ipv6 network fail (newbie alert)
Gert Doering
gert at space.net
Fri Mar 8 15:45:12 CET 2013
Hi,
On Fri, Mar 08, 2013 at 11:29:27AM +1000, Nick Edwards wrote:
> offshooting my mail to another inside box, works fine with policy
> default accept, but I'm not liking that, so try to secure it, ipv4
> works as it has for years, but ipv6 sheesh
>
> ip6tables -L -n
>
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all ::/0 ::/0
> <--- loopback
> ACCEPT all 2001:470:xxx2:524::/64 ::/0 <-- my routed lan
> ACCEPT all 2a00:1c18:401:c01::538:0/112 ::/0 <-- offsite
> native ipv6 range
There you go. You need to permit the pesky fe80:: stuff which is used
for neighbour discovery (aka "ARP for IPv6").
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list