I'm setting up a home router/firewall.
It's runnning Shorewall-lite & Shorewall6-lite.
I have an IPv6 tunnel provided by Hurricane Electric's tunnelbroker.
I have a VPS with a DNS secondary that needs to communicate to a DNS primary
that's on my home DNS primary, over IPv6.
At the moment, my shorewall logs on the home router are showing this DROP
May 17 06:24:57 yoda kernel: [235522.153692] shorewall:net2fw:DROP
IN=sit1 OUT= TUNNEL=H.H.H.H->L.L.L.L SRC=2600:...:1234 DST=2001:...:0100
LEN=72 TC=0 HOPLIMIT=60 FLOWLBL=0 PROTO=TCP SPT=44927 DPT=53 WINDOW=28800
RES=0x00 SYN URGP=0 MARK=0x100
Where
H.H.H.H is the IPv6 tunnel's IPv4 endpoint @ Hurricane Electric
L.L.L.L is the IPv6 tunnel's IPv4 endpoint @ my office, i.e. my static
IPv4
2600:...:1234 is IPv6 address of the DNS 2ndary server @ the VPS
2001:...:0100 is IPv6 address of the DNS primary server @ the office
I don't understand the interfaces involved in that DROP
... IN=sit1 OUT= TUNNEL=H.H.H.H->L.L.L.L SRC=2600:...:1234
DST=2001:...:0100 ...
What specific IPv6 Shorewall rule do I need to create to allow this traffic?
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
