Topic: Your IPv4 endpoint is unreachable or unstable (Read 7124 times)

kristiankrohn · « **Reply #1 on:** January 26, 2009, 05:00:40 AM »

You should allow protocol 41 (IPv6) packets from the HE endpoint:

iptables -A INPUT -s $IPv4_of_TunnelBroker -p ipv6 -j ACCEPT
Otherwise IPv6 traffic will only flow if you sent the first packet, in which case your ESTABLISHED,RELATED rule would be used.

snarked · « **Reply #2 on:** January 26, 2009, 11:30:25 AM »

Agreed. Also, your rule:

Quote

iptables -I INPUT 1 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

might not be the best choice to permit looped back packets.

Try these:

Quote

-A INPUT -j ACCEPT -i lo
-A OUTPUT -j ACCEPT -o lo

-A INPUT -j ACCEPT -p ipv6 -s tserv15.lax1.ipv6.he.net (I use this tunnel)
-A OUTPUT -j ACCEPT -p ipv6 -d tserv15.lax1.ipv6.he.net (you could restrict this further)

and in "/etc/protocols":

Quote

ipv6 41 IPV6 # ipv6

You should also get used to using iptables-restore instead of separate commands; it's more efficient for bringing up a firewall all at once.

News:

Author Topic: Your IPv4 endpoint is unreachable or unstable (Read 7124 times)

aziaja

Your IPv4 endpoint is unreachable or unstable

kristiankrohn

Re: Your IPv4 endpoint is unreachable or unstable

snarked

Re: Your IPv4 endpoint is unreachable or unstable