nat is absent for IPv6Originally Posted by theMIROn
You are happy manMy scripts write in other routers where base system is linux with kernel 2.6.x
One more question - have you ever use TCPMSS for IPv6?
Forum Guru
nat is absent for IPv6
You are happy manMy scripts write in other routers where base system is linux with kernel 2.6.x
One more question - have you ever use TCPMSS for IPv6?
yep, it's abs useless for that, in case or routed ipv6 rangenat is absent for IPv6
ASUS WL5xx: FW 1.9.2.7-d-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | bip irc proxy
ASUS RT-N1x: FW 1.9.2.7-rtn-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | fake ident daemon
Student Computer Engineer
I have the new build and it works great
is it just me or is that portscanner from he.net quite slow?I'm proudly running:
1.9.2.7-d-r815
maybe I'll make a c# ipv6 portscanner, you need a mono version theMIROn?
what for?I have the new build and it works great
is it just me or is that portscanner from he.net quite slow?
maybe I'll make a c# ipv6 portscanner, you need a mono version theMIROn?
he.net uses nmap 5.00, you could use the same from optware.
btw, http://wpte.crabdance.com/ isn't accessable via ipv6, but themiron.ru is =)
ASUS WL5xx: FW 1.9.2.7-d-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | bip irc proxy
ASUS RT-N1x: FW 1.9.2.7-rtn-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | fake ident daemon
Thoughts 'bout ip6tables defaults:
1. filter6_ruses should be grouped by chain, not by match/target, following changes should be applied to rc internally
2. OUTPUT chain should always have default ACCEPT policy, and only REJECT/DROP targets (for ex. -m rt --rt-type - -j DROP/REJECT)
coz output ifs could be br0/vlan1/sixtun/lo - to much to enum them all
3. ipv6-icmp proto used for ipv6 advert (radvd), auto conf, etc, so it shouldn't depend on firewall coz it'll break the overall netability
4. did I miss smth?
ASUS WL5xx: FW 1.9.2.7-d-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | bip irc proxy
ASUS RT-N1x: FW 1.9.2.7-rtn-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | fake ident daemon
Forum Guru
Sounds resonable. No problem, we still on the way
Unfortunately, I don't know yet. Maybe kamil or someone else can help us and answer to this questions?2. OUTPUT chain should always have default ACCEPT policy, and only REJECT/DROP targets (for ex. -m rt --rt-type - -j DROP/REJECT)
coz output ifs could be br0/vlan1/sixtun/lo - to much to enum them all
3. ipv6-icmp proto used for ipv6 advert (radvd), auto conf, etc, so it shouldn't depend on firewall coz it'll break the overall netability
Student Computer Engineer
I know it's not accessable, though I opened up the port
after I added the line-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
everything goes open-A INPUT -d 2001:470:1f14:31e::2/128 -i sixtun -p tcp -m tcp --dport 80 -j ACCEPT
what do you use to open up ports then?
you should open it withafter I added the line
everything goes openCode:-A INPUT -d 2001:470:1f14:31e::2/128 -i sixtun -p tcp -m tcp --dport 80 -j ACCEPT
what do you use to open up ports then?
and not to forget about (in case of lighttpd)Code:ip6tables -A INPUT -d 2001:470:1f14:31e::2/128 -i sixtun -p tcp -m tcp --dport 80 -j ACCEPT
Code:server.use-ipv6 = "enable"
ASUS WL5xx: FW 1.9.2.7-d-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | bip irc proxy
ASUS RT-N1x: FW 1.9.2.7-rtn-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | fake ident daemon
Student Computer Engineer
yes I enabled that
hmmm still odd with the mixed results from the he portscanner.. only online working ipv6 portscanner as far as I can see
Posting Permissions
Reply With Quote
