ipv6 network fail (newbie alert)
Nick Edwards
nick.z.edwards at gmail.com
Fri Mar 8 02:29:27 CET 2013
Hi all (again)
Hrmm, possible this is related to my earlier iptables issues.
accept rules are being ignored.
offshooting my mail to another inside box, works fine with policy
default accept, but I'm not liking that, so try to secure it, ipv4
works as it has for years, but ipv6 sheesh
ip6tables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all ::/0 ::/0
<--- loopback
ACCEPT all 2001:470:xxx2:524::/64 ::/0 <-- my routed lan
ACCEPT all 2a00:1c18:401:c01::538:0/112 ::/0 <-- offsite
native ipv6 range
this above native range is being ignored, as are the port rules below
it, and this I really cant understand since it has been told to accept
it, as with my earlier forwarding problems gave me
Destination unreachable: Address unreachable
ACCEPT all ::/0 ::/0 ctstate
RELATED,ESTABLISHED
REJECT tcp ::/0 ::/0 tcp
dpt:113 reject-with icmp6-port-unreachable
ACCEPT udp ::/0 ::/0 udp dpt:25
ACCEPT tcp ::/0 ::/0 tcp dpt:25
DROP icmpv6 ::/0 ::/0 ipv6-icmptype 128
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
This is a fully bare bones iptables config, and the only way is to set
input policy to accept which i should not have to do, unless ip6tables
is re wrote and is nothing like iptables commands which do work.
Anyone seen this crazyness?
( ip6tables v1.4.17 )
More information about the ipv6-ops
mailing list