The next task is to forward incoming ipv6 traffic to ipv4. I don't
know much about linux, so please help me to tell the box how to
forward ipv6 port 24554 to 192.168.1.2.
http://www.haproxy.org/
The next task is to forward incoming ipv6 traffic to ipv4. I
don't know much about linux, so please help me to tell the box
how to forward ipv6 port 24554 to 192.168.1.2.
http://www.haproxy.org/
Now I have a problem with the IPv6 firewall. It always blocks the
inbound traffic from the tunnel even if I allowed port 24554 from the
GUI of AsusWRT. From the router the forwarding works, (telnet 2001:470:27:a::2 24554) .
Now I have a problem with the IPv6 firewall. It always blocks the
inbound traffic from the tunnel even if I allowed port 24554 from
the GUI of AsusWRT. From the router the forwarding works, (telnet
2001:470:27:a::2 24554) .
If possible, please enable firewall logging and check the log entries
for IPv6 binkp. When you find drop/reject messages for binkp, then the next step is to evaluate the firewall rules. If you're lucky the log entries include the chain's name. That's based on how the rule sets
are designed.
One log line of dropped inbound binkp:
Sep 26 18:33:16 kernel: DROP <4>DROP IN=v6in4 OUT=
6 0:d8:42:50:5a:5b:9b:63:0b:60:00:00:00
TUNNEL=216.66.80.90->91.155.99.11 <1>SRC=2001:0470:1f15:0cb0:0000:0000:0000:0004 DST=2001:0470:0027:000a:0000:0000:0000:0002 <1>LEN=72 TC=0
HOPLIMIT=59 FLOWLBL=0 PROTO=TCP <1>SPT=57521 DPT=24554 SEQ=457283060 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204058C0103030801010402)
91.155.99.11 is my routers ipv4 address,
216.66.80.90 is the endpoint of the HE tunnel. 2001:0470:1f15:0cb0:0000:0000:0000:0004 is where from I tried to
access binkd at 2001:0470:0027:000a:0000:0000:0000:0002
I assume that the router is your end of the 6in4 HE.net tunnel and
haproxy is runing on that router too. Is that right?
In this case you would need to insert an INPUT rule before the logdrop:
ip6tables -t filter -A INPUT -p tcp --destination-port 24554 -j ACCEPT
Hello Tommi!
Sep 26 11:53 2015, Markus Reschke wrote to Tommi Koivula:
http://www.haproxy.org/
Example: http://www.koopman.me/2011/02/haproxy-for-ipv6-translation-to-ipv4-onl y-websit e/
The important thing is to set the mode to TCP and to change the
required ports. haproxy will work as proxy for any TCP based protocol.
ip6tables -t filter -A INPUT -p tcp --destination-port 24554 -j
ACCEPT
I'll try to find a way to do it. ;)
BinkD/2 (2:221/0) should now answer at 2001:470:27:a::2 .
Finally I need to make sure my settings remain after reboot. ;)
Thanks Markus!
I'll try to find a way to do it. ;)
Now I have a problem with the IPv6 firewall. It always blocks the
inbound traffic from the tunnel even if I allowed port 24554 from the
GUI of AsusWRT. From the router the forwarding works, (telnet 2001:470:27:a::2 24554) .
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 615 |
Nodes: | 10 (1 / 9) |
Uptime: | 54:33:35 |
Calls: | 9,850 |
Calls today: | 5 |
Files: | 96,973 |
Messages: | 1,080,749 |
Posted today: | 1 |