[TriLUG] Late night IPv6

Sean Alexandre sean at alexan.org
Thu May 23 08:17:32 EDT 2013 

On Thu, May 16, 2013 at 01:25:23PM -0400, Bill Farrow wrote:
> On Thu, May 16, 2013 at 12:42 PM, Igor Partola <igor at igorpartola.com> wrote:
> > it's hard to see why it's happening without seeing the actual rules. Could
> > you send those on and we could figure this out? This might be good to
> > outline for posterity as well, since I am sure you won't be the last person
> > to try to get ip6tables to run on OpenWRT.
> 
> Here is my OpenWRT IPv6 default firwall table:
> 
> ip6tables -L
...

I'm just getting something like this working myself. My mangle chains were set
to DROP. Changing them to ACCEPT got it working. I've now got:

[--- START ---]
$ ip6tables -t mangle -L -v

Chain PREROUTING (policy ACCEPT 582 packets, 350K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 306 packets, 262K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 308 packets, 59670 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 308 packets, 59670 bytes)
 pkts bytes target     prot opt in     out     source               destination         
[--- END ---]

I don't know if that helps you or not. 

Also, my filter rules are alot simpler than what you show, but I've only got this
on a client machine (Debian) right now. (The router is next.) Here's what I have 
for filter rules:

[--- START ---]
$ ip6tables -L -v

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   10   700 ACCEPT     all      lo     any     anywhere             anywhere            
  287  260K ACCEPT     all      any    any     anywhere             anywhere             state RELATED,ESTABLISHED
   11   792 ACCEPT     ipv6-icmp    any    any     anywhere             anywhere            
    0     0 LOG        all      any    any     anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "ip6tables denied: "

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 308 packets, 59670 bytes)
 pkts bytes target     prot opt in     out     source               destination         
[--- END ---]

More information about the TriLUG mailing list