|
Subnet now working but...
![[it]](/s/countries/it.gif) Shadow Hawkins on Wednesday, 15 September 2004 17:14:33
But Sixxs can't ping me anymore...so if I dont' fix it tomorrow I'' start to lose credits....
This is the tunnel script:
# IPV6 STUFF - sixbone
# Subnet
ip addr add 2001:1418:11d:1::1/64 dev eth1
# Tunnel
ip tunnel add sixbone mode sit remote 213.254.12.34
ip link set sixbone up
ip addr add 2001:1418:100:2d::2/64 dev sixbone
ip route add 2000::0/3 via 2001:1418:100:2d::1
ip link set mtu 1280 dev sixbone
ip tunnel change sixbone ttl 64
Adn this one the iptables one
#!/bin/bash
# Let's flush all the chains
iptables -F
# Setting standard policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Then allow incoming connection for Apache
iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# And for SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
# Also for Samba. This time only from trusted network
iptables -A INPUT -s 10.0.0.0/24 -i eth1 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -i eth1 -p udp --dport 138 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -i eth1 -p udp --dport 137 -j ACCEPT
# In the meanwhile allow routing from trusted to untrusted net
iptables -A FORWARD -s 10.0.0.0/24 -i eth1 -j ACCEPT
iptables -A FORWARD -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Had to allow communications from server itself
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Then allow ping, ping6 and ipv6
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p ipv6-icmp -j ACCEPT
iptables -A INPUT -p ipv6 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 --proto ! 41 -o eth0 -j MASQUERADE
My network is setted as below:
INTERNET-----eth0-(Linux Router/Gateway)-eth1-----WindowsXP Client
The strange thing is that everything is working!!! Dancing Kame from WinXP client as ping6 trace from linux :(
Plz, help me!
Subnet now working but...
iptables is not ip6tables.
Thus check your IPv6 firewall rules, next step is tcpdumping.
|
![[ch]](/s/countries/ch.gif)
on Thursday, 16 September 2004 08:56:18
Posting is only allowed when you are