|
problem forwarding ipv6-pakets on WRT with tomato to windows machine with aiccu
![[de]](/s/countries/de.gif) Shadow Hawkins on Wednesday, 13 August 2008 16:09:48
I want to forward proto 41 to the windows machine with this rules
iptables -t nat -I PREROUTING -i ppp0 -p 41 -j DNAT --to-destination 192.168.0.2
iptables -t nat -I POSTROUTING -o ppp0 -p 41 -j SNAT --to-source 192.168.0.2
iptables -t filter -I FORWARD -i ppp0 -o br0 -p 41 -j ACCEPT
iptables -t filter -I FORWARD -o ppp0 -i br0 -p 41 -j ACCEPT
but the aiccu-client says if i disable "Behind NAT" that I should forward proto 41.
what is wrong?
windows xp:
ip adress 192.168.0.2
router:
wrt54g with tomato firmware 1.21
before insertion of the above 4 rules
# ifconfig
br0 Link encap:Ethernet HWaddr 00:0F:66:C7:7A:8A
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2501 (2.4 KiB) TX bytes:2136 (2.0 KiB)
eth0 Link encap:Ethernet HWaddr 00:0F:66:C7:7A:8A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4103 (4.0 KiB) TX bytes:2769 (2.7 KiB)
Interrupt:5 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:0F:66:C7:7A:8C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:4 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:88.73.79.62 P-t-P:88.73.64.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:114 (114.0 B) TX bytes:169 (169.0 B)
vlan0 Link encap:Ethernet HWaddr 00:0F:66:C7:7A:8A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2681 (2.6 KiB) TX bytes:2280 (2.2 KiB)
vlan1 Link encap:Ethernet HWaddr 00:0F:66:C7:7A:8B
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:450 (450.0 B) TX bytes:489 (489.0 B)
------------------------------------------------------------------------
# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
DROP 0 -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535 TCPMSS set 14 52
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
wanin 0 -- anywhere anywhere
wanout 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain wanin (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere conroe.lan tcp dpts:6110:6120
ACCEPT udp -- anywhere conroe.lan udp dpts:6110:6120
ACCEPT tcp -- anywhere conroe.lan tcp dpt:62222
ACCEPT udp -- anywhere conroe.lan udp dpt:62222
ACCEPT tcp -- anywhere conroe.lan tcp dpt:63333
ACCEPT udp -- anywhere conroe.lan udp dpt:63333
ACCEPT tcp -- anywhere conroe.lan tcp dpt:64444
ACCEPT udp -- anywhere conroe.lan udp dpt:64444
ACCEPT tcp -- anywhere localhost tcp dpt:bbs
ACCEPT udp -- anywhere localhost udp dpt:7000
ACCEPT tcp -- anywhere conroe.lan tcp dpt:3724
ACCEPT udp -- anywhere conroe.lan udp dpt:3724
ACCEPT tcp -- anywhere conroe.lan tcp dpts:6881:6999
ACCEPT udp -- anywhere conroe.lan udp dpts:6881:6999
Chain wanout (1 references)
target prot opt source destination
# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
DROP 0 -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535 TCPMSS set 1452
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
wanin 0 -- anywhere anywhere
wanout 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain wanin (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere conroe.lan tcp dpts:6110:6120
ACCEPT udp -- anywhere conroe.lan udp dpts:6110:6120
ACCEPT tcp -- anywhere conroe.lan tcp dpt:62222
ACCEPT udp -- anywhere conroe.lan udp dpt:62222
ACCEPT tcp -- anywhere conroe.lan tcp dpt:63333
ACCEPT udp -- anywhere conroe.lan udp dpt:63333
ACCEPT tcp -- anywhere conroe.lan tcp dpt:64444
ACCEPT udp -- anywhere conroe.lan udp dpt:64444
ACCEPT tcp -- anywhere localhost tcp dpt:bbs
ACCEPT udp -- anywhere localhost udp dpt:7000
ACCEPT tcp -- anywhere conroe.lan tcp dpt:3724
ACCEPT udp -- anywhere conroe.lan udp dpt:3724
ACCEPT tcp -- anywhere conroe.lan tcp dpts:6881:6999
ACCEPT udp -- anywhere conroe.lan udp dpts:6881:6999
Chain wanout (1 references)
target prot opt source destination
problem forwarding ipv6-pakets on WRT with tomato to windows machine with aiccu
![[us]](/s/countries/us.gif) Shadow Hawkins on Friday, 15 August 2008 19:47:33
Using a similar setup that works well: WRT54GL/Tomato1.21 forwarding to an OpenBSD box (192.168.2.10) running AICCU. In my Tomato Firewall script I have the following two lines:
iptables -t nat -A PREROUTING -i vlan1 -p 41 -j DNAT --to 192.168.2.10
iptables -t filter -A FORWARD -i vlan1 -p 41 -d 192.168.2.10 -j ACCEPT
problem forwarding ipv6-pakets on WRT with tomato to windows machine with aiccu
![[ar]](/s/countries/ar.gif) Shadow Hawkins on Sunday, 24 August 2008 08:57:17
Do you have firewall enabled on your windows machine? I found the Windows Firewall was hard to configure for IPv6 (if it is configurable at all, most options are about TCP/UDP over IPv4). Maybe it is dropping all proto 41 packets and it may also drop outgoing ICMPv6 traffic too.
Hope that helps
Javier
|
Posting is only allowed when you are