On Wednesday 2012-10-10 08:21, Filip Valder wrote: >Hi. > >The 2 lines above the line you mention preserve SYN/SYN-ACK + >ESTABLISHED states for tcp/22 connection. > >First matching rule wins, so where is the problem?
As I said, you need ICMPv6. Without it, you won't even get SSH packets. Basic networking. Like ARP in IPv4. (tcpdump& ssh v-foo) 10:47:33.268038 Out 8a:0c:9c:aa:b9:7f ethertype IPv6 (0x86dd), length 88: 2001:db8:151:ffa::1 > ff02::1:ff00:80: ICMP6, neighbor solicitation, who has 2001:db8:151:ffa::80, length 32 10:47:33.268410 In 08:00:27:0e:c4:07 ethertype IPv6 (0x86dd), length 88: 2001:db8:151:ffa::80 > 2001:db8:151:ffa::1: ICMP6, neighbor advertisement, tgt is 2001:db8:151:ffa::80, length 32 10:47:33.268433 Out 8a:0c:9c:aa:b9:7f ethertype IPv6 (0x86dd), length 96: 2001:db8:151:ffa::1.55849 > 2001:db8:151:ffa::80.22: Flags [S], seq 2298159748, win 14400, options [mss 1440,sackOK,TS val 359464204 ecr 0,nop,wscale 7], length 0 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
