LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-18-2016, 01:47 AM   #1
Kuwarbi
LQ Newbie
 
Registered: Jul 2016
Posts: 3

Rep: Reputation: Disabled
iptables


How can I write iptables/ip6tables rule to accept traffic from source IPV6 and destination IPV4 or vice versa.

I want something like this, but it is getting failed. iptables does not take ipv6 address and ip6tables does not take ipv6 address. I tried to execute below commands:

ip6tables -A INPUT -s 10.0.2.82 -d 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -p tcp --dport 2000 -j ACCEPT

iptables -A INPUT -s 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -d 10.0.2.82 -p tcp --dport 2000 -j ACCEPT

How can I achieve this in any other manner???Need your urgent help ???

FYI, using RHEL 6.7
 
Old 07-18-2016, 08:14 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,599

Rep: Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960
Quote:
Originally Posted by Kuwarbi View Post
How can I write iptables/ip6tables rule to accept traffic from source IPV6 and destination IPV4 or vice versa.
I want something like this, but it is getting failed. iptables does not take ipv6 address and ip6tables does not take ipv6 address. I tried to execute below commands:
Code:
ip6tables -A INPUT -s 10.0.2.82 -d 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -p tcp --dport 2000 -j ACCEPT
iptables -A INPUT -s 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -d 10.0.2.82 -p tcp --dport 2000 -j ACCEPT
How can I achieve this in any other manner???Need your urgent help ???
First, you need to read the LQ Rules and "Question Guidelines"...we volunteer our time here, so asking for/expecting 'urgent' help is plain rude. Secondly, since this:
Quote:
FYI, using RHEL 6.7
...is true, and you need 'urgent' help, have you contacted Red Hat support??? You are PAYING FOR RHEL, RIGHT??? If so, you can use the support you pay for, since you need 'urgent' assistance.

Otherwise, you can try to look something up, and read the man pages on the commands you're running. Very obviously, the commands you're using will either just take an IPv6 or IPv4 address respectively, which is why they fail. A small bit of research would indicate that you need to install socat, and use it, such as:
Code:
socat TCP6-LISTEN:1234,fork TCP4:1.2.3.4:1234
 
Old 07-18-2016, 10:18 AM   #3
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
If you are running both IPv4 and IPv6 then why not allow your serves to listen on both Addresses?
No need for them to jump from one address version to another.
 
Old 07-18-2016, 10:32 AM   #4
Kuwarbi
LQ Newbie
 
Registered: Jul 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
In that case security will be compromised. IPV4 which is in receiving end, will have to receive from anywhere. Something like that :
iptables -A -s 0/0 -d 10.14.15.165 --dport 1234 -j ACCEPT

Similarly for ip6tables,

ip6tables -A -s 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -d 0/0 --dport 1234 -j ACCEPT

Is there any alternative to achieve this?
With least security compromised?
 
Old 07-18-2016, 10:44 AM   #5
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,599

Rep: Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960
Quote:
Originally Posted by Kuwarbi View Post
In that case security will be compromised. IPV4 which is in receiving end, will have to receive from anywhere. Something like that :
iptables -A -s 0/0 -d 10.14.15.165 --dport 1234 -j ACCEPT

Similarly for ip6tables,

ip6tables -A -s 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -d 0/0 --dport 1234 -j ACCEPT

Is there any alternative to achieve this?
With least security compromised?
I'm sorry, but did you not read or understand my last post, where I HANDED YOU A SOLUTION to do this???? Post #2 (the FIRST REPLY), gave you the program name, and a sample of how it runs. What else do you need????

If it's so 'urgent', you might want to consider actually paying attention to what you're told.

Last edited by TB0ne; 07-18-2016 at 10:45 AM.
 
Old 07-20-2016, 04:19 AM   #6
pingu_penguin
Member
 
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 349

Rep: Reputation: 60
Just out of curiousity,

ip6tables -A INPUT -s 10.0.2.82 -d 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -p tcp --dport 2000 -j ACCEPT
iptables -A INPUT -s 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -d 10.0.2.82 -p tcp --dport 2000 -j ACCEPT

you are specifying a ipv4 address in -s part of ip6tables and
a ipv6 address in -s part in iptables.

does that even work ?
 
Old 07-20-2016, 08:05 AM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,599

Rep: Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960Reputation: 7960
Quote:
Originally Posted by pingu_penguin View Post
Just out of curiousity,

ip6tables -A INPUT -s 10.0.2.82 -d 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -p tcp --dport 2000 -j ACCEPT
iptables -A INPUT -s 2001:0db8:85a3:0000:0000:8a2e:0370:7332 -d 10.0.2.82 -p tcp --dport 2000 -j ACCEPT

you are specifying a ipv4 address in -s part of ip6tables and a ipv6 address in -s part in iptables.

does that even work ?
No, it doesn't...that's what they said in their initial post....
 
Old 08-04-2016, 11:34 PM   #8
Regnad Kcin
Member
 
Registered: Jan 2014
Location: Beijing
Distribution: Slackware 64 -current .
Posts: 663

Rep: Reputation: 460Reputation: 460Reputation: 460Reputation: 460Reputation: 460
alabama yanqui

I thought folks from alabama were supposed to be nice and down-home friendly and all, and that being condescending was the characteristic of northerners.

There isn't good documentation of networking, and a lot of what is out there is obsolete or opaque, so telling a networking n00b to "man rtfm" is just sorta rude.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables can't initialize iptables table `filter': Bad file descriptor donalbane Linux - Networking 2 08-17-2011 08:36 AM
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration