Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: IPv6 and default IP and iptables  (Read 2443 times)

DOMBlogger

  • Newbie
  • *
  • Posts: 17
IPv6 and default IP and iptables
« on: September 17, 2011, 10:38:52 AM »

-=-
Originally mistakingly posted in general forum.
Removed from there before posting here, where I had intended to post it
-=-

CentOS 6

server gets a default IPv6 and then I have additional I can bring up as I need.

This is how I bring them up -

/etc/local/ipv6.txt has a | delimited list - IPv6|hostname

hostname is just for my benefit.

In /etc/rc.local I have:

Code: [Select]
for a in `cat /etc/local/ipv6.txt`; do
  ip=`echo ${a} |cut -d'|' -f1`
  ip -6 addr add ${ip}/64 dev eth0  preferred_lft 0
done

(Yes, I need to full path the cat and ip command - I'm getting sloppy)

My understanding is that preferred_lft 0

is to make sure the IPv6 when the server starts networking (from /etc/syconfig/network-scripts) is the default outgoing IPv6 address.
However, my private yum repository on another box that is configured:

Code: [Select]
Order Deny,Allow
Deny from all
Allow from ::1
Allow from xxxx:xxxx::xxxx:xxxx:xxxx:xxxx

rejects connections unless the IPv6 address is the last one brought up from my script.
Anyone know why the added IP addresses are taking over default outgoing?

Secondly, and maybe this belongs on a CentOS specific forum -

When I use /usr/bin/system-config-firewall-tui to configure my firewall, it seems to only apply to ipv4

If I start /etc/init.d/ip6tables all IPv6 traffic ports are filtered. Of course when I don't start that service, none is.
Is that tool just simply broken for IPv6?
Logged

k1mu

  • Newbie
  • *
  • Posts: 36
Re: IPv6 and default IP and iptables
« Reply #1 on: September 19, 2011, 05:37:49 AM »

When I use /usr/bin/system-config-firewall-tui to configure my firewall, it seems to only apply to ipv4

If I start /etc/init.d/ip6tables all IPv6 traffic ports are filtered. Of course when I don't start that service, none is.
Is that tool just simply broken for IPv6?

I'm using CentOS 5.x, but it's probably the same. The ip6tables startup script looks for firewall rules in /etc/sysconfig/ip6tables
What's in that file? What firewall rules do you end up with after startup (ip6tables -L)?
Logged