5

Im trying to allow 6to4 though my ipv4 firewall on Debian 6 (Squeeze) but without much luck, it seems most of the syntax used by other OS's isn't quite supported in Debian's iptables.

I'v tried: (I put these before the DROP all INPUT/OUTPUT lines)

$IPT -A INPUT -p ipv6 -j ACCEPT
$IPT -A OUTPUT -p ipv6 -j ACCEPT

Along with a few others but nothing seems to work.

Mint
  • 476
  • 2
  • 9
  • 23

1 Answers1

10

When using 6to4, you do not transmit IPv6 packets. Instead, special IPv4 packets are wrapped around IPv6 payloads. These packets have IPv4 protocol 41, as defined by RFC 2473.

iptables -t filter -I INPUT -p 41 -j ACCEPT
iptables -t filter -I OUTPUT -p 41 -j ACCEPT
ephemient
  • 1,470
  • 1
  • 11
  • 8
  • ^ the -t filter doesn't seem to be supported by Debian 6 "iptables: No chain/target/match by that name." iptables v1.4.8 – Mint Mar 09 '11 at 07:12
  • @Mint: No, the `filter` table always exists. I misspelled the chains `INPUT` and `OUTPUT` though; those should be upper-case. – ephemient Mar 09 '11 at 08:02
  • aah I see, I'm new to iptables so it's not so obvious to me. Thanks for the fix. – Mint Mar 10 '11 at 05:37
  • Just a small note: `-p 41` is equal to `-p ipv6`. At least, this is what `ip{,6}tables-save` produces. – selurvedu Nov 01 '17 at 05:18