Your IPv4 endpoint is unreachable or unstable

aziaja · January 26, 2009, 04:12:35 AM

...

kristiankrohn · January 26, 2009, 05:00:40 AM

You should allow protocol 41 (IPv6) packets from the HE endpoint:

iptables -A INPUT -s $IPv4_of_TunnelBroker -p ipv6 -j ACCEPT

Otherwise IPv6 traffic will only flow if you sent the first packet, in which case your ESTABLISHED,RELATED rule would be used.

snarked · January 26, 2009, 11:30:25 AM

Agreed. Also, your rule:

Quoteiptables -I INPUT 1 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

might not be the best choice to permit looped back packets.

Try these:

Quote-A INPUT -j ACCEPT -i lo
-A OUTPUT -j ACCEPT -o lo

-A INPUT -j ACCEPT -p ipv6 -s tserv15.lax1.ipv6.he.net (I use this tunnel)
-A OUTPUT -j ACCEPT -p ipv6 -d tserv15.lax1.ipv6.he.net (you could restrict this further)

and in "/etc/protocols":

Quoteipv6 41 IPV6 # ipv6

You should also get used to using iptables-restore instead of separate commands; it's more efficient for bringing up a firewall all at once.

News:

Your IPv4 endpoint is unreachable or unstable

aziaja

kristiankrohn

snarked