ipv6 network fail (newbie alert)

Nick Edwards nick.z.edwards at gmail.com
Fri Mar 8 10:44:07 CET 2013


Hi Nick,
This problem is on the actual smtp machine, not the gateway, so it
can't be a forwarding rule as packets are directed  to it, not via it.



On 3/8/13, Nick Hilliard <nick at foobar.org> wrote:
> You should be interested in the forward chain not the input chain. The
> policy on the forward chain is DROP, which is why your traffic is bring
> dropped.
>
> Nick
>
> Sent from my iWotsit.
>
> On 8 Mar 2013, at 01:29, Nick Edwards <nick.z.edwards at gmail.com> wrote:
>
>> Hi all (again)
>>
>> Hrmm, possible this is related to my earlier iptables issues.
>>
>> accept rules are being ignored.
>>
>> offshooting my mail to another inside box, works fine with policy
>> default accept, but I'm not liking that, so try to secure it, ipv4
>> works as it has for years, but ipv6 sheesh
>>
>> ip6tables -L -n
>>
>> Chain INPUT (policy DROP)
>> target     prot opt source               destination
>> ACCEPT     all      ::/0              ::/0
>>    <--- loopback
>> ACCEPT     all      2001:470:xxx2:524::/64  ::/0              <-- my
>> routed lan
>> ACCEPT     all      2a00:1c18:401:c01::538:0/112  ::/0   <--  offsite
>> native ipv6 range
>>
>> this above native range is being ignored, as are the port rules below
>> it, and this I really cant understand since it has been told to accept
>> it, as with my earlier forwarding problems gave me
>>
>> Destination unreachable: Address unreachable
>>
>>
>> ACCEPT     all      ::/0                 ::/0                 ctstate
>> RELATED,ESTABLISHED
>> REJECT     tcp      ::/0                 ::/0                 tcp
>> dpt:113 reject-with icmp6-port-unreachable
>> ACCEPT     udp      ::/0                 ::/0                 udp dpt:25
>> ACCEPT     tcp      ::/0                 ::/0                 tcp dpt:25
>> DROP       icmpv6    ::/0                 ::/0
>> ipv6-icmptype 128
>>
>> Chain FORWARD (policy DROP)
>> target     prot opt source               destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>> This is a fully bare bones iptables config, and the only way is to set
>> input policy to accept which i should not have to do, unless ip6tables
>> is re wrote and is nothing like iptables commands which do work.
>>
>> Anyone seen this crazyness?
>> ( ip6tables v1.4.17 )
>


More information about the ipv6-ops mailing list