Displaying 3 results from an estimated 3 matches for "neighbor_discovery_protocol".
2016 Aug 27
2
Is it possible to block ipv6 auto configuration entering the tinc tunnel?
Hi
Im using tinc to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node.
The other computers behind the other nodes have no use for ipv6
2016 Aug 30
0
Is it possible to block ipv6 auto configuration entering the tinc tunnel?
...the tinc tunnel.
>
> Is there a way to block ipv6 auto configuration traffic entering the tinc tunnel on each node?
You should be able to block those packets in the FORWARD chain. IPv6
autoconfiguration is done using ICMPv6 packets with types 133 and 134,
see: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol. So do
something like:
ip6tables -A FORWARD -i <vpn interface> -p icmpv6 --icmpv6-type 133 -j DROP
ip6tables -A FORWARD -o <vpn interface> -p icmpv6 --icmpv6-type 134 -j DROP
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
--------------...
2017 Feb 22
2
Re: Is it possible to block ipv6 auto configuration entering the tinc tunnel?
...ts through the tinc tunnel.
Is there a way to block ipv6 auto configuration traffic entering the tinc tunnel on each node?
You should be able to block those packets in the FORWARD chain. IPv6
autoconfiguration is done using ICMPv6 packets with types 133 and 134,
see: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol. So do
something like:
ip6tables -A FORWARD -i <vpn interface> -p icmpv6 --icmpv6-type 133 -j DROP
ip6tables -A FORWARD -o <vpn interface> -p icmpv6 --icmpv6-type 134 -j DROP
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
____________________...