Subj : UFW and he.net
To   : Tommi Koivula
From : Michiel van der Vlist
Date : Mon Oct 11 2021 23:45:48

Hello Tommi,

Monday October 11 2021 20:29, I wrote to you:

 MV> That outgoing IPv6 works does not automatically imply that it is open
 MV> for unsollicited incoming protocol 41 packets.

This is what I wrote 10 years ago in my Fidonews article titled "A second life for the linksys Part 1"

=== quote ===

If you get this result your tunnel is working. To enable incoming
pings however you need to open the firewall for protocol 41. Protocol
41 is the protocol used for 6in4 tunneling. The firewall of openwrt is
closed for all unsollicited incoming packets by default. Bij pinging
out over IPv6, the firewall is opened for protocol 41, and it can be
pinged from outside, but it closes again after a minute or two. Add
the following lines to /etc/config/firewall to keep the tunnel open
permanently:

[code]

# Accept proto 41 so it always reaches the tunnel endpoint

config  rule
        option  src     wan
        option  proto   41
        option  target  ACCEPT
[/code]


=== end quote ===



Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20170303
 * Origin: he.net certified sage (2:280/5555)

.