I think the ipv6-over-ipv4-plugin that comes with my firewall should
probably implement the behaviour you want. Since you're using 1.9.2k,
I'm not 100% sure this functionality/plugin was already available at the
time. Please check out the latest version (2.0+) on my website to
verify, if still doesn't fix your problem, drop a line on the AIF
mailing-list...
cheers,
Arno
On 8/14/2012 21:02, Barak A. Pearlmutter wrote:
Package: arno-iptables-firewall
Version: 1.9.2.k-4
With the ipmasq package gone the way of the dodo, I needed NAT
functionality on a computer w/ a first-class IPv4 address to run an
iodine server on that host. That host already had IPv6 connectivity
using the auto6to4 package (in experimental) which sets up a standard
6to4 tunnel to the standard IPv4 anycast address, which uses IPv4
protocol 41 packets. (Note, *protocol* 41, not port 41.)
Installing arno-iptables-firewall and configuring it for NAT
functionality and *nothing else* blocked the IPv4 protocol 41 packets
and thus killed the 6to4 tunnel. When I tried the miredo package
instead, that was also broken, for similar reasons.
It would be nice if arno-iptables-firewall had a "NAT and no blocking"
option, so it could be used as a plug-in replacement for ipmasq, and
would be guaranteed not to mess up IPv6 connectivity via IPv4
tunnels. Or at least, if there were documentation.
(Of course, this was on a "stable" machine running an old version. If
this is fixed in more recent versions --- it doesn't seem to be
judging from just changelog entries --- my apologies.)
--Barak.
--
Barak A. Pearlmutter
Hamilton Institute& Dept Comp Sci, NUI Maynooth, Co. Kildare, Ireland
http://www.bcl.hamilton.ie/~barak/
--
Arno van Amersfoort
E-mail : arn...@rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
