|
Need help to setup my CentOS 6 (static tunnel)
![[es]](/s/countries/es.gif) Shadow Hawkins on Friday, 05 August 2011 12:40:33
Hi all,
Im new to ipv6..
my config:
internet -> adsl router with static ip -> server 192.168.1.60(dmz)
not filtering at adsl router
nat for 41 tcp/udp
nat for 3874 tcp
nat for 3740 udp
nat for 5072 udp
server:
Centos 6
iptables
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 41 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 41 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3874 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 3740 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5072 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
aiccu test fail when try to ping6 my pop endpoint
thanks,
Carlos
Need help to setup my CentOS 6 (static tunnel)
internet -> adsl router with static ip -> server 192.168.1.60(dmz)
You might have a static IP, but you are still behind a NAT. And even if you configure DMZ mode, not all NAT boxes then understand how to forward proto-41 packets properly.
not filtering at adsl router nat for 41 tcp/udp nat for 3874 tcp nat for 3740 udp nat for 5072 udp
I don't know what you mean with the above lines, because the statement of 'nat for X' is quite ambigues, does it imply that every other port is not NATted?
With the '41 tcp/udp' you probably mean protocol 41, which is the one used for static tunnels (6in4).
The other ports should only go for outbound connections and thus should be included in the default NAT rules anyway.
When using a static tunnel then you don't use the heartbeat port (3740) or the AYIYA port (5072).
As you have a static tunnel, you don't need to use AICCU either as you can just configure it using the OS-supplied configuration.
I guess though your problem primarily lies at the fact that you are behind a NAT. proto-41 tunnels don't easily work behind them unless you can configure your NAT box to do the proper forwarding.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 41 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 41 -j ACCEPT
Like above, you probably mean protocol 41.
Need help to setup my CentOS 6 (static tunnel)
Shadow Hawkins on Friday, 05 August 2011 14:52:33
Jeroen Massar thanks for your reply,
"nat for" is in my router im setup nat rules from real IP to 192.168.1.60(my centos box)
my router: Livebox v2 from Orange
Carlos
Need help to setup my CentOS 6 (static tunnel)
It has been mentioned by various people that the Livebox will not properly forward protocol-41, as such you will have to use AYIYA.
Need help to setup my CentOS 6 (static tunnel)
Shadow Hawkins on Friday, 05 August 2011 17:08:51
All ok now
just need to set :
# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
#
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
local_ipv4_override 192.168.1.60
in /etc/aiccu.conf
will test it a little more and write a how to for all
thanks again,
Carlos
|
![[ch]](/s/countries/ch.gif)
on Friday, 05 August 2011 13:47:11
Posting is only allowed when you are