Has anyone gotten the combo of Ubuntu Jaunty (9.04) with the UFW firewall to work with an HEnet tunnel?
I have configured the tunnel, added an IP from my /64 allotment to eth0, and everything works as expected until I bring up the firewall. UFW is supposed to support IPv6, but I must be missing something somewhere. By default it is supposed to allow ping6, etc through, and I have added rules to allow port 80 in to the v6 address. Unfortunately, all packets are dropped by UFW.
My steps:
1) Configure and test IPv6 tunnel
2) Set IPV6=yes in /etc/default/ufw (to add the v6 rules)
3) Removed and re-added all the rules that were previously in place. It does add what appear to be the necessary rules in the user6.rules file.
4) Re-enabled UFW
At this point, all ipv6 traffic dies. I've tried adding rules to allow anything through to the ipv6 address, and another to allow any traffic from my tunnel server ipv4 address, again, no joy.
This box is a linode, and has public IPv4 addresses, so there is no NAT in place, so it is my understanding that I do not need to try to forward protocol 41.
Here is a ping6 to the box drop (cleansed):
[UFW BLOCK] IN=he-ipv6 OUT= TUNNEL=216.66.22.2->I.P.v4.102
SRC=2001:0470:1f06:06c7:0000:0000:0000:0002 DST=2001:0470:0018:037b:0000:0000:0000:0002
LEN=104 TC=0 HOPLIMIT=60 FLOWLBL=0
PROTO=ICMPv6 TYPE=128 CODE=0 ID=41264 SEQ=4
ip6tables -L -n | grep 'type 128' shows that this is the rule it has in place:
ACCEPT icmpv6 ::/0 ::/0 ipv6-icmp type 128
So something else must be catching the traffic, just not sure what.
Anyone have any ideas? So close, and yet so far.
Thanks,
SwS
A Burnt Sage