ipv6 connections
Date: Thu, 23 Feb 2006 11:11:00 +0100 [thread overview]
Message-ID: <43FD8A34.8090605@areanetworking.it> (raw)
Dear All
I have some problem with applying a state match rules for ipv6 connections.
I’m using a debian unstable with 2.6.16-rc4 kernel.
This is my ipv6 configuration:(/etc/network/interfaces)
auto btexact00
iface btexact00 inet6 v4tunnel
address 2001:618:400:c23b:ffff:ffff:ffff:ffff
netmask 128
gateway fe80::d579:1855
endpoint 213.121.24.85
local 85.88.200.10
ttl 254
ipv6 allocation is 2001:618:400:c23b::/64
for now I’m using only a btexact00 interface for ipv6 output to internet.
there is also a second interface eth1 for LAN distribution of ipv6 support.
It is not long that I’m using a linux ( just about 6 months) so please
forgive me if I done some stupid configuration.
this is my ip6tables configuration:
cat /etc/iptables.conf/ip6tables-roule.conf
# Generated by ip6tables-save v1.3.5 on Thu Feb 23 10:55:57 2006
*filter
:INPUT DROP [188:18904]
:FORWARD DROP [0:0]
:OUTPUT DROP [9:728]
:btexact00_in - [0:0]
:btexact00_out - [0:0]
:eth1_in - [0:0]
:eth1_out - [0:0]
-A INPUT -s ::/0 -d ::/0 -i eth1 -j eth1_in
-A INPUT -s ::/0 -d ::/0 -i btexact00 -j btexact00_in
-A OUTPUT -s ::/0 -d ::/0 -o btexact00 -j btexact00_out
-A OUTPUT -s ::/0 -d ::/0 -o eth1 -j eth1_out
-A btexact00_in -s ::/0 -d ::/0 -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A btexact00_out -s 2001:618:400:c23b:ffff:ffff:ffff:ffff/128 -d ::/0 -j
ACCEPT
COMMIT
# Completed on Thu Feb 23 10:55:57 2006
# Generated by ip6tables-save v1.3.5 on Thu Feb 23 10:55:57 2006
*mangle
:PREROUTING ACCEPT [195:19632]
:INPUT ACCEPT [195:19632]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [195:19784]
:POSTROUTING ACCEPT [186:19056]
COMMIT
# Completed on Thu Feb 23 10:55:57 2006
finaly I came to my question:
for some kind of reason the roule:
-A btexact00_in -s ::/0 -d ::/0 -m state --state RELATED,ESTABLISHED -j
ACCEPT
don’t match that king of traffic.
(if i add this roule after the up one : "-A btexact00_in -s ::/0 -d ::/0
-j LOG" log output all the traffic)
I was tray several times to reconfigure all ip6tables supposing that
this was an configuration problem , but the configuration to me seems ok.
Please can you help me?
Best Regards
Undertacker
P.S.
I’m so sorry for my English, I hope you understand this mail.
next reply other threads:[~2006-02-23 10:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-23 10:11 Undertacker [this message]
2006-02-26 5:17 ` problem with applying a state match rules for ipv6 connections Yasuyuki KOZAKAI
[not found] ` <200602260517.k1Q5HkIF022830@toshiba.co.jp>
2006-02-27 16:45 ` Undertacker
-- strict thread matches above, loose matches on Subject: below --
2006-02-23 14:28 Problem " Undertacker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43FD8A34.8090605@areanetworking.it \
--to=undertacker@areanetworking.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.