From 9f0da7662e647962f8ec3e1553cfdbae2d77af5b Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 12 Nov 2011 12:17:23 +0100 Subject: Allow using [SD]NPTV6 rules in INPUT/OUTOUT chains --- README.dbk | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'README.dbk') diff --git a/README.dbk b/README.dbk index 37cd8d4..c34822d 100644 --- a/README.dbk +++ b/README.dbk @@ -139,19 +139,25 @@ ip6tables -t mangle -A POSTROUTING -o eth0 -s FD01:0203:0405::/48 -j SNPTV6 --to ip6tables -t mangle -A PREROUTING -d 2001:0DB8:0001::/48 -j DNPTV6 --to-destination FD01:0203:0405::/48 ip6tables -t mangle -A POSTROUTING -m mark --mark 42 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48 ip6tables -t mangle -A POSTROUTING -o eth0 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48 + + If the router running NPTv6 is offering services itself, additional + rules are necessary for the services to be reachable by the external address: + + ip6tables -t mangle -A OUTPUT -d 2001:0DB8:0001::/48 -j MARK --set-mark 42 +ip6tables -t mangle -A OUTPUT -d 2001:0DB8:0001::/48 -j DNPTV6 --to-destination FD01:0203:0405::/48 +ip6tables -t mangle -A INPUT -m mark --mark 42 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48
IPv6/IPv4 Precedence - With (EKU)buntu and eventually with RedHat, you will notice that + With most Linux distributions you will notice that your browser does not show the IPv6 version of a web site that is multi-homed when using ULA addresses for your IPv6 Internet connection. The reason for this is an add on to the RFC 3484 rules that is compiled - into the (EKU)buntu libc. The pre-installed - /etc/gai.conf file will give you a hint on - this. + into the libc. The pre-installed /etc/gai.conf file + will give you a hint on this. In short: the getaddrinfo() library function rates a private IPv4 address higher than the ULA IPv6 address when choosing the transport -- cgit v1.2.3