[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02953) [netfilter] problem with icmpv6 and connection tracking
- To: Usagi Users ML <usagi-users@xxxxxxxxxxxxxx>
- Subject: (usagi-users 02953) [netfilter] problem with icmpv6 and connection tracking
- From: Fabio Massimo Di Nitto <fabbione@xxxxxxxxxxxx>
- Date: Wed, 19 May 2004 09:44:55 +0200 (CEST)
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Sender: fabbione@xxxxxxxxxxxx
Hi everybody,
first of all thanks a lot for the incredibly nice work you are
doing.
I am having some problems with $topic.
Scenario:
usagi kernel pulled from CVS (same day as 2.6.6 come out).
compiled with all ipv6 tables options turned on (not modular).
compiled userland as described in your documentation.
Firewall rules:
#! /bin/sh
CMD=/usr/local/v6/sbin/ip6tables
$CMD -F INPUT
$CMD -P INPUT DROP
#$CMD -A INPUT -j ACCEPT -p icmpv6
$CMD -A INPUT -j ACCEPT -p tcp --destination-port 22
$CMD -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
gundam is at 3ffe:100:e:3::4 (one normal host)
trider-g7 is at 3ffe:100:e:3::1 (default gw)
gundam:~# ping6 trider-g7
PING trider-g7(trider-g7.fabbione.net) 56 data bytes
--- trider-g7 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
gundam:~# ping6 trider-g7
PING trider-g7(trider-g7.fabbione.net) 56 data bytes
64 bytes from trider-g7.fabbione.net: icmp_seq=4 ttl=64 time=1999 ms
64 bytes from trider-g7.fabbione.net: icmp_seq=5 ttl=64 time=999 ms
--- trider-g7 ping statistics ---
7 packets transmitted, 2 received, 71% packet loss, time 5998ms
rtt min/avg/max/mdev = 999.969/1499.891/1999.813/499.922 ms, pipe 3
gundam:~# ping6 trider-g7
PING trider-g7(trider-g7.fabbione.net) 56 data bytes
From ::1 icmp_seq=1 Destination unreachable: Address unreachable
From ::1 icmp_seq=2 Destination unreachable: Address unreachable
The sequence of events may vary but once the system starts spitting out
Address unreachable it will stay in that state.
Of course if i allow icmpv6 to enter the INPUT rule everything works
perfectly.
Am I missing something obvious? In case it is a bug i will be very glad to
provide more information, but please be so kind to tell me exactly what
and how to procude useful debugging information.
Thanks a lot and best regards
Fabio
--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.