hi, i'm new to ipv6, just trying to go the first steps and got trapped.
my configuration: testmachine with 2 network interfaces (eth0 local, eth1 connected to our internet router) Linux version 2.6.32-5-686 (Debian 2.6.32-45) (da...@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Sun May 6 04:01:19 UTC 2012 ipv6-conf-script - #ipv6 ARG="$1" case "$ARG" in start) cmd="add" ;; stop) cmd="del" ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac ip -6 addr $cmd 2001:1438:2000::17:17:127/48 dev eth1 ip -6 route $cmd ::/0 via 2001:1438:2000::1 after executing ipv6 start i can ping6 our internet router (2001:1438:2000::1) and ipv6-addresses in the outside world such as ipv6.google.com and www.nasa.gov now i created a minimal firewall configuration - #ipv6firewall INE_IFACE="eth1" LAN_IFACE="eth0" IPT=/sbin/ip6tables case "$1" in stop) # policy: accept anthing ${IPT} -P INPUT ACCEPT ${IPT} -P OUTPUT ACCEPT ${IPT} -P FORWARD ACCEPT ${IPT} -F ;; start) # policy: deny anthing ${IPT} -P INPUT DROP ${IPT} -P OUTPUT DROP ${IPT} -P FORWARD DROP ${IPT} -A INPUT -i ${INE_IFACE} -m state --state ESTABLISHED,RELATED -j ACCEPT ${IPT} -A OUTPUT -o ${INE_IFACE} -j ACCEPT ${IPT} -A OUTPUT -o ${LAN_IFACE} -m state --state ESTABLISHED,RELATED -j ACCEPT ${IPT} -A INPUT -i ${LAN_IFACE} -j ACCEPT ${IPT} -A INPUT -i ${INE_IFACE} -j LOG --log-prefix "INE_IN" ;; status) ${IPT} -L -v ;; *) echo $"Usage: $0 {start|stop|status" ;; esac after executing ipv6firewall i can no ping6 the outside world for an extended time period, not even our internet-router - some ping6-replies are recieved and than ping6 stalls: ping6 v6gate.softing.com PING v6gate.softing.com(2001:1438:2000::1) 56 data bytes 64 bytes from 2001:1438:2000::1: icmp_seq=1 ttl=64 time=0.841 ms 64 bytes from 2001:1438:2000::1: icmp_seq=2 ttl=64 time=0.845 ms 64 bytes from 2001:1438:2000::1: icmp_seq=3 ttl=64 time=0.789 ms 64 bytes from 2001:1438:2000::1: icmp_seq=4 ttl=64 time=0.831 ms 4 bytes from 2001:1438:2000::1: icmp_seq=5 ttl=64 time=0.727 ms 64 bytes from 2001:1438:2000::1: icmp_seq=6 ttl=64 time=0.745 ms 64 bytes from 2001:1438:2000::1: icmp_seq=7 ttl=64 time=0.771 ms 64 bytes from 2001:1438:2000::1: icmp_seq=8 ttl=64 time=0.915 ms 64 bytes from 2001:1438:2000::1: icmp_seq=9 ttl=64 time=0.784 ms 64 bytes from 2001:1438:2000::1: icmp_seq=10 ttl=64 time=0.798 ms 64 bytes from 2001:1438:2000::1: icmp_seq=11 ttl=64 time=0.824 ms 64 bytes from 2001:1438:2000::1: icmp_seq=12 ttl=64 time=0.839 ms 64 bytes from 2001:1438:2000::1: icmp_seq=13 ttl=64 time=0.816 ms 64 bytes from 2001:1438:2000::1: icmp_seq=14 ttl=64 time=0.832 ms 64 bytes from 2001:1438:2000::1: icmp_seq=15 ttl=64 time=0.728 ms 64 bytes from 2001:1438:2000::1: icmp_seq=16 ttl=64 time=0.713 ms 64 bytes from 2001:1438:2000::1: icmp_seq=17 ttl=64 time=0.831 ms 64 bytes from 2001:1438:2000::1: icmp_seq=18 ttl=64 time=0.839 ms 64 bytes from 2001:1438:2000::1: icmp_seq=19 ttl=64 time=0.840 ms 64 bytes from 2001:1438:2000::1: icmp_seq=20 ttl=64 time=7.48 ms 64 bytes from 2001:1438:2000::1: icmp_seq=21 ttl=64 time=0.773 ms 64 bytes from 2001:1438:2000::1: icmp_seq=22 ttl=64 time=0.811 ms 64 bytes from 2001:1438:2000::1: icmp_seq=23 ttl=64 time=0.837 ms 64 bytes from 2001:1438:2000::1: icmp_seq=24 ttl=64 time=0.717 ms 64 bytes from 2001:1438:2000::1: icmp_seq=25 ttl=64 time=0.842 ms 64 bytes from 2001:1438:2000::1: icmp_seq=26 ttl=64 time=0.808 ms 64 bytes from 2001:1438:2000::1: icmp_seq=27 ttl=64 time=0.714 ms 64 bytes from 2001:1438:2000::1: icmp_seq=28 ttl=64 time=0.760 ms 64 bytes from 2001:1438:2000::1: icmp_seq=29 ttl=64 time=0.834 ms 64 bytes from 2001:1438:2000::1: icmp_seq=30 ttl=64 time=0.806 ms 64 bytes from 2001:1438:2000::1: icmp_seq=31 ttl=64 time=0.826 ms 64 bytes from 2001:1438:2000::1: icmp_seq=32 ttl=64 time=0.838 ms 64 bytes from 2001:1438:2000::1: icmp_seq=33 ttl=64 time=2.33 ms 64 bytes from 2001:1438:2000::1: icmp_seq=34 ttl=64 time=0.808 ms 64 bytes from 2001:1438:2000::1: icmp_seq=35 ttl=64 time=0.754 ms 64 bytes from 2001:1438:2000::1: icmp_seq=36 ttl=64 time=0.712 ms 64 bytes from 2001:1438:2000::1: icmp_seq=37 ttl=64 time=0.751 ms 64 bytes from 2001:1438:2000::1: icmp_seq=38 ttl=64 time=1.42 ms 64 bytes from 2001:1438:2000::1: icmp_seq=39 ttl=64 time=0.801 ms 64 bytes from 2001:1438:2000::1: icmp_seq=40 ttl=64 time=0.773 ms 64 bytes from 2001:1438:2000::1: icmp_seq=71 ttl=64 time=1011 ms -- no more replies not even after minutes ip6tables -L -v displays Chain INPUT (policy DROP 702 packets, 50520 bytes) pkts bytes target prot opt in out source destination 41 4264 ACCEPT all eth1 any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all eth0 any anywhere anywhere 702 50520 LOG all eth1 any anywhere anywhere LOG level warning prefix `INE_IN' Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 477 packets, 72504 bytes) pkts bytes target prot opt in out source destination 1032 91904 ACCEPT all any eth1 anywhere anywhere 0 0 ACCEPT all any eth0 anywhere anywhere state RELATED,ESTABLISHED and i find lots of lines like May 16 10:49:43 v6t kernel: [62728.400034] INE_ININ=eth1 OUT= MAC=00:1d:7e:01:28:2c:2c:36:f8:31:44:41:86:dd SRC=fe80:0000:0000:0000:2e36:f8ff:fe31:4441 DST=2001:1438:2000:0000:0000:0017:0017:0127 LEN=72 TC=224 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0 in /var/log/messages can anybode please advise me how to fix this issue? thanks in advace and regards, gustav ps: sorry if this is a double post but i feel, that my first post (from s...@softing.com) did not reach it's destibation