‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On April 6, 2018 11:18 AM, colony.three--- via Shorewall-users
<shorewall-users@lists.sourceforge.net> wrote:
> # ip address
> 7: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state
> UNKNOWN qlen 1
> link/sit 50.47.100.167 peer 216.218.226.238
> inet6 2001:470:a:c3::2/64 scope global
> valid_lft forever preferred_lft forever
> inet6 fe80::322f:64a7/64 scope link
> valid_lft forever preferred_lft forever
> # ip -6 neighbor
>
> # ping6 google.com
> PING google.com(dfw25s08-in-x0e.1e100.net (2607:f8b0:4000:801::200e)) 56 data
> bytes
> From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2)
> icmp_seq=1 Destination unreachable: Address unreachable
> ping: sendmsg: Operation not permitted
> From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2)
> icmp_seq=2 Destination unreachable: Address unreachable
> ping: sendmsg: Operation not permitted
> From Quantumn-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2)
> icmp_seq=3 Destination unreachable: Address unreachable
> ping: sendmsg: Operation not permitted
>
> Shorewall dump sent to Tom.
I know that incoming ping is required for a Hurricane tunnel, and I've allowed
this:
Ping(ACCEPT) net:66.220.2.74 $FW
(I don't want anyone else to ping) (CentOS7.4)
But I don't know whether there needs to be an IPV6 ping incoming, and there are
no Shorewall6 messages in dmesg.
I can't find any evidence of how to allow protocol 41.
Hopefully LAN passage through this router VM is covered with:
net.ipv6.ip_forward = 1
G**gle is baffled.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
