Re: [Shorewall-users] IPV6 Tunnel Ping Fail

2018-04-06 Thread colony.three--- via Shorewall-users 
‐‐‐ Original Message ‐‐‐
On April 6, 2018 11:18 AM, colony.three--- via Shorewall-users 
 wrote:

> # ip address
> 7: he-ipv6@NONE:  mtu 1480 qdisc noqueue state 
> UNKNOWN qlen 1
> link/sit 50.47.100.167 peer 216.218.226.238
> inet6 2001:470:a:c3::2/64 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::322f:64a7/64 scope link
>valid_lft forever preferred_lft forever
> # ip -6 neighbor
>
> # ping6 google.com
> PING google.com(dfw25s08-in-x0e.1e100.net (2607:f8b0:4000:801::200e)) 56 data 
> bytes
> From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) 
> icmp_seq=1 Destination unreachable: Address unreachable
> ping: sendmsg: Operation not permitted
> From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) 
> icmp_seq=2 Destination unreachable: Address unreachable
> ping: sendmsg: Operation not permitted
> From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) 
> icmp_seq=3 Destination unreachable: Address unreachable
> ping: sendmsg: Operation not permitted
>
> Shorewall dump sent to Tom.

I know that incoming ping is required for a Hurricane tunnel, and I've allowed 
this:
Ping(ACCEPT)   net:66.220.2.74  $FW

(I don't want anyone else to ping) (CentOS7.4)

But I don't know whether there needs to be an IPV6 ping incoming, and there are 
no Shorewall6 messages in dmesg.

I can't find any evidence of how to allow protocol 41.

Hopefully LAN passage through this router VM is covered with:
net.ipv6.ip_forward = 1

G**gle is baffled.--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] IPV6 Tunnel Ping Fail

2018-04-06 Thread colony.three--- via Shorewall-users 
# ip address
7: he-ipv6@NONE:  mtu 1480 qdisc noqueue state 
UNKNOWN qlen 1
link/sit 50.47.100.167 peer 216.218.226.238
inet6 2001:470:a:c3::2/64 scope global
   valid_lft forever preferred_lft forever
inet6 fe80::322f:64a7/64 scope link
   valid_lft forever preferred_lft forever
# ip -6 neighbor

# ping6 google.com
PING google.com(dfw25s08-in-x0e.1e100.net (2607:f8b0:4000:801::200e)) 56 data 
bytes
From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) 
icmp_seq=1 Destination unreachable: Address unreachable
ping: sendmsg: Operation not permitted
From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) 
icmp_seq=2 Destination unreachable: Address unreachable
ping: sendmsg: Operation not permitted
From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) 
icmp_seq=3 Destination unreachable: Address unreachable
ping: sendmsg: Operation not permitted

Shorewall dump sent to Tom.--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users