Hello,
Stephan Seitz a écrit :
>
> IPv6 doesn't have ARP anymore, it uses ICMPv6 to
> discover ARP addresses and neighbours with the help of multicast IPv6
> addresses. So your configuration probably drops these packets. It would
> try to allow all icmpv6 traffic:
> ${IPT} -A INPUT -j ACCEPT -m state \! -state INVALID -p icmpv6
> ${IPT} -A OUTPUT -j ACCEPT -m state \! -state INVALID -p icmpv6
Bad luck : neighbour discovery packets may be in the INVALID state
because of the multicast not handled by connection tracking.
> If you want to tune these rules you have to look into the standards to
> get all necessary ICMPv6 types you need for a working setup.
neighbour-solicitation
neighbour-advertisement
If you use SLAAC (stateless address autoconfiguration from RA) :
router-solicitation
router-advertisement
And of course, all ICMPv6 types in the RELATED,ESTABLISH states.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fbac7f9.9000...@plouf.fr.eu.org
