• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Does the tunnel go down if there is no activity?

Started by bombcar, January 24, 2010, 10:16:51 PM

Previous topic - Next topic

bombcar

I have a single server on an IPv6 tunnel, and it seems that I cannot access it from my other tunnel unless I first login to the server and run a ping6. Is this expected behavior?

jimb

Yes.  If you don't have a NAT rule forwarding IPv4 proto 41 to your router, lack of 6in4 tunnel traffic will cause the NAT connection table entry to time out, and incoming 6in4 traffic to be dropped as unsolicited.

bombcar

Hmm. The machine is raw on the internet (IPv4) - I'll have to look at the shorewall config.

jimb

#3
Quote from: bombcar on January 25, 2010, 06:28:48 PM
Hmm. The machine is raw on the internet (IPv4) - I'll have to look at the shorewall config.
Ah I presumed you were behind a NAT.  But the same thing applies since you're using iptables (shorewall).  Make sure there's a rule in the INPUT chain which allows IP protocol 41 from the HE server to your outside IP.  

Should look something like this:

iptables --append INPUT --source x.x.x.x --destination x.x.x.x --proto 41 --jump ACCEPT

Since you're using Shorewall, it's probably some variable in a config file somehwere.  I've never used it sooo...

bombcar

The secret was to upgrade to shorewall 4.4.2 along with shorewall6 - now it's working great.