Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] allow local ibv6 icmp
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3707
Location: Hamburg

PostPosted: Thu Jul 18, 2013 7:08 pm    Post subject: [solved] allow local ibv6 icmp Reply with quote

When I start my user mode linux which gets a DHCP address from dnsmasq runniggn at my host I get entires in /var/log/messages like the following
Code:
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=tap0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=br0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=tap0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff85:214e LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=br0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff85:214e LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
I have already a basic ipv6 firewall script in place http://bpaste.net/show/115368/ Now I'm wondering what rule I do need to allow ICMP between my UML and my host (FWIW I do have a bridge br0 defined and 3 tap devices in /etc/conf.d/net).

Last edited by toralf on Fri Jul 19, 2013 6:47 pm; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14169

PostPosted: Fri Jul 19, 2013 1:47 am    Post subject: Reply with quote

It looks like you already allowed IPv6 ICMP for some uses, but not for the particular addresses shown in the log. Is there some reason you cannot add a similar rule to cover the addresses you quoted here?
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3707
Location: Hamburg

PostPosted: Fri Jul 19, 2013 8:46 am    Post subject: Reply with quote

Hu wrote:
It looks like you already allowed IPv6 ICMP for some uses, but not for the particular addresses shown in the log. Is there some reason you cannot add a similar rule to cover the addresses you quoted here?
Right, I was just unsure if ff02::/64 is similar to what 192.168.0.0/255.255.0.0 is in ipv4 ?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum