* Connectiontracking of IPv6 on modified Fritzbox
@ 2009-01-30 13:23 wlet
2009-01-30 14:28 ` Pascal Hambourg
0 siblings, 1 reply; 2+ messages in thread
From: wlet @ 2009-01-30 13:23 UTC (permalink / raw)
To: netfilter
Hello,
I'm using a SOHO router called Fritzbox. This box is very popular in germany and is based upon busybox/linux.
There is a gnu project called "Freetz" which provides a patchset to enhance the capabilities of this box.
I'm using the last svn snapshot which contains IPv6 support via sixxs.net. The kernel running on this box is "2.6.13.1-ohio" (MIPS).
I want to use ip6tables to restrict the v6 traffic, but there is no possibility to do a connection tracking/stateful filtering.
These are the ip6tables modules availible:
ip6_queue.ko
ip6_tables.ko
ip6t_LOG.ko
ip6t_MARK.ko
ip6t_dst.ko
ip6t_ipv6header.ko
ip6t_length.ko
ip6t_limit.ko
ip6t_mark.ko
ip6t_rt.ko
ip6table_filter.ko
ip6table_raw.ko
x_tables are also not availible. Somebody at the Freetz Forum stated, that the kernel should be able to handle connectiontracking, but I don't know how.
Anybody here with a neat little hint?
thankyou
wlet
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Connectiontracking of IPv6 on modified Fritzbox
2009-01-30 13:23 Connectiontracking of IPv6 on modified Fritzbox wlet
@ 2009-01-30 14:28 ` Pascal Hambourg
0 siblings, 0 replies; 2+ messages in thread
From: Pascal Hambourg @ 2009-01-30 14:28 UTC (permalink / raw)
To: netfilter; +Cc: wlet
Hello,
wlet@gmx.net a écrit :
>
> I'm using the last svn snapshot which contains IPv6 support via
> sixxs.net. The kernel running on this box is "2.6.13.1-ohio" (MIPS).
>
> I want to use ip6tables to restrict the v6 traffic, but there is no
> possibility to do a connection tracking/stateful filtering.
The new netfilter conntrack aka 'nf_conntrack' supporting IPv6
connection tracking was added in the mainline kernel version 2.6.15.
However it lacked IPv4 NAT support (and support for "complex" protocols
except FTP) until version 2.6.20, so meanwhile you had to choose between
IPv6 connection tracking provided by 'nf_conntrack' and IPv4 NAT
provided by the old IPv4-only conntrack aka 'ip_conntrack'.
For kernel versions earlier that 2.6.15, an 'nf_conntrack' patchlet was
available in the patch-o-matic-ng until patch-o-matic-ng-20050918.
However it probably had a number of bugs which were corrected after
being merged in the mainline kernel.
> x_tables are also not availible.
x_tables was added in the mainline kernel version 2.6.16. It is not
related to nf_conntrack.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-01-30 14:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-30 13:23 Connectiontracking of IPv6 on modified Fritzbox wlet
2009-01-30 14:28 ` Pascal Hambourg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox