View previous topic :: View next topic |
Author |
Message |
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Thu Jul 18, 2013 7:08 pm Post subject: [solved] allow local ibv6 icmp |
|
|
When I start my user mode linux which gets a DHCP address from dnsmasq runniggn at my host I get entires in /var/log/messages like the following Code: | Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=tap0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=br0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=tap0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff85:214e LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=br0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff85:214e LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
| I have already a basic ipv6 firewall script in place http://bpaste.net/show/115368/ Now I'm wondering what rule I do need to allow ICMP between my UML and my host (FWIW I do have a bridge br0 defined and 3 tap devices in /etc/conf.d/net).
Last edited by toralf on Fri Jul 19, 2013 6:47 pm; edited 1 time in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21635
|
Posted: Fri Jul 19, 2013 1:47 am Post subject: |
|
|
It looks like you already allowed IPv6 ICMP for some uses, but not for the particular addresses shown in the log. Is there some reason you cannot add a similar rule to cover the addresses you quoted here? |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Fri Jul 19, 2013 8:46 am Post subject: |
|
|
Hu wrote: | It looks like you already allowed IPv6 ICMP for some uses, but not for the particular addresses shown in the log. Is there some reason you cannot add a similar rule to cover the addresses you quoted here? | Right, I was just unsure if ff02::/64 is similar to what 192.168.0.0/255.255.0.0 is in ipv4 ? |
|
Back to top |
|
|
|