On Wed, May 16, 2012 at 01:54:42PM +0200, gustav@spllg.de wrote:
i'm new to ipv6, just trying to go the first steps and got trapped.
Yes, so it seems. IPv6 doesn’t have ARP anymore, it uses ICMPv6 to discover ARP addresses and neighbours with the help of multicast IPv6 addresses. So your configuration probably drops these packets. It would try to allow all icmpv6 traffic:
${IPT} -A INPUT -j ACCEPT -m state \! –state INVALID -p icmpv6
${IPT} -A OUTPUT -j ACCEPT -m state \! –state INVALID -p icmpv6
If you want to tune these rules you have to look into the standards to
get all necessary ICMPv6 types you need for a working setup.
On the other hand, you don’t have any rules for the loopback interface lo. I would allow anything here:
${IPT} -A INPUT -j ACCEPT -i lo
${IPT} -A OUTPUT -j ACCEPT -o lo
HTH,
Stephan
--
| Stephan Seitz E-Mail: stse@fsing.rootsland.net |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature