On 5/17/2015 8:25 AM, aleph de wrote: >>> What specific IPv6 Shorewall rule do I need to create to allow this traffic? >> >> Looks to me as though you neglected to configure an IPv4 rule for the >> tunneled traffic. I do that through use of the tunnels file: >> >> #TYPE ZONE GATEWAY GATEWAY >> # ZONE >> 6to4 net 216.218.226.238 >> >> Where 216.218.226.238 is the IPv4 endpoint at HE. > > I thought I did that, not with the tunnels file (I thought I read somewhere > that was going away?), but right in the IPv4 rules > > ACCEPT $FW:L.L.L.L net:H.H.H.H 41 > ACCEPT net:H.H.H.H $FW:L.L.L.L 41 > ACCEPT $FW:L.L.L.L/29 net:H.H.H.H 41 > ACCEPT net:H.H.H.H $FW:L.L.L.L/29 41 > > where L.L.L.L is my office static IP, L.L.L.L/29 is the whole ISP allocation > I get (didn't know which one I needed, so did both to start), and H.H.H.H is > the HE endpoint, > > Is my ruleset above what your tunnels-file exmaple expands to? >
It's a superset.
ACCEPT net:216.218.226.238 fw 41
ACCEPT fw net:216.238.226.238 41
In your IPv6 config, do you have a rule such as:
ACCEPT net fw tcp 53?
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
