ipv6 network fail (newbie alert)
Darren Pilgrim
list_ipv6-ops at bluerosetech.com
Wed Mar 20 21:08:21 CET 2013
On 2013-03-20 11:48, Romain Boissat wrote:
> # Link-local Multicast receiver: allow in link-local only
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 130 -m hl --hl-eq 255 -j ACCEPT # Listener Query
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 131 -m hl --hl-eq 255 -j ACCEPT # Listener Report
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 132 -m hl --hl-eq 255 -j ACCEPT # Listener Done
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 143 -m hl --hl-eq 255 -j ACCEPT # Listener Report v2
The above will accept messages from non-LL addresses. Restrict to -s
fe80::/10 instead of restricting the hop limit.
> # Multicast Router messages: Advertisement, Solicitation, Termination
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 151 -m hl --hl-eq 255 -j ACCEPT # MRA
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 152 -m hl --hl-eq 255 -j ACCEPT # MRS
> $IP6T -A ICMPv6_IN $ICMP6 --icmpv6-type 153 -m hl --hl-eq 255 -j ACCEPT # MRT
Hop limit should be 1. Also -s fe80::/10.
More information about the ipv6-ops
mailing list