• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IP is not ICMP pingable. Please make sure ICMP is not blocked.

Started by sahadev, March 11, 2017, 09:15:43 PM

Previous topic - Next topic

sahadev

i am using a raspberry pi 3 how to enable port through firewall

snarked

That will depend on where your firewall is and where your end of the tunnel terminates.

If you have more than one device, it probably terminates in your router.  There are too many devices to address your question, but the answer below for the R-Pi-3 will give you a hint.

The R-Pi-3 usually runs a version of Linux.  Therefore, what you need to do is:

1)  Open up "Protocol 41" for input and output.  See "iptables" and the options "-p 41" and "-j ACCEPT".  If you are using IPv4-in-IPv6 ONLY ("6in4") with the HE tunnel and not other things (like "6to4" which uses IPv6 2002::/16 addressing), then you should probably further limit the rule with an "-s" option indicating the IPv4 address of the HE tunnel server you're using.

2)  At the IPv6 level, you need to accept the ping.  See "ip6tables".  I use a "-s" limited rule (with the IPv6 address of the HE tunnel server) to separate the automatic pings from HE from other types of pings from other people or annoyances*.

This is because the ping from HE typically comes as an IPv6 ping encapsulated in IPv4.  Note also that for setting up the tunnel, HE may ping your IPv4 tunnel endpoint directly as well.

* - I say "annoyances" because there are a lot of idiots that ping things they shouldn't.