My hosting provider, Linode, now has IPv6 support as standard, so I thought I'd give it a go. The firewall script I've been using, firehol, seems to be unmaintained and doesn't support it, so I switched to ufw, which I've found to be excellent but despite supposedly supporting v6, I'm getting no data when it's enabled.
I've enabled it in /etc/default/ufw: IPV6=yes Now when I try this with logging set to medium: ping6 ipv6.google.com I get this in the logs: Jun 7 11:56:23 stout kernel: [UFW ALLOW] IN= OUT=eth0 SRC=2600:3c00:0000:0000:f03c:91ff:fe96:7edf DST=2001:4860:4002:0802:0000:0000:0000:1012 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=25190 SEQ=1 Jun 7 11:56:23 stout kernel: [UFW AUDIT INVALID] IN=eth0 OUT= MAC=f2:3c:91:96:7e:df:c8:4c:75:f5:c4:ff:86:dd SRC=2001:4860:4002:0802:0000:0000:0000:1012 DST=2600:3c00:0000:0000:f03c:91ff:fe96:7edf LEN=104 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=25190 SEQ=1 Jun 7 11:56:23 stout kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:96:7e:df:c8:4c:75:f5:c4:ff:86:dd SRC=2001:4860:4002:0802:0000:0000:0000:1012 DST=2600:3c00:0000:0000:f03c:91ff:fe96:7edf LEN=104 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=25190 SEQ=1 Going there with a browser times out: lynx http://ipv6.google.com/ However if I disable the firewall, these things all work: simon@stout:~$ sudo ufw disable Firewall stopped and disabled on system startup simon@stout:~$ ping6 ipv6.google.com -c 3 PING ipv6.google.com(2001:4860:4002:802::1012) 56 data bytes 64 bytes from 2001:4860:4002:802::1012: icmp_seq=1 ttl=55 time=0.676 ms 64 bytes from 2001:4860:4002:802::1012: icmp_seq=2 ttl=55 time=0.719 ms 64 bytes from 2001:4860:4002:802::1012: icmp_seq=3 ttl=55 time=0.718 ms --- ipv6.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.676/0.704/0.719/0.029 ms Any thoughts on where I look next? The "INVALID" part of the logs just before BLOCK seems ominous, but I don't really know what it means. -- Simon Rumble <[email protected]> -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
