Please CC answers to me as I'm not subscribed to the lists.
The problem is simple, iptable_nat kills sit tunnels, see this:
7: sit1@lec0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc noqueue
link/sit 193.0.97.15 peer 193.219.28.246
inet6 fe80::c100:610f/128 scope link
inet6 3ffe:8010:70::2/126 scope global
Normal, configured tunnel, local IPv6 is 3ffe:8010:70::2, remote
is 3ffe:8010:70::1
spider /root~# ping6 3ffe:8010:70::1
PING 3ffe:8010:70::1(6bone-gw.icm.edu.pl) 56 data bytes
64 bytes from 6bone-gw.icm.edu.pl: icmp_seq=0 hops=64 time=7.0 ms
64 bytes from 6bone-gw.icm.edu.pl: icmp_seq=1 hops=64 time=6.5 ms
64 bytes from 6bone-gw.icm.edu.pl: icmp_seq=2 hops=64 time=5.1 ms
--- 3ffe:8010:70::1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5.1/6.2/7.0 ms
A you can see it works...
spider /root~# modprobe ip_tables
spider /root~# ping6 3ffe:8010:70::1
PING 3ffe:8010:70::1(6bone-gw.icm.edu.pl) 56 data bytes
64 bytes from 6bone-gw.icm.edu.pl: icmp_seq=0 hops=64 time=6.8 ms
64 bytes from 6bone-gw.icm.edu.pl: icmp_seq=1 hops=64 time=7.2 ms
--- 3ffe:8010:70::1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.8/7.0/7.2 ms
...it still works...
spider /root~# modprobe iptable_nat
spider /root~# ping6 3ffe:8010:70::1
PING 3ffe:8010:70::1(6bone-gw.icm.edu.pl) 56 data bytes
--- 3ffe:8010:70::1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
...and now my tunnel has been converted into /dev/null, _what_ does
iptable_nat do that simple insmod kills the tunnel?
Kernels tested from 2.3.99-pre6 to 2.4.0-test1,
then 2.4.0-test3-pre2/ac2/pre1, 2.4.0-test2-ac19/ac7,
with, or without patches from netfilter CVS.
Jan
--
Jan Rękorajski | ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, type MANIAC | -- TROOPS by Kevin Rubio
|