[CentOS] IPv6 forwarding and ip6tables

Robert Moskowitz

rgm at htt-consult.com
Tue Dec 30 17:54:24 UTC 2008


I am running multiple IPv6 subnets here in my testbed.  My IPv6 'router' 
is a Centos box with IPv6forwarding turned on.  It is also my RADVD 
server (over multiple VLans), and Miredo server/relay.


I thought I had a simple ip6table setup that protected the box and let 
it forward.  Well I am wrong.

I got my previous DNS over IPv6 working on the DNS server, then tried to 
get it working from another box.  After a couple hours fighting with it, 
I finally figured out that my Centos IPv6 router was rejecting the 
IPv6DNS queries, not forwarding them.  I turned off ip6tables and the 
DNS lookups worked just fine.

So I thought, well Shorewall6 beta is out, let's go with it already.  I 
check out the shorewall discussions and discover you need at least the 
2.6.25 kernel for Shorewall6.  When I mentioned my dilemma, I was told 
that "2.6.18 doesn't support stateful IPv6 firewalling at all!"

Just great......   When is that Centos 6 going to happen????  :(

Anyway, the challenge for now:

What do I put into ip6tables so that any IPv6 traffic that comes in any 
of the vlans on eth1 can go out any of the vlans on eth1?





More information about the CentOS mailing list