From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: martin f krafft <madduck@madduck.net>
Cc: netfilter discussion list <netfilter@vger.kernel.org>
Subject: Re: ip6tables icmp conntracking on 2.6.18 vs 2.6.24
Date: Thu, 03 Apr 2008 11:29:14 +0200 [thread overview]
Message-ID: <47F4A36A.2010600@plouf.fr.eu.org> (raw)
In-Reply-To: <20080403081822.GA13254@piper.oerlikon.madduck.net>
Hello,
martin f krafft a écrit :
>
> Is IPv6 connection tracking on 2.6.18 just broken?
Are you using a 2.6.18 kernel image from Debian etch or a custom one ?
IPv6 conntrack requires the (now not so) new nf_conntrack, but in kernel
versions older than 2.6.20 nf_conntrack did not support IPv4 NAT yet.
Only the old ip_conntrack, the IPv4-only conntrack, did. So IPv6
conntrack and IPv4 NAT were mutually exclusive. AFAIK 2.6.18 kernel
images from Debian etch are built with ip_conntrack in order to support
IPv4 NAT, and do not support IPv6 conntrack.
I am just a bit surprised that using the state match in ip6tables with a
kernel without IPv6 conntrack support does not trigger an error.
next prev parent reply other threads:[~2008-04-03 9:29 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-02 21:26 ip6tables icmp conntracking on 2.6.18 vs 2.6.24 martin f krafft
2008-04-02 21:44 ` Petr Pisar
2008-04-02 21:57 ` Jan Engelhardt
2008-04-02 22:05 ` martin f krafft
2008-04-03 8:18 ` martin f krafft
2008-04-03 9:29 ` Pascal Hambourg [this message]
2008-04-03 9:36 ` Nicolas KOWALSKI
2008-04-03 10:26 ` martin f krafft
2008-04-03 15:07 ` Pascal Hambourg
2008-04-03 15:23 ` martin f krafft
2008-04-03 23:00 ` Pascal Hambourg
2008-04-03 23:03 ` Pascal Hambourg
2008-04-04 8:50 ` martin f krafft
2008-04-04 16:19 ` Pascal Hambourg
2008-04-08 13:15 ` martin f krafft
2008-04-03 15:35 ` Nicolas KOWALSKI
2008-04-03 15:38 ` martin f krafft
2008-04-03 15:48 ` Nicolas KOWALSKI
2008-04-04 8:51 ` martin f krafft
2008-04-04 8:57 ` Nicolas KOWALSKI
2008-04-04 11:04 ` martin f krafft
2008-04-04 11:59 ` Nicolas KOWALSKI
2008-04-04 12:39 ` martin f krafft
2008-04-04 17:57 ` Nicolas KOWALSKI
2008-04-03 16:14 ` Jozsef Kadlecsik
2008-04-04 6:22 ` martin f krafft
2008-04-04 9:39 ` Jozsef Kadlecsik
2008-04-04 7:32 ` RFC 4890 (icmpv6 firewall recommendations) and ip6tables (was: ip6tables icmp conntracking on 2.6.18 vs 2.6.24) martin f krafft
2008-04-04 9:12 ` Jozsef Kadlecsik
2008-04-04 11:15 ` martin f krafft
2009-03-11 12:44 ` martin f krafft
2009-03-21 13:43 ` RFC 4890 (icmpv6 firewall recommendations) and ip6tables Chris Hills
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47F4A36A.2010600@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=madduck@madduck.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.