LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-22-2014, 11:04 PM   #1
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 349

Rep: Reputation: Disabled
ip6tables rules preventing router from receiving ISP RAs... no idea why


i have this in /etc/iptables/ip6tables.ruleS:

Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmpv6 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i internal -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i internal -o external -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -p icmpv6 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
but wide-dhcpv6 keeps hanging, just endlessly repeating the following:

Code:
Apr 22 21:59:52 ROUTER dhcp6c[325]: copy_option: set client ID (len 14)
Apr 22 21:59:52 ROUTER dhcp6c[325]: copy_option: set elapsed time (len 2)
Apr 22 21:59:52 ROUTER dhcp6c[325]: copy_option: set option request (len 2)
Apr 22 21:59:52 ROUTER dhcp6c[325]: copyout_option: set IA_PD
Apr 22 21:59:52 ROUTER dhcp6c[325]: client6_send: send solicit to ff02::1:2%external
Apr 22 21:59:52 ROUTER dhcp6c[325]: dhcp6_reset_timer: reset a timer on external, state=SOLICIT, timeo=4, retrans=17700
Apr 22 22:00:10 ROUTER dhcp6c[325]: copy_option: set client ID (len 14)
Apr 22 22:00:10 ROUTER dhcp6c[325]: copy_option: set elapsed time (len 2)
Apr 22 22:00:10 ROUTER dhcp6c[325]: copy_option: set option request (len 2)
Apr 22 22:00:10 ROUTER dhcp6c[325]: copyout_option: set IA_PD
<just repeated over and over>
.
.
.
disabling ip6tables immediately causes the response to be accepted, and i get an IPv6 address from the isp.

so how on earth are these rules blocking this? i'm allowing all icmpv6 messages through..
 
Old 04-23-2014, 10:19 AM   #2
nikmit
Member
 
Registered: May 2011
Location: Nottingham, UK
Distribution: Debian
Posts: 178

Rep: Reputation: 34
I'll admit my IPv6 is somewhat sketchy, but looking at your post you are allowing ICMPv6 and looking at logs for DHCPv6?
The host is probably receiving the RA just fine, but failing to get an address over DHCPv6 as that is blocked.
 
Old 04-23-2014, 11:00 AM   #3
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 349

Original Poster
Rep: Reputation: Disabled
this was it, needed port 546. thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setup mutil ISP Router pshoaf Linux - Networking 1 09-08-2010 02:28 PM
ipv6/ ip6tables can't ping from behind router donnied Linux - Networking 0 08-25-2008 08:25 PM
Laptop (wireless) not receiving IP address from router edwardp SUSE / openSUSE 2 06-14-2007 08:49 PM
Access Point or WLAN Router with dedicated antennas for sending/receiving Clemente Linux - Hardware 1 10-24-2005 07:10 PM
ISP aliases not resolving now with a router. ryhner Linux - Networking 0 05-01-2005 09:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration