I have a single server on an IPv6 tunnel, and it seems that I cannot access it from my other tunnel unless I first login to the server and run a ping6. Is this expected behavior?
Yes. If you don't have a NAT rule forwarding IPv4 proto 41 to your router, lack of 6in4 tunnel traffic will cause the NAT connection table entry to time out, and incoming 6in4 traffic to be dropped as unsolicited.
Hmm. The machine is raw on the internet (IPv4) - I'll have to look at the shorewall config.
Quote from: bombcar on January 25, 2010, 06:28:48 PM
Hmm. The machine is raw on the internet (IPv4) - I'll have to look at the shorewall config.
Ah I presumed you were behind a NAT. But the same thing applies since you're using iptables (shorewall). Make sure there's a rule in the INPUT chain which allows IP protocol 41 from the HE server to your outside IP.
Should look something like this:
iptables --append INPUT --source x.x.x.x --destination x.x.x.x --proto 41 --jump ACCEPTSince you're using Shorewall, it's probably some variable in a config file somehwere. I've never used it sooo...
The secret was to upgrade to shorewall 4.4.2 along with shorewall6 - now it's working great.