ipv6 network fail (newbie alert)
Darren Pilgrim
list_ipv6-ops at bluerosetech.com
Sat Mar 16 13:57:06 CET 2013
On 2013-03-15 00:39, Nick Edwards wrote:
> I have seen this block - don't block argument before, many times, I
> have never experienced any "known" problems, however talking to
> another sys admin in my city (who I use to work with few years back),
> he suggested I use, as he does
> (copy and paste from him on icq) :
>
> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 3 -j ACCEPT
> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 4 -j ACCEPT
> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 11 -j ACCEPT
> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 12 -j ACCEPT
> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 -j DROP
I think your friend is confusing ICMPv4 and ICMPv6. Types 3, 4, 11, and
12 are used in ICMPv4. The approximate equivalent in ICMPv6 is 1, 2, 3,
and 4. You need to allow them on the output and forward paths as well.
You probably also want to allow types 135 and 136 for minimal NDP
functionality.
More information about the ipv6-ops
mailing list