Re: IPv6, HE tunnel and ip6tables problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




-------- Original Message  --------
Subject:  IPv6, HE tunnel and ip6tables problems
From: Stephen Harris <lists@xxxxxxxxxx>
To: CentOS mailing list <centos@xxxxxxxxxx>
Date: Tuesday, January 11, 2011 1:09:25 PM
> CentOS 5.5, fully patched.
>
> I have a HE tunnel (tunnelbroker.net) IPv6 tunnel.  This works pretty
> well and is simple to setup.  Everything works fine.
>
> Until I try to set up an ip6tables firewall.
>
...
> It might be that I need to compile a generic kernel; apparently >
> 2.6.20 fixes a number of ip6tables issues; CentOS 5 is based on 2.6.18.
>
> Maybe CentOS 6 (*nudge nudge*) will work :-)
>
> I'm not sure I want to leave my home network on IPv6 without a firewall;
> not sure I trust all the machines I have on local network to be safe
> from remote probes!
>
> I wonder if anyone has any suggestions...
>
> Thanks!
>

I have been waiting for RHEL6/CentOS6 because, as I understand it,
CentOS5 does not have a statefull IP6 firewall - e.g. incoming traffic
would have to have a default ACCEPT policy or only specific applications
allowed (based on source port) on a case by case basis. Perhaps this is
the issue you are running into. However, I would think you'd receive an
error attempting to set "--state ESTABLISHED,RELATED" within iptables if
this were the case.

I would be delighted if someone could share their experiences with ip6
and CentOS5, especially from a security or service provider standpoint.

--Blake
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux