ipv6 network fail (newbie alert)
Nick Edwards
nick.z.edwards at gmail.com
Sat Mar 9 03:24:37 CET 2013
On 3/9/13, Gert Doering <gert at space.net> wrote:
> Hi,
>
> On Fri, Mar 08, 2013 at 11:29:27AM +1000, Nick Edwards wrote:
>> offshooting my mail to another inside box, works fine with policy
>> default accept, but I'm not liking that, so try to secure it, ipv4
>> works as it has for years, but ipv6 sheesh
>>
>> ip6tables -L -n
>>
>> Chain INPUT (policy DROP)
>> target prot opt source destination
>> ACCEPT all ::/0 ::/0
>> <--- loopback
>> ACCEPT all 2001:470:xxx2:524::/64 ::/0 <-- my
>> routed lan
>> ACCEPT all 2a00:1c18:401:c01::538:0/112 ::/0 <-- offsite
>> native ipv6 range
>
> There you go. You need to permit the pesky fe80:: stuff which is used
> for neighbour discovery (aka "ARP for IPv6").
>
> Gert Doering
> -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
>
No idea, why, but this seems to have fixed it, thanks Gert!
all these years of ipv4, now with ipv6 I feel like i should be like a
little kid and re-start kindergarten again :)
Nik
More information about the ipv6-ops
mailing list