IPv6 gateway, was: Re: IPv6 foot-dragging

Jeroen van Aart jeroen at mompl.net
Fri May 13 19:03:35 UTC 2011

Thanks all for the helpful suggestions.

It looks like I solved the problem by adjusting my forward chain. I have 
a the local network on eth0 and the external network on eth1 and my 
forward chain looked like:

-I FORWARD -i eth0 -o eth1 -s 2001:db8::/64 -j ACCEPT
-I FORWARD -i eth1 -o eth0 -d 2001:db8::/64 -j ACCEPT

Changing it to the following made it work:

-I FORWARD -s 2001:470:85cd::/64 -j ACCEPT
-I FORWARD -d 2001:470:85cd::/64 -j ACCEPT

I am not sure if it'd be less secure to not make it specific to the 
interfaces. How would I change the first set of rules, using the -i 
parameter and still make it work? I also have a 6in4 interface for the 
IPv6 tunnel.


More information about the NANOG mailing list