From: Jonathan Tripathy <jonnyt@abpni.co.uk>
To: netfilter@vger.kernel.org
Subject: Re: IPv6 routing
Date: Mon, 30 Aug 2010 11:37:31 +0100 [thread overview]
Message-ID: <4C7B89EB.7090807@abpni.co.uk> (raw)
In-Reply-To: <4C7B8741.3030908@abpni.co.uk>
On 30/08/10 11:26, Jonathan Tripathy wrote:
> Hi Everyone,
>
> I'm using HE's IP6 Tunnel broker service. I'm trying to use a Ubuntu
> box as a router. I've set up the tunnel (which connects to HE's server
> via IPv4).
>
> Everything does work when I don't have any iptables rules. However, I
> don't wish to leave the box open.
>
> For some reason, forwarding of packets (from HE WAN to the other side
> of my router) only works when I have my ip6tables INPUT chain to
> ACCEPT. Even when putting in a state RELATED,ESTABLISHED in there
> doesn't work.
>
> Does anyone have any ideas why this is the case? I have a funny
> feeling it has something to do with NDP and ip6tables not marking
> something as "related".
>
> Thanks
>
Ok so I added
ip6tables -I INPUT -d ff02::1:ff00:1 -j ACCEPT
to my INPUT chain. The above address being the "solicited node multicast
address" of my router, which other hosts on the LAN will send stuff to
get it's IP (Bit like ARP for IPv4).
However, when I run a tcpdump, I am now getting this:
06:29:37.241590 IP6 2001:470:1f09:dc5::1 > ff02::1:ff00:2: ICMP6,
neighbor solicitation, who has 2001:470:1f09:dc5::2, length 32
06:29:37.241800 IP6 2001:470:1f09:dc5::2 > 2001:470:1f09:dc5::1: ICMP6,
neighbor advertisement, tgt is 2001:470:1f09:dc5::2, length 32
It seems like netfilter isn't marking the advertisements as "related" to
the solicitation request. I think that this is becuase the request was
sent to ff02::1:ff00:2, but the reply came from 2001:470:1f09:dc5::2.
Any ideas what I should do?
Thanks
next prev parent reply other threads:[~2010-08-30 10:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-30 10:26 IPv6 routing Jonathan Tripathy
2010-08-30 10:37 ` Jonathan Tripathy [this message]
2010-08-30 10:43 ` Jan Engelhardt
2010-08-30 10:45 ` Jonathan Tripathy
2010-08-30 11:10 ` Jonathan Tripathy
2010-08-30 12:24 ` Thomas Jacob
2010-08-30 12:33 ` Jonathan Tripathy
2010-08-30 12:42 ` Jozsef Kadlecsik
2010-08-30 12:54 ` Thomas Jacob
2010-08-30 13:18 ` Jozsef Kadlecsik
2010-08-30 13:43 ` Thomas Jacob
2010-08-30 12:47 ` Thomas Jacob
2010-08-30 12:48 ` Jonathan Tripathy
2010-08-30 17:17 ` Pascal Hambourg
2010-08-30 12:07 ` Jan Engelhardt
2010-08-30 12:08 ` Jonathan Tripathy
-- strict thread matches above, loose matches on Subject: below --
2001-04-20 17:37 Carlos Parada (EST)
2001-04-20 17:43 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C7B89EB.7090807@abpni.co.uk \
--to=jonnyt@abpni.co.uk \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.