Subj : "portproxy" in linux
To   : Tommi Koivula
From : Markus Reschke
Date : Sat Sep 26 2015 17:12:58

Hello Tommi!

Sep 26 18:33 2015, Tommi Koivula wrote to Markus Reschke:

 TK> One log line of dropped inbound binkp:

 TK> Sep 26 18:33:16 kernel: DROP  <4>DROP IN=v6in4 OUT= 
 TK> 
 TK> 6 0:d8:42:50:5a:5b:9b:63:0b:60:00:00:00 
 TK> TUNNEL=216.66.80.90->91.155.99.11 
 TK> <1>SRC=2001:0470:1f15:0cb0:0000:0000:0000:0004 
 TK> DST=2001:0470:0027:000a:0000:0000:0000:0002 <1>LEN=72 TC=0 
 TK> HOPLIMIT=59 FLOWLBL=0 PROTO=TCP <1>SPT=57521 DPT=24554 SEQ=457283060 
 TK> ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204058C0103030801010402)

 TK> 91.155.99.11 is my routers ipv4 address,
 TK> 216.66.80.90 is the endpoint of the HE tunnel.
 TK> 2001:0470:1f15:0cb0:0000:0000:0000:0004 is where from I tried to 
 TK> access binkd at 2001:0470:0027:000a:0000:0000:0000:0002

I assume that the router is your end of the 6in4 HE.net tunnel and haproxy is runing on that router too. Is that right?

In this case you would need to insert an INPUT rule before the logdrop:
 ip6tables -t filter -A INPUT -p tcp --destination-port 24554 -j ACCEPT

Regards,
Markus

--- 
 * Origin: *** theca tabellaria *** (2:240/1661)

.