Hurricane Electric's IPv6 Tunnel Broker Forums
General IPv6 Topics => IPv6 on Linux & BSD & Mac => Topic started by: aziaja on January 26, 2009, 04:12:35 AM
-
...
-
You should allow protocol 41 (IPv6) packets from the HE endpoint:
iptables -A INPUT -s $IPv4_of_TunnelBroker -p ipv6 -j ACCEPT
Otherwise IPv6 traffic will only flow if you sent the first packet, in which case your ESTABLISHED,RELATED rule would be used.
-
Agreed. Also, your rule:
iptables -I INPUT 1 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
might not be the best choice to permit looped back packets.
Try these:-A INPUT -j ACCEPT -i lo
-A OUTPUT -j ACCEPT -o lo
-A INPUT -j ACCEPT -p ipv6 -s tserv15.lax1.ipv6.he.net (I use this tunnel)
-A OUTPUT -j ACCEPT -p ipv6 -d tserv15.lax1.ipv6.he.net (you could restrict this further)
and in "/etc/protocols":ipv6 41 IPV6 # ipv6
You should also get used to using iptables-restore instead of separate commands; it's more efficient for bringing up a firewall all at once.