| To: | USAGI core <usagi-core@xxxxxxxxxxxxxx>, Maillist netdev <netdev@xxxxxxxxxxx> |
|---|---|
| Subject: | Re: ip6tables: accept of IPv6 transport esp packages not possible - no rule matches |
| From: | Peter Bieringer <pb@xxxxxxxxxxxx> |
| Date: | Fri, 24 Dec 2004 16:59:07 +0100 |
| Cc: | Harald Welte <laforge@xxxxxxxxxxxx> |
| In-reply-to: | <019064D0423CE6C823CBF476@t1mobil.muc.aerasec.de> |
| References: | <019064D0423CE6C823CBF476@t1mobil.muc.aerasec.de> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Hi again, one update (after playing now with openswan): Dec 24 10:22:27 gate kernel: extIN-FW6-default:IN=sit_sixxs OUT= MAC=00:11:22:33:44:01->00:11:22:33:44:02 TUNNEL=212.224. 0.188-> 84.000. 0. 12 SRC=2001:06f8:0900:0449:0000:0000:0000:0002 DST=2001:06f8:0900:0094:0000:0000:0000:0002 LEN=116 TC=0 HOPLIMIT=63 FLOWLBL=0 OPT ( ) PROTO=59
#1 ip6tables -A extIN -p all -s 2001:6f8:900:94::2 -d 2001:6f8:900:449::2 -j ACCEPT #2 ip6tables -A extIN -s 2001:6f8:900:94::2 -d 2001:6f8:900:449::2 -j ACCEPT Rule #1 doesn't match that strangeness, while rule #2 does (and - partially - solve my problem now)! Looks like there is something going wrong in the protocol matching algorithm in netfilter6.
Perhaps for interesting, using openswan of Fedora Core 3 and following very simple configuration: conn ipv6-location1-location2
connaddrfamily=ipv6
left=2001:6f8:900:94::2
right=2001:6f8:900:449::2
authby=secret
type=transport
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Hi, Nick. In this archive you can find all those things, you asked me., gtq |
|---|---|
| Next by Date: | Re: LLTX and netif_stop_queue, Eric Lemoine |
| Previous by Thread: | ip6tables: accept of IPv6 transport esp packages not possible - no rule matches, Peter Bieringer |
| Next by Thread: | Re: ip6tables: accept of IPv6 transport esp packages not possible - no rule matches, Patrick McHardy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |