Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Linux & BSD & Mac => Topic started by: aziaja on January 26, 2009, 04:12:35 AM

Title: Your IPv4 endpoint is unreachable or unstable
Post by: aziaja on January 26, 2009, 04:12:35 AM
...
Title: Re: Your IPv4 endpoint is unreachable or unstable
Post by: kristiankrohn on January 26, 2009, 05:00:40 AM
You should allow protocol 41 (IPv6) packets from the HE endpoint:

Code: [Select]
iptables -A INPUT -s $IPv4_of_TunnelBroker -p ipv6 -j ACCEPT
Otherwise IPv6 traffic will only flow if you sent the first packet, in which case your ESTABLISHED,RELATED rule would be used.
Title: Re: Your IPv4 endpoint is unreachable or unstable
Post by: snarked on January 26, 2009, 11:30:25 AM
Agreed.  Also, your rule:
Quote
iptables -I INPUT 1 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
might not be the best choice to permit looped back packets.

Try these:
Quote
-A INPUT  -j ACCEPT -i lo
-A OUTPUT -j ACCEPT -o lo

-A INPUT  -j ACCEPT -p ipv6 -s tserv15.lax1.ipv6.he.net  (I use this tunnel)
-A OUTPUT -j ACCEPT -p ipv6 -d tserv15.lax1.ipv6.he.net (you could restrict this further)
and in "/etc/protocols":
Quote
ipv6    41      IPV6            # ipv6
You should also get used to using iptables-restore instead of separate commands; it's more efficient for bringing up a firewall all at once.