[hipl-users] Re: Problems with RVS
- From: Paola Venuso <pa.venuso@xxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Mon, 14 Oct 2013 19:01:41 +0200
Hi Miika,
I changed network configuration on bridged (I use vmware) and now with
3ffe::xx/64 addresses IPv6 connectivity seems ok (I can reach the other
host), but if I try to ping6 the HIT of the responder I still get I1 packet
only.
What else can I do?
Thanks for your help,
Paola
Il giorno 14/ott/2013 16:38, "Miika Komu" <mkomu@xxxxxxxxx> ha scritto:
> Hi Paolo,
>
> it seems so. If you're using e.g. virtualbox, there seems to be some
> advice available at various forums:
>
> https://www.google.com/search?**client=ubuntu&channel=fs&q=**
> ipv6+virtualbox+destination+**unreachable+error&ie=utf-8&oe=**utf-8<https://www.google.com/search?client=ubuntu&channel=fs&q=ipv6+virtualbox+destination+unreachable+error&ie=utf-8&oe=utf-8>
>
> On 10/14/2013 05:28 PM, Paola Venuso wrote:
>
>> Hi,
>> I've just tried this and I've got destination unreachable error. So is
>> this a problem concernig only IPv6?
>>
>> Il giorno 14/ott/2013 16:13, "Miika Komu" <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>> ha scritto:
>>
>> Hi,
>>
>> why don't try plain IPv6 connectivity locally (without Teredo) with
>> 3ffe::x/64 addresses? So that we know if it's about IPv6 or
>> something HIP related.
>>
>> On 10/14/2013 05:09 PM, Paola Venuso wrote:
>>
>> Sorry, HIP over IPv6 didn't work.
>>
>> Il giorno 14/ott/2013 16:04, "Miika Komu" <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> ha scritto:
>>
>> Hi Paola,
>>
>> what didn't work? Directly IPv6 or HIP-over-IPv6?
>>
>> On 10/14/2013 04:58 PM, Paola Venuso wrote:
>>
>> Hi Miika,
>>
>> Yes, I did. But it didn't work.
>>
>> Il giorno 14/ott/2013 15:40, "Miika Komu"
>> <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> ha scritto:
>>
>> Hi Paola,
>>
>> it seems that you got HIP working with IPv4
>> locators. Did
>> you try
>> with two locally configured IPv6 locators
>> (3ffe::x/64)?
>>
>> On 10/14/2013 02:13 PM, Paola Venuso wrote:
>>
>> Hi Miika,
>>
>> I checked and I think my site firewall isn't
>> blocking
>> Teredo
>> traffic.
>> Anyway this is the output:
>>
>> paola@ubuntu:~$ dig -t aaaa www.google.com
>> <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com> <http://www.google.com>
>>
>> ; <<>> DiG 9.8.1-P1 <<>> -t aaaa
>> www.google.com <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com> <http://www.google.com>
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status:
>> NOERROR, id: 27694
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
>> AUTHORITY: 0,
>> ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.google.com <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com> <http://www.google.com>.
>> IN AAAA
>>
>> ;; ANSWER SECTION:
>> www.google.com <http://www.google.com> <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com>.
>> 300 IN AAAA
>> 2a00:1450:4002:804::1010
>>
>> ;; Query time: 165 msec
>> ;; SERVER: 127.0.0.53#53(127.0.0.53)
>> ;; WHEN: Mon Oct 14 03:22:40 2013
>> ;; MSG SIZE rcvd: 60
>>
>>
>> paola@ubuntu:~$ ping6 2a00:1450:4010:c04::68
>> PING
>> 2a00:1450:4010:c04::68(2a00:__**____1450:4010:c04::68)
>> 56 data bytes
>> 64 bytes from 2a00:1450:4010:c04::68:
>> icmp_seq=1 ttl=55
>> time=371 ms
>> 64 bytes from 2a00:1450:4010:c04::68:
>> icmp_seq=2 ttl=55
>> time=110 ms
>> 64 bytes from 2a00:1450:4010:c04::68:
>> icmp_seq=3 ttl=55
>> time=110 ms
>> ^C
>> --- 2a00:1450:4010:c04::68 ping statistics ---
>> 3 packets transmitted, 3 received, 0% packet
>> loss, time
>> 2004ms
>> rtt min/avg/max/mdev =
>> 110.529/197.440/371.075/122.__**____778 ms
>>
>>
>>
>> paola@ubuntu:~$ ip route get
>> 2a00:1450:4010:c04::68
>> 2a00:1450:4010:c04::68 from :: via
>> 2a00:1450:4010:c04::68 dev teredo
>> src 2001:0:53aa:64c:2cb6:3c14:____**__4367:467f
>> metric 0
>> cache
>>
>>
>> I also tried with your test machine:
>>
>> paola@ubuntu:~$ ping6
>> 2001:0:53aa:64c:3026:52b2:____**__ad4a:8b91
>> PING
>>
>>
>> 2001:0:53aa:64c:3026:52b2:____**__ad4a:8b91(2001:0:53aa:64c:__**
>> ____3026:52b2:ad4a:8b91)
>> 56 data bytes
>> 64 bytes from
>> 2001:0:53aa:64c:3026:52b2:____**__ad4a:8b91:
>> icmp_seq=1
>> ttl=64
>> time=243 ms
>> 64 bytes from
>> 2001:0:53aa:64c:3026:52b2:____**__ad4a:8b91:
>> icmp_seq=2
>> ttl=64
>> time=112 ms
>> ^C
>> --- 2001:0:53aa:64c:3026:52b2:____**__ad4a:8b91
>> ping
>> statistics ---
>> 2 packets transmitted, 2 received, 0% packet
>> loss, time
>> 1000ms
>> rtt min/avg/max/mdev =
>> 112.229/177.819/243.410/65.591 ms
>>
>>
>>
>>
>> Then I tried in my network:
>>
>> - with eth0 I got only I1 packet
>> - with Teredo I got "destination unreachable"
>> error
>>
>> And when I stopped ping6 there was 100% of
>> packet loss.
>> I also
>> tried to
>> edit manually the hosts files with different
>> configuration but
>> the same
>> happened.
>>
>> Thanks,
>>
>> Paola
>>
>>
>>
>> 2013/10/12 Miika Komu <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>
>>
>> Hi Paola,
>>
>> initially, Teredo traffic is forwarded
>> through a
>> Teredo
>> server to
>> guaranteee NAT traversal and then miredo
>> software
>> tries to
>> pinhole
>> the NAT. My guess is that your *site*
>> firewall is
>> blocking the
>> inital messages with the Teredo server.
>> You can double
>> check this as
>> follows:
>>
>> mkomu@bling:~$ dig -t aaaa www.google.com
>> <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com> <http://www.google.com>
>>
>> ; <<>> DiG 9.8.1-P1 <<>> -t aaaa
>> www.google.com <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com> <http://www.google.com>
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status:
>> NOERROR,
>> id: 12399
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
>> AUTHORITY: 0,
>> ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.google.com <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com>.
>> IN
>> AAAA
>>
>> ;; ANSWER SECTION:
>> www.google.com <http://www.google.com> <http://www.google.com>
>> <http://www.google.com>
>> <http://www.google.com>.
>> 214 IN AAAA
>> 2a00:1450:4010:c03::93
>>
>> ;; Query time: 333 msec
>> ;; SERVER: 193.229.0.40#53(193.229.0.40)
>> ;; WHEN: Sat Oct 12 14:20:35 2013
>> ;; MSG SIZE rcvd: 60
>>
>> mkomu@bling:~$ ping6
>> 2a00:1450:4010:c04::68
>> PING
>> 2a00:1450:4010:c04::68(2a00:__**______1450:4010:c04::68)
>> 56
>> data bytes
>> 64 bytes from 2a00:1450:4010:c04::68:
>> icmp_seq=1
>> ttl=55
>> time=1363 ms
>> 64 bytes from 2a00:1450:4010:c04::68:
>> icmp_seq=2
>> ttl=55
>> time=441 ms
>> ^C
>> --- 2a00:1450:4010:c04::68 ping
>> statistics ---
>> 2 packets transmitted, 2 received, 0%
>> packet loss,
>> time 1000ms
>> rtt min/avg/max/mdev =
>> 441.913/902.595/1363.277/460._**_______682
>> ms, pipe 2
>> mkomu@bling:~$ ip route get
>> 2a00:1450:4010:c04::68
>> 2a00:1450:4010:c04::68 from :: via
>> 2a00:1450:4010:c04::68
>> dev teredo
>> src
>> 2001:0:53aa:64c:473:6a2c:ab19:**________60e3 metric 0
>>
>> If this does not work for you, it
>> probably means
>> that the
>> firewall
>> your site is blocking Teredo. You can
>> contact your
>> site
>> administrator to open the UDP port 3544.
>>
>> You can also try the
>> 2001:0:53aa:64c:3026:52b2:____**____ad4a:8b91
>> (my test
>> machine) which is actually behind a real
>> NAT
>> unlike the google
>> server. If you can reach google server,
>> but not
>> mine, it
>> most likely
>> means that either of us is using a
>> p2p-incompatible NAT.
>>
>> You can also try e.g. 3ffe::x/64 address
>> space for
>> local
>> experiments
>> in your local LAN (or WLAN). Just
>> configure it to
>> the eth0
>> (or other
>> device) for two machines and try pinging
>> each other.
>>
>>
>> On 10/11/2013 09:03 PM, Paola Venuso wrote:
>>
>> Hi Miika,
>>
>> I uncommented the line "Bindport
>> 3545" in file
>> miredo.conf as I
>> read on
>> the man page of miredo and checked
>> ufw files
>> for rules
>> blocking IPv6
>> traffic (I uncommented two about
>> forwarding,
>> the others
>> about
>> enabling
>> this traffic were already
>> uncommented). Then I
>> tried
>> ping6 the
>> locators
>> and I got the message: unknown host.
>> Also I tried manual set up with
>> IPv4-based
>> locators, as you
>> wrote me,
>> and my host exchanged HIP UPDATE and
>> I1, R1,
>> I2, R2
>> packets with
>> another
>> host, with address193.167.187.149,
>> that I
>> don't know
>> but I guess
>> maybe
>> it's one of infrahip servers.
>> Anyway, I am not sure I checked
>> correctly for
>> rules
>> about IPv6
>> traffic.
>> What should I do about this? Could
>> all this
>> problems be
>> connected also
>> with virtual machine net
>> configuration? It is
>> NAT by
>> default,
>> but there
>> are some other options.
>>
>> Thanks for all the help you're giving
>> to me.
>>
>> Paola
>>
>>
>> 2013/10/11 Miika Komu
>> <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>
>>
>>
>> Hi Paola,
>>
>> it seems your installation is
>> fine. Base
>> on my own
>> experiences, I
>> think that a middlebox (firewall)
>> is
>> blocking your
>> IPv6
>> traffic (in
>> the case of Teredo it's UDP port
>> 3544).
>> Did you try to
>> ping6 the
>> routable addresses (locators)?
>>
>> I also recommend trying a manual
>> set up with
>> IPv4-based
>> locators as
>> follows:
>>
>> hipconf daemon rst all
>> hipconf daemon add map PEER_HIT
>> PEER_IPV4_ADDRESS
>> ping6 PEER_HIT
>>
>>
>> On 10/10/2013 12:42 AM, Paola
>> Venuso wrote:
>>
>> Hi Miika,
>>
>> hipd is running at the
>> responder, the
>> firewall
>> is not
>> blocking HIP
>> traffic and I don't use
>> redhat-based
>> distro.
>> This is the output of the
>> commands
>> from the
>> manual:
>>
>> paola@ubuntu:~$ dpkg -l
>> 'hipl*'
>>
>> Desired=Unknown/Install/______**____Remove/Purge/Hold
>> |
>>
>>
>>
>>
>> Status=Not/Inst/Conf-files/___**_______Unpacked/halF-conf/**
>> Half-____inst/______trig-**aWait/Trig-____pend
>>
>> |/ Err?=(none)/Reinst-required
>> (Status,Err:
>> uppercase=bad)
>> ||/ Nome Versione
>> Descrizione
>>
>>
>>
>>
>> +++-==============-===========**__________===-================**
>> ==__==__==__==__==__==========**====__====
>>
>> ii hipl-all
>> 1.0.8-6429 HIP for
>> Linux full
>> software bundle
>> ii hipl-daemon
>> 1.0.8-6429 HIP for
>> Linux IPsec key
>> management and
>> mobil
>> ii hipl-dnsproxy
>> 1.0.8-6429 HIP for
>> Linux name
>> lookup proxy
>> ii hipl-doc
>> 1.0.8-6429 HIP
>> for Linux
>> documentation
>> ii hipl-firewall
>> 1.0.8-6429 HIP
>> for Linux
>> multi-purpose
>> firewall
>> daemon
>> un hipl-minimal <nessuna>
>> (nessuna
>> descrizione
>> disponibile)
>> un hipl-tools <nessuna>
>> (nessuna
>> descrizione
>> disponibile)
>> paola@ubuntu:~$ hipconf
>> daemon get ha all
>> Sending user message 22 to
>> HIPD on
>> socket 3
>> Sent 40 bytes
>> Waiting to receive daemon
>> info.
>> 240 bytes received from HIP
>> daemon.
>> HA is I1-SENT
>> Shotgun mode is off.
>> Broadcast mode is off.
>> Local HIT:
>> 2001:0012:421d:99a0:005d:d60f:**
>> __________73b0:4407
>> Peer HIT:
>> 2001:001a:2a72:f01c:d98e:311c:**
>> __________c76a:57c4
>>
>> Local LSI: 1.0.0.1
>> Peer LSI: 1.0.0.2
>> Local IP:
>> 2001:0000:53aa:064c:2cde:3e12:**
>> __________4367:467f
>>
>> Local NAT traversal UDP
>> port: 10500
>> Peer IP:
>> 2001:0708:0140:0220:0000:0000:**
>> __________0000:0016
>>
>> Peer NAT traversal UDP
>> port: 10500
>> Peer hostname:
>>
>>
>>
>>
>>
>> ------------------------------**__________--------------------**
>> --__--__--__--__--__----------**----__----__----__----__----__**
>> ------__------__------__------**__------
>>
>>
>> paola@ubuntu:~$ uname -a
>> Linux ubuntu 3.5.0-41-generic
>> #64~precise1-Ubuntu SMP
>> Thu Sep 12
>> 17:01:55 UTC 2013 i686 i686
>> i386
>> GNU/Linux
>> paola@ubuntu:~$ lsb_release
>> -a
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description: Ubuntu
>> 12.04.3 LTS
>> Release: 12.04
>> Codename: precise
>>
>>
>>
>>
>>
>> ------------------------------**__________--------------------**
>> --__--__--__--__--__----------**----__----__----__----__----__**
>> ------__------__------__------**__------
>>
>>
>> paola@ubuntu:~$ cat
>> /etc/hip/hipd.conf
>> # Format of this file is as
>> with
>> hipconf, but
>> without
>> "hipconf
>> daemon"
>> prefix
>> # add hi default # add
>> all four
>> HITs (see
>> bug id 592127)
>> # add map HIT IP #
>> preload some
>> HIT-to-IP
>> mappings
>> to hipd
>> # add service rvs # the
>> host acts
>> as HIP
>> rendezvous
>> (also see
>> relay.conf)
>> # add server rvs [RVS-HIT]
>> <RVS-IP-OR-HOSTNAME>
>> <lifetime-secs> #
>> register to rendezvous server
>> # add server relay [RELAY-HIT]
>> <RVS-IP-OR-HOSTNAME>
>> <lifetime-secs> #
>> register to relay server
>> # add server full-relay
>> [RELAY-HIT]
>> <RVS-IP-OR-HOSTNAME>
>> <lifetime-secs>
>> # register to relay server
>> hit-to-ip on # resolve HITs to
>> locators in
>> dynamic DNS zone
>> # hit-to-ip set
>> hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net**>
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >
>> <http://hit-to-ip.infrahip.__**net__
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>
>> <http://hit-to-ip.infrahip.___**_net__
>> <http://hit-to-ip.infrahip.__**net__
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>>
>>
>> <http://hit-to-ip.infrahip.___**___net__
>> <http://hit-to-ip.infrahip.___**_net__
>> <http://hit-to-ip.infrahip.__**net__
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>>>
>> <http://hit-to-ip.infrahip.___**
>> _____net__
>> <http://hit-to-ip.infrahip.___**
>> ___net__
>> <http://hit-to-ip.infrahip.___**_net__
>> <http://hit-to-ip.infrahip.__**net__
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>>>>.
>>
>>
>> # resolve HITs to locators
>> in dynamic
>> DNS zone
>> nsupdate on # send dynamic
>> DNS updates
>> # add server rvs
>> hiprvs.infrahip.net <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net> 50000
>>
>>
>> # Register to free RVS at
>> infrahip
>> # heartbeat 10 # send ICMPv6
>> messages
>> inside
>> HIP tunnels
>> # locator on # host
>> sends all
>> of its
>> locators in
>> base
>> exchange
>> # shotgun on # use all
>> possible
>> src/dst IP
>> combinations
>> to send
>> I1/UPDATE
>> # broadcast on # broadcast
>> to LAN if no
>> matching IP
>> address found
>> # opp normal|advanced|none
>> # transform order 213 #
>> crypto preference
>> order (1=AES,
>> 2=3DES,
>> 3=NULL)
>> nat plain-udp # use UDP
>> capsulation (for
>> NATted
>> environments)
>> #nat port local 11111 #
>> change local
>> default
>> UDP port
>> #nat port peer 22222 #
>> change local
>> peer UDP port
>> debug medium # debug
>> verbosity: all,
>> medium, low
>> or none
>> default-hip-version 1 #
>> default HIP
>> version
>> number for
>> the I1
>> message.
>> (1=HIPv1, 2=HIPv2)
>>
>>
>>
>>
>>
>> ------------------------------**__________--------------------**
>> --__--__--__--__--__----------**----__----__----__----__----__**
>> ------__------__------__------**__------
>>
>>
>> paola@ubuntu:~$ sudo
>> iptables -L -n
>> Chain INPUT (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-INPUT all --
>> 0.0.0.0/0 <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT 139 -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT 139 -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT udp -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> udp
>> spt:10500
>> ACCEPT esp -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT icmpv6--
>> 0.0.0.0/0 <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT all -- 1.0.0.0/8
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8> 1.0.0.0/8
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>>
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-FORWARD all --
>> 0.0.0.0/0 <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>>
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-OUTPUT all --
>> 0.0.0.0/0 <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT 139 -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT udp -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> udp
>> dpt:10500
>> ACCEPT esp -- 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT icmpv6--
>> 0.0.0.0/0 <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>>
>
> ...
Other related posts:
