Just for info, I report that after I "opened" protocol 41 for input (and removed the nat table changes) my IPv6 tunnel is working fine for more than 24 hours. David 2009/7/10 Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx>: > Benedikt Gollatz a écrit : >> >>>> You need to accept proto-41 >>>> packets in the PREROUTING chain to stop the connection tracker from >>>> looking at them. >>> >>> Wrong. Connection tracking happens anyway. >> >> You'll have to tell that to the authors of the SixXS FAQ. > > Maybe. I just read the FAQ entry about connection tracking, and I didn't > think it was so clueless about Linux conntrack. But I'm so lazy, and SixXS > puts so many requirements about how to contact them. > >>> Anyway what David need is to allow 6in4 traffic from the tunnel endpoint. >>> This has nothing to do with connection tracking. >> >> Traffic passing through at first and after a certain time not being able >> to >> pass anymore is a classic symptom of problems with connection tracking. > > It less about connection tracking than about how connection tracking states > are used in filtering rules. Connection tracking does not matter if you > accept all traffic. So it is a mostly a filtering issue. > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
