Hi after a brake of some month for ipv6 I tried it again (after reading that steteful inspection is now in 2.6.15). I'm using tun6to4 as my tunnel device and have problems setting the access lists right. OUTPUT ACCEPT all * tun6to4 ::/0 ::/0 state NEW never get's any hit, all traffic uses ACCEPT all * tun6to4 ::/0 ::/0 w/o any state parameter And the same problem for the incomming traffic: INPUT DROP all tun6to4 * ::/0 ::/0 state INVALID had to be removed, otherwise no package was allowed to travel LOG all tun6to4 * ::/0 ::/0 state INVALID LOG flags 0 level 4 has a lot of hits, eg IN=tun6to4 OUT= MAC=... TUNNEL=192.88.99.1->... SRC=2001:06b0:0001:00ea:0202:a5ff:fecd:13a6 DST=... LEN=104 TC=0 HOPLIMIT=54 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=16439 SEQ=1 as the anwser to ping6 www.ipv6.org Any idea what's wrong with my config? I'm running 2.6.15-mm4 w/ iptables 1.2.9 on Debian unstable on a machine behind a router (router is doing nat). Jörg -- Jörg Schütter http://www.schuetter.org/joerg joerg@xxxxxxxxxxxxx http://www.lug-untermain.de/
