IPv6 gateway, was: Re: IPv6 foot-dragging

Jeroen van Aart jeroen at mompl.net
Fri May 13 14:03:35 CDT 2011


Thanks all for the helpful suggestions.

It looks like I solved the problem by adjusting my forward chain. I have 
a the local network on eth0 and the external network on eth1 and my 
forward chain looked like:

-I FORWARD -i eth0 -o eth1 -s 2001:db8::/64 -j ACCEPT
-I FORWARD -i eth1 -o eth0 -d 2001:db8::/64 -j ACCEPT

Changing it to the following made it work:

-I FORWARD -s 2001:470:85cd::/64 -j ACCEPT
-I FORWARD -d 2001:470:85cd::/64 -j ACCEPT


I am not sure if it'd be less secure to not make it specific to the 
interfaces. How would I change the first set of rules, using the -i 
parameter and still make it work? I also have a 6in4 interface for the 
IPv6 tunnel.

-- 
http://goldmark.org/jeff/stupid-disclaimers/
http://linuxmafia.com/~rick/faq/plural-of-virus.html




More information about the NANOG mailing list