Re: IPv6, HE tunnel and ip6tables problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Jan 11, 2011 at 02:12:15PM -0600, Blake Hudson wrote:
> From: Stephen Harris <lists@xxxxxxxxxx>

> > I have a HE tunnel (tunnelbroker.net) IPv6 tunnel.  This works pretty
> > well and is simple to setup.  Everything works fine.
> >
> > Until I try to set up an ip6tables firewall.

> I have been waiting for RHEL6/CentOS6 because, as I understand it,
> CentOS5 does not have a statefull IP6 firewall - e.g. incoming traffic
> would have to have a default ACCEPT policy or only specific applications
> allowed (based on source port) on a case by case basis. Perhaps this is
> the issue you are running into. However, I would think you'd receive an
> error attempting to set "--state ESTABLISHED,RELATED" within iptables if
> this were the case.

I think that got fixed in earlier versions.

# ip6tables -L | grep state
ACCEPT     all      anywhere             anywhere           state RELATED,ESTABLISHED 
ACCEPT     all      anywhere             anywhere           state RELATED,ESTABLISHED 

So it's clear the options are now availale.

And for a lot of things it works OK.  That's why I think the problem
may be fragmentation related, and the fragments aren't being properly
reassembled for the ip6tables to pass them through.

-- 

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux