• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 and default IP and iptables

Started by DOMBlogger, September 17, 2011, 10:38:52 AM

Previous topic - Next topic

DOMBlogger

-=-
Originally mistakingly posted in general forum.
Removed from there before posting here, where I had intended to post it
-=-

CentOS 6

server gets a default IPv6 and then I have additional I can bring up as I need.

This is how I bring them up -

/etc/local/ipv6.txt has a | delimited list - IPv6|hostname

hostname is just for my benefit.

In /etc/rc.local I have:


for a in `cat /etc/local/ipv6.txt`; do
 ip=`echo ${a} |cut -d'|' -f1`
 ip -6 addr add ${ip}/64 dev eth0  preferred_lft 0
done


(Yes, I need to full path the cat and ip command - I'm getting sloppy)

My understanding is that preferred_lft 0

is to make sure the IPv6 when the server starts networking (from /etc/syconfig/network-scripts) is the default outgoing IPv6 address.
However, my private yum repository on another box that is configured:


Order Deny,Allow
Deny from all
Allow from ::1
Allow from xxxx:xxxx::xxxx:xxxx:xxxx:xxxx


rejects connections unless the IPv6 address is the last one brought up from my script.
Anyone know why the added IP addresses are taking over default outgoing?

Secondly, and maybe this belongs on a CentOS specific forum -

When I use /usr/bin/system-config-firewall-tui to configure my firewall, it seems to only apply to ipv4

If I start /etc/init.d/ip6tables all IPv6 traffic ports are filtered. Of course when I don't start that service, none is.
Is that tool just simply broken for IPv6?

k1mu

Quote from: DOMBlogger on September 17, 2011, 10:38:52 AM
When I use /usr/bin/system-config-firewall-tui to configure my firewall, it seems to only apply to ipv4

If I start /etc/init.d/ip6tables all IPv6 traffic ports are filtered. Of course when I don't start that service, none is.
Is that tool just simply broken for IPv6?

I'm using CentOS 5.x, but it's probably the same. The ip6tables startup script looks for firewall rules in /etc/sysconfig/ip6tables
What's in that file? What firewall rules do you end up with after startup (ip6tables -L)?