Displaying 20 results from an estimated 2000 matches similar to: "Is it possible to block ipv6 auto configuration entering the tinc tunnel?"
2017 Feb 22
2
Re: Is it possible to block ipv6 auto configuration entering the tinc tunnel?
Hi
thank you for looking in to this. I haven't tried it before now. I cant get it to work.
after running the commands you suggest I get this when I run ip6tables --list-rules
root at JOTVPN:~# ip6tables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP
-A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j
2017 Feb 23
1
Re: Is it possible to block ipv6 auto configuration entering the tinc tunnel?
hi
It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card
root at JOTVPN:~# brctl show
bridge name bridge id STP enabled interfaces
bridge 8000.000c29638a7e no eth0
vpn
so I tried the
2016 Aug 30
0
Is it possible to block ipv6 auto configuration entering the tinc tunnel?
On Sat, Aug 27, 2016 at 11:41:12PM +0000, Håvard Rabbe wrote:
> Im using tinc to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node.
2017 Feb 23
0
Is it possible to block ipv6 auto configuration entering the tinc tunnel?
On Wed, Feb 22, 2017 at 08:51:49PM +0000, Håvard Rabbe wrote:
> thank you for looking in to this. I haven't tried it before now. I cant get it to work.
>
> after running the commands you suggest I get this when I run ip6tables --list-rules
>
> root at JOTVPN:~# ip6tables --list-rules
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -A FORWARD -i vpn -p
2019 Feb 14
2
Tinc node is crashing after some days or weeks. How to debug?
On 13/2/19 12:28 am, Tomasz Chmielewski wrote:
> On 2019-02-12 22:12, Håvard Rabbe wrote:
>> Hi
>> Im running tinc 1.1pre17. My problem is that my tinc nodes
>> occasionally crashes. When it crashes the tinc node is not running
>> anymore. Time between failure can be sometimes days or weeks.
>>
>> Do anyone here have a proposal for how to debug and get this
2019 Feb 12
2
Tinc node is crashing after some days or weeks. How to debug?
Hi
Im running tinc 1.1pre17. My problem is that my tinc nodes occasionally crashes. When it crashes the tinc node is not running anymore. Time between failure can be sometimes days or weeks.
Do anyone here have a proposal for how to debug and get this problem solved?
Best regards,
Håvard Rabbe
2020 Sep 23
6
[Bug 1468] New: [netdev] dropping ether type vlan frames drops ICMPv6 type 134
https://bugzilla.netfilter.org/show_bug.cgi?id=1468
Bug ID: 1468
Summary: [netdev] dropping ether type vlan frames drops ICMPv6
type 134
Product: nftables
Version: unspecified
Hardware: other
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component:
2014 May 07
4
[Bug 926] New: icmp: ICMPv6 types are not supported
https://bugzilla.netfilter.org/show_bug.cgi?id=926
Summary: icmp: ICMPv6 types are not supported
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy:
2013 Sep 11
8
[Bug 851] New: IPv6 SNAT target with --random doesn't work
https://bugzilla.netfilter.org/show_bug.cgi?id=851
Summary: IPv6 SNAT target with --random doesn't work
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: NAT
AssignedTo: netfilter-buglog at lists.netfilter.org
2017 Jan 27
4
Disallow binding via tinc
I'm looking for a way to add some (Linux) participants into my tinc
network, but I want to protect them from accidentally binding a port so
that it's accessible via tinc.
For example, `nc -l` by default listens to all interfaces.
Similarly, some software (I think mongodb < 2.6 was among those) bind to
all interfaces AND allow unauthenticated access that can do remote code
execution,
2017 Mar 10
4
[Bug 1128] New: ip6_tables connmark or connlabel never matches
https://bugzilla.netfilter.org/show_bug.cgi?id=1128
Bug ID: 1128
Summary: ip6_tables connmark or connlabel never matches
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: SuSE Linux
Status: NEW
Severity: normal
Priority: P5
Component: ip6_tables (kernel)
2017 May 28
1
Ovirt Hosted-Engine VM iptables
Hi
I would like to add rules into the iptables of the Hosted Engine VM in
Ovirt.
the version is oVirt Engine Version: 4.1.1.8-1.el7.centos
I have tried using the normal process for iptables (iptables-save etc),
but it seems that the file
/etc/sysconfig/iptables
this is ignored in the Ovirt Engine VM.
How can I add permanent rules into the Engine VM?
Kind regards
Andrew
2009 Jan 09
5
[Bug 567] New: Local multicast ICMPv6 and --state INVALID
http://bugzilla.netfilter.org/show_bug.cgi?id=567
Summary: Local multicast ICMPv6 and --state INVALID
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: Ubuntu
Status: NEW
Severity: blocker
Priority: P1
Component: unknown
AssignedTo: laforge at netfilter.org
2020 Mar 01
0
[Bug 1412] New: ip6tables-nft not accepting "icmp" as shorthand for "icmpv6"
https://bugzilla.netfilter.org/show_bug.cgi?id=1412
Bug ID: 1412
Summary: ip6tables-nft not accepting "icmp" as shorthand for
"icmpv6"
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: minor
Priority: P5
2020 May 26
3
ip6tables equivalent for NAT?
with ipv6, you just allow the specific ports destined to the specific local
machine(s) in on your WAN side, they don't need translating. same sort of
rule as if you had a internet-facing service running on the routing system
On Tue, May 26, 2020 at 11:55 AM Kenneth Porter <shiva at sewingwitch.com>
wrote:
> I finally got an ISP connection with working IPv6 and now I need to add
2005 Jan 05
22
Shorewall and IPV6
As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for
2.3 and I think that it is time for Shorewall to add support for IPV6.
Because of parsing ambiguities, the need to maintain upward
compatibility with both Shorewall and 6Wall, and different available
functionality in IPV4 and IPV6 Netfilter, I believe that it is going to
be necessary for some files to be
2011 Jan 11
1
IPv6, HE tunnel and ip6tables problems
CentOS 5.5, fully patched.
I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty
well and is simple to setup. Everything works fine.
Until I try to set up an ip6tables firewall.
eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never
displays and the firewall shows
kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0
2012 Jan 03
1
[Bug 766] New: Segmentation Fault using Hop Limit and ICMPV6-TYPE in same rule
http://bugzilla.netfilter.org/show_bug.cgi?id=766
Summary: Segmentation Fault using Hop Limit and ICMPV6-TYPE in
same rule
Product: iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: ip6tables
2013 Feb 13
1
Problems with tunnel: Got late or replayed packet, packet is 150 seqs in the future, expiring symmetric keys
Hi!
I have som problems with my vpn tunnel. I have 6 nodes in the network.
Three of them is running tinc 1.1pre5
Three of them is running tinc 1.0.19
I also have vlan tagging between the nodes running tinc 1.1pre5
The problem is that get a bunch of errors in the log like the messages below (logs is attached in the email):
Got late or replayed packet from JOTPOS ("internal ip" port
2006 Sep 13
0
[Bug 508] New: ip6tables conntrack marks all incoming packets as INVALID
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=508
Summary: ip6tables conntrack marks all incoming packets as
INVALID
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Gentoo
Status: NEW
Severity: normal
Priority: P2
Component: ip_conntrack