ipv4 and ipv6 tables

Linux Netfilter discussions
 help / color / mirror / Atom feed

* ipv4 and ipv6 tables
@ 2004-08-27 22:08 Aleksandar Milivojevic
  2004-08-27 22:30 ` Alistair Tonner
  0 siblings, 1 reply; 2+ messages in thread
From: Aleksandar Milivojevic @ 2004-08-27 22:08 UTC (permalink / raw)
  To: Netfilter User Mailinglist

Ok, if I have good old ipv4 packet, or good new ipv6 packet they will go 
through respective chains in respective tables (either for ipv4 or 
ipv6).  But how about ipv6-in-ipv4 packets?  How is this handled when 
packet is forwarded (especially by ipv6 enabled host)?  How does the 
packet traverse tables and chains once it reach destination and is 
unwrapped from its ipv4 wrapper (does it go through both ipv4 and ipv6 
tables and chains)?  Any other special cases to watch for to prevent 
packets that should be blocked to go through ipv6 back door?

-- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: ipv4 and ipv6 tables
  2004-08-27 22:08 ipv4 and ipv6 tables Aleksandar Milivojevic
@ 2004-08-27 22:30 ` Alistair Tonner
  0 siblings, 0 replies; 2+ messages in thread
From: Alistair Tonner @ 2004-08-27 22:30 UTC (permalink / raw)
  To: netfilter

On August 27, 2004 06:08 pm, Aleksandar Milivojevic wrote:
> Ok, if I have good old ipv4 packet, or good new ipv6 packet they will go
> through respective chains in respective tables (either for ipv4 or
> ipv6).  But how about ipv6-in-ipv4 packets?  How is this handled when
> packet is forwarded (especially by ipv6 enabled host)?  How does the
> packet traverse tables and chains once it reach destination and is
> unwrapped from its ipv4 wrapper (does it go through both ipv4 and ipv6
> tables and chains)?  Any other special cases to watch for to prevent
> packets that should be blocked to go through ipv6 back door?

	When the IPV6 packet is wrapped up in IPV4 it becomes an
	ipv4 protocol 41 packet.

	You need to allow protocol 41 through the ipv4 rules to let the ipv6-in-ipv4 
stuff through.

	in my case 

	iptables -I INPUT 3 -p 41 -s {ipaddress of tunnel server} -d {my external 
ipv4 address} -j ACCEPT
	iptables -I OUTPUT 7 -p 41 -s {my external ipv4 address} -d {ipaddress of 
tunnel server} -j ACCEPT

	you would likely want the rules in different locations in INPUT and OUTPUT 


	Alistair Tonner
	
	(after bouncing head on desk for days trying to get mine working, I'll make 
yer life a little easier)


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-08-27 22:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-27 22:08 ipv4 and ipv6 tables Aleksandar Milivojevic
2004-08-27 22:30 ` Alistair Tonner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox