Re: ipv4 and ipv6 tables - Alistair Tonner

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Alistair Tonner <Alistair@nerdnet.ca>
To: netfilter@lists.netfilter.org
Subject: Re: ipv4 and ipv6 tables
Date: Fri, 27 Aug 2004 18:30:34 -0400	[thread overview]
Message-ID: <200408271830.34871.Alistair@nerdnet.ca> (raw)
In-Reply-To: <412FB0D4.8080303@pbl.ca>

On August 27, 2004 06:08 pm, Aleksandar Milivojevic wrote:
> Ok, if I have good old ipv4 packet, or good new ipv6 packet they will go
> through respective chains in respective tables (either for ipv4 or
> ipv6).  But how about ipv6-in-ipv4 packets?  How is this handled when
> packet is forwarded (especially by ipv6 enabled host)?  How does the
> packet traverse tables and chains once it reach destination and is
> unwrapped from its ipv4 wrapper (does it go through both ipv4 and ipv6
> tables and chains)?  Any other special cases to watch for to prevent
> packets that should be blocked to go through ipv6 back door?

	When the IPV6 packet is wrapped up in IPV4 it becomes an
	ipv4 protocol 41 packet.

	You need to allow protocol 41 through the ipv4 rules to let the ipv6-in-ipv4 
stuff through.

	in my case 

	iptables -I INPUT 3 -p 41 -s {ipaddress of tunnel server} -d {my external 
ipv4 address} -j ACCEPT
	iptables -I OUTPUT 7 -p 41 -s {my external ipv4 address} -d {ipaddress of 
tunnel server} -j ACCEPT

	you would likely want the rules in different locations in INPUT and OUTPUT 


	Alistair Tonner
	
	(after bouncing head on desk for days trying to get mine working, I'll make 
yer life a little easier)

     prev parent reply	other threads:[~2004-08-27 22:30 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-27 22:08 ipv4 and ipv6 tables Aleksandar Milivojevic
2004-08-27 22:30 ` Alistair Tonner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200408271830.34871.Alistair@nerdnet.ca \
    --to=alistair@nerdnet.ca \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox