Benedikt Gollatz a écrit :
You need to accept proto-41
packets in the PREROUTING chain to stop the connection tracker from
looking at them.
Wrong. Connection tracking happens anyway.
You'll have to tell that to the authors of the SixXS FAQ.
Maybe. I just read the FAQ entry about connection tracking, and I didn't
think it was so clueless about Linux conntrack. But I'm so lazy, and
SixXS puts so many requirements about how to contact them.
Anyway what David need is to allow 6in4 traffic from the tunnel
endpoint. This has nothing to do with connection tracking.
Traffic passing through at first and after a certain time not being able to
pass anymore is a classic symptom of problems with connection tracking.
It less about connection tracking than about how connection tracking
states are used in filtering rules. Connection tracking does not matter
if you accept all traffic. So it is a mostly a filtering issue.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
