Hi, I've been struggling to get my ipv6 tunnel fully working. I can't get my tunnel endpoint to _always_ respond to ping requests. My endpoint is an Ubuntu 8.04 server, running the tunnel using aiccu (newest version). This server also provides NAT for my IPv4 connection (PPPoE). The problem is exactly what is described on https://www.sixxs.net/faq/connectivity/?faq=conntracking, but the given solutions do not help me out. The first solution does not solve the problem and the second (NOTRACK) breaks my entire IPv6 connectivity, on my server as well on my subnet. I've also tried the solution given by Brian OConnor in https://www.sixxs.net/forum/?msg=setup-841752, but it does not help either. I did change the IP addresses to the (external) IPv4 address of my server, but as the tunnel should not be NAT'ted, I guess it shouldn't solve anything anyway. Maybe someone can give me a push in the right direction? Below some output that might help in finding the issue. If you want to know more, please ask. Thanks! Some listings that might help anyone find the problem: ============================ aiccu test passes all 8 tests succesfully uname -a Linux syzzer-server 2.6.24-19-server #1 SMP Wed Aug 20 18:43:06 UTC 2008 x86_64 GNU/Linux traceroute 192.87.102.107 traceroute to 192.87.102.107 (192.87.102.107), 30 hops max, 40 byte packets 1 145.94.1.0 (145.94.1.0) 0.210 ms 0.144 ms 0.174 ms 2 130.161.2.121 (130.161.2.121) 0.357 ms 0.362 ms 0.328 ms 3 dunet1.tudelft.nl (130.161.1.49) 0.561 ms 0.539 ms 0.628 ms 4 GE2-0-0.2032.JNR01.Asd002A.surf.net (145.145.26.97) 2.010 ms 2.116 ms 2.116 ms 5 AE0.500.JNR01.Asd001A.surf.net (145.145.80.82) 2.267 ms 2.230 ms 2.211 ms 6 V1105.sw14.amsterdam1.surf.net (145.145.18.94) 2.190 ms 2.230 ms 2.272 ms 7 sixxs.surfnet.nl (192.87.102.107) 2.146 ms 2.188 ms 2.180 ms traceroute 2001:610:600:525::1 traceroute to 2001:610:600:525::1 (2001:610:600:525::1), 30 hops max, 40 byte packets 1 gw-1318.ams-05.nl.sixxs.net (2001:610:600:525::1) 2.230 ms 2.206 ms 2.203 ms tcpdump -n -s 1500 -i sixxs tcpdump: WARNING: sixxs: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sixxs, link-type RAW (Raw IP), capture size 1500 bytes 15:52:15.881813 IP6 2001:610:697:0:2420:8f46:d6a1:50d6 > 2001:4860:0:1001::68: ICMP6, echo request, seq 9, length 40 15:52:15.887123 IP6 2001:4860:0:1001::68 > 2001:610:697:0:2420:8f46:d6a1:50d6: ICMP6, echo reply, seq 9, length 40 15:52:16.881482 IP6 2001:610:697:0:2420:8f46:d6a1:50d6 > 2001:4860:0:1001::68: ICMP6, echo request, seq 10, length 40 15:52:16.886874 IP6 2001:4860:0:1001::68 > 2001:610:697:0:2420:8f46:d6a1:50d6: ICMP6, echo reply, seq 10, length 40 15:52:17.881504 IP6 2001:610:697:0:2420:8f46:d6a1:50d6 > 2001:4860:0:1001::68: ICMP6, echo request, seq 11, length 40 15:52:17.886763 IP6 2001:4860:0:1001::68 > 2001:610:697:0:2420:8f46:d6a1:50d6: ICMP6, echo reply, seq 11, length 40 15:52:18.881519 IP6 2001:610:697:0:2420:8f46:d6a1:50d6 > 2001:4860:0:1001::68: ICMP6, echo request, seq 12, length 40 15:52:18.886864 IP6 2001:4860:0:1001::68 > 2001:610:697:0:2420:8f46:d6a1:50d6: ICMP6, echo reply, seq 12, length 40 8 packets captured 8 packets received by filter 0 packets dropped by kernel iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- 172.20.24.0/22 anywhere tcp dpt:1500 DROP tcp -- anywhere anywhere tcp dpt:1500 ACCEPT tcp -- anywhere anywhere tcp dpt:49001 ACCEPT tcp -- anywhere anywhere tcp dpt:6991 ACCEPT udp -- anywhere anywhere udp dpt:6991 ACCEPT ipv6 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT ipv6-icmp-- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere 192.168.1.10 tcp dpt:6991 ACCEPT udp -- anywhere 192.168.1.10 udp dpt:6991 Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT udp -- anywhere anywhere udp dpt:6991 to:192.168.1.10:6991 DNAT tcp -- anywhere anywhere tcp dpt:6991 to:192.168.1.10:6991 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE !ipv6 -- anywhere anywhere MASQUERADE !ipv6 -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination