Hi Miika,
I changed network configuration on bridged (I use vmware) and now with
3ffe::xx/64 addresses IPv6 connectivity seems ok (I can reach the other
host), but if I try to ping6 the HIT of the responder I still get I1
packet only.
What else can I do?
Thanks for your help,
Paola
Il giorno 14/ott/2013 16:38, "Miika Komu" <mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>> ha scritto:
Hi Paolo,
it seems so. If you're using e.g. virtualbox, there seems to be some
advice available at various forums:
https://www.google.com/search?__client=ubuntu&channel=fs&q=__ipv6+virtualbox+destination+__unreachable+error&ie=utf-8&oe=__utf-8
<https://www.google.com/search?client=ubuntu&channel=fs&q=ipv6+virtualbox+destination+unreachable+error&ie=utf-8&oe=utf-8>
On 10/14/2013 05:28 PM, Paola Venuso wrote:
Hi,
I've just tried this and I've got destination unreachable error.
So is
this a problem concernig only IPv6?
Il giorno 14/ott/2013 16:13, "Miika Komu" <mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> ha scritto:
Hi,
why don't try plain IPv6 connectivity locally (without
Teredo) with
3ffe::x/64 addresses? So that we know if it's about IPv6 or
something HIP related.
On 10/14/2013 05:09 PM, Paola Venuso wrote:
Sorry, HIP over IPv6 didn't work.
Il giorno 14/ott/2013 16:04, "Miika Komu"
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> ha scritto:
Hi Paola,
what didn't work? Directly IPv6 or HIP-over-IPv6?
On 10/14/2013 04:58 PM, Paola Venuso wrote:
Hi Miika,
Yes, I did. But it didn't work.
Il giorno 14/ott/2013 15:40, "Miika Komu"
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>> ha scritto:
Hi Paola,
it seems that you got HIP working with IPv4
locators. Did
you try
with two locally configured IPv6 locators
(3ffe::x/64)?
On 10/14/2013 02:13 PM, Paola Venuso wrote:
Hi Miika,
I checked and I think my site
firewall isn't
blocking
Teredo
traffic.
Anyway this is the output:
paola@ubuntu:~$ dig -t aaaa
www.google.com <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>
; <<>> DiG 9.8.1-P1 <<>> -t aaaa
www.google.com <http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 27694
;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com
<http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com> <http://www.google.com>.
IN AAAA
;; ANSWER SECTION:
www.google.com <http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>.
300 IN AAAA
2a00:1450:4002:804::1010
;; Query time: 165 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 14 03:22:40 2013
;; MSG SIZE rcvd: 60
paola@ubuntu:~$ ping6
2a00:1450:4010:c04::68
PING
2a00:1450:4010:c04::68(2a00:________1450:4010:c04::68)
56 data bytes
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=1 ttl=55
time=371 ms
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=2 ttl=55
time=110 ms
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=3 ttl=55
time=110 ms
^C
--- 2a00:1450:4010:c04::68 ping
statistics ---
3 packets transmitted, 3 received, 0%
packet
loss, time
2004ms
rtt min/avg/max/mdev =
110.529/197.440/371.075/122.________778 ms
paola@ubuntu:~$ ip route get
2a00:1450:4010:c04::68
2a00:1450:4010:c04::68 from :: via
2a00:1450:4010:c04::68 dev teredo
src
2001:0:53aa:64c:2cb6:3c14:________4367:467f
metric 0
cache
I also tried with your test machine:
paola@ubuntu:~$ ping6
2001:0:53aa:64c:3026:52b2:________ad4a:8b91
PING
2001:0:53aa:64c:3026:52b2:________ad4a:8b91(2001:0:53aa:64c:________3026:52b2:ad4a:8b91)
56 data bytes
64 bytes from
2001:0:53aa:64c:3026:52b2:________ad4a:8b91:
icmp_seq=1
ttl=64
time=243 ms
64 bytes from
2001:0:53aa:64c:3026:52b2:________ad4a:8b91:
icmp_seq=2
ttl=64
time=112 ms
^C
---
2001:0:53aa:64c:3026:52b2:________ad4a:8b91 ping
statistics ---
2 packets transmitted, 2 received, 0%
packet
loss, time
1000ms
rtt min/avg/max/mdev =
112.229/177.819/243.410/65.591 ms
Then I tried in my network:
- with eth0 I got only I1 packet
- with Teredo I got "destination
unreachable"
error
And when I stopped ping6 there was
100% of
packet loss.
I also
tried to
edit manually the hosts files with
different
configuration but
the same
happened.
Thanks,
Paola
2013/10/12 Miika Komu
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>
Hi Paola,
initially, Teredo traffic is
forwarded
through a
Teredo
server to
guaranteee NAT traversal and
then miredo
software
tries to
pinhole
the NAT. My guess is that your
*site*
firewall is
blocking the
inital messages with the Teredo
server.
You can double
check this as
follows:
mkomu@bling:~$ dig -t aaaa
www.google.com <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>
; <<>> DiG 9.8.1-P1 <<>> -t aaaa
www.google.com <http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,
status:
NOERROR,
id: 12399
;; flags: qr rd ra; QUERY: 1,
ANSWER: 1,
AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com
<http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>.
IN
AAAA
;; ANSWER SECTION:
www.google.com <http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>.
214 IN AAAA
2a00:1450:4010:c03::93
;; Query time: 333 msec
;; SERVER:
193.229.0.40#53(193.229.0.40)
;; WHEN: Sat Oct 12 14:20:35 2013
;; MSG SIZE rcvd: 60
mkomu@bling:~$ ping6
2a00:1450:4010:c04::68
PING
2a00:1450:4010:c04::68(2a00:__________1450:4010:c04::68) 56
data bytes
64 bytes from
2a00:1450:4010:c04::68:
icmp_seq=1
ttl=55
time=1363 ms
64 bytes from
2a00:1450:4010:c04::68:
icmp_seq=2
ttl=55
time=441 ms
^C
--- 2a00:1450:4010:c04::68 ping
statistics ---
2 packets transmitted, 2
received, 0%
packet loss,
time 1000ms
rtt min/avg/max/mdev =
441.913/902.595/1363.277/460.__________682
ms, pipe 2
mkomu@bling:~$ ip route get
2a00:1450:4010:c04::68
2a00:1450:4010:c04::68 from :: via
2a00:1450:4010:c04::68
dev teredo
src
2001:0:53aa:64c:473:6a2c:ab19:__________60e3 metric 0
If this does not work for you, it
probably means
that the
firewall
your site is blocking Teredo.
You can
contact your
site
administrator to open the UDP
port 3544.
You can also try the
2001:0:53aa:64c:3026:52b2:__________ad4a:8b91
(my test
machine) which is actually
behind a real NAT
unlike the google
server. If you can reach google
server,
but not
mine, it
most likely
means that either of us is using a
p2p-incompatible NAT.
You can also try e.g. 3ffe::x/64
address
space for
local
experiments
in your local LAN (or WLAN). Just
configure it to
the eth0
(or other
device) for two machines and try
pinging
each other.
On 10/11/2013 09:03 PM, Paola
Venuso wrote:
Hi Miika,
I uncommented the line "Bindport
3545" in file
miredo.conf as I
read on
the man page of miredo and
checked
ufw files
for rules
blocking IPv6
traffic (I uncommented two about
forwarding,
the others
about
enabling
this traffic were already
uncommented). Then I
tried
ping6 the
locators
and I got the message:
unknown host.
Also I tried manual set up with
IPv4-based
locators, as you
wrote me,
and my host exchanged HIP
UPDATE and
I1, R1,
I2, R2
packets with
another
host, with
address193.167.187.149, that I
don't know
but I guess
maybe
it's one of infrahip servers.
Anyway, I am not sure I checked
correctly for
rules
about IPv6
traffic.
What should I do about this?
Could
all this
problems be
connected also
with virtual machine net
configuration? It is
NAT by
default,
but there
are some other options.
Thanks for all the help
you're giving
to me.
Paola
2013/10/11 Miika Komu
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>>
Hi Paola,
it seems your
installation is
fine. Base
on my own
experiences, I
think that a middlebox
(firewall) is
blocking your
IPv6
traffic (in
the case of Teredo it's
UDP port
3544).
Did you try to
ping6 the
routable addresses
(locators)?
I also recommend trying
a manual
set up with
IPv4-based
locators as
follows:
hipconf daemon rst all
hipconf daemon add map
PEER_HIT
PEER_IPV4_ADDRESS
ping6 PEER_HIT
On 10/10/2013 12:42 AM,
Paola
Venuso wrote:
Hi Miika,
hipd is running at the
responder, the
firewall
is not
blocking HIP
traffic and I don't use
redhat-based
distro.
This is the output
of the
commands
from the
manual:
paola@ubuntu:~$
dpkg -l 'hipl*'
Desired=Unknown/Install/____________Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/____________Unpacked/halF-conf/__Half-____inst/______trig-__aWait/Trig-____pend
|/
Err?=(none)/Reinst-required
(Status,Err:
uppercase=bad)
||/ Nome
Versione
Descrizione
+++-==============-===========____________===-================__==__==__==__==__==__==========__====__====
ii hipl-all
1.0.8-6429 HIP for
Linux full
software bundle
ii hipl-daemon
1.0.8-6429 HIP for
Linux IPsec key
management and
mobil
ii hipl-dnsproxy
1.0.8-6429 HIP for
Linux name
lookup proxy
ii hipl-doc
1.0.8-6429 HIP
for Linux
documentation
ii hipl-firewall
1.0.8-6429 HIP
for Linux
multi-purpose
firewall
daemon
un hipl-minimal
<nessuna>
(nessuna
descrizione
disponibile)
un hipl-tools
<nessuna>
(nessuna
descrizione
disponibile)
paola@ubuntu:~$ hipconf
daemon get ha all
Sending user
message 22 to
HIPD on
socket 3
Sent 40 bytes
Waiting to receive
daemon info.
240 bytes received
from HIP
daemon.
HA is I1-SENT
Shotgun mode is off.
Broadcast mode
is off.
Local HIT:
2001:0012:421d:99a0:005d:d60f:____________73b0:4407
Peer HIT:
2001:001a:2a72:f01c:d98e:311c:____________c76a:57c4
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP:
2001:0000:53aa:064c:2cde:3e12:____________4367:467f
Local NAT
traversal UDP
port: 10500
Peer IP:
2001:0708:0140:0220:0000:0000:____________0000:0016
Peer NAT
traversal UDP
port: 10500
Peer hostname:
------------------------------____________--------------------__--__--__--__--__--__----------__----__----__----__----__----____------__------__------__------____------
paola@ubuntu:~$
uname -a
Linux ubuntu
3.5.0-41-generic
#64~precise1-Ubuntu SMP
Thu Sep 12
17:01:55 UTC 2013
i686 i686 i386
GNU/Linux
paola@ubuntu:~$
lsb_release -a
No LSB modules are
available.
Distributor ID:
Ubuntu
Description: Ubuntu
12.04.3 LTS
Release: 12.04
Codename: precise
------------------------------____________--------------------__--__--__--__--__--__----------__----__----__----__----__----____------__------__------__------____------
paola@ubuntu:~$ cat
/etc/hip/hipd.conf
# Format of this
file is as with
hipconf, but
without
"hipconf
daemon"
prefix
# add hi default
# add
all four
HITs (see
bug id 592127)
# add map HIT IP #
preload some
HIT-to-IP
mappings
to hipd
# add service rvs
# the
host acts
as HIP
rendezvous
(also see
relay.conf)
# add server rvs
[RVS-HIT]
<RVS-IP-OR-HOSTNAME>
<lifetime-secs> #
register to
rendezvous server
# add server relay
[RELAY-HIT]
<RVS-IP-OR-HOSTNAME>
<lifetime-secs> #
register to relay
server
# add server full-relay
[RELAY-HIT]
<RVS-IP-OR-HOSTNAME>
<lifetime-secs>
# register to relay
server
hit-to-ip on #
resolve HITs to
locators in
dynamic DNS zone
# hit-to-ip set
hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>
<http://hit-to-ip.infrahip.net__>
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>
<http://hit-to-ip.infrahip.______net__
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>>
<http://hit-to-ip.infrahip.________net__
<http://hit-to-ip.infrahip.______net__
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>>>
<http://hit-to-ip.infrahip.__________net__
<http://hit-to-ip.infrahip.________net__
<http://hit-to-ip.infrahip.______net__
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>>>>.
# resolve HITs to
locators
in dynamic
DNS zone
nsupdate on # send
dynamic
DNS updates
# add server rvs
hiprvs.infrahip.net <http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
50000
# Register to free
RVS at
infrahip
# heartbeat 10 #
send ICMPv6
messages
inside
HIP tunnels
# locator on
# host
sends all
of its
locators in
base
exchange
# shotgun on # use
all possible
src/dst IP
combinations
to send
I1/UPDATE
# broadcast on #
broadcast
to LAN if no
matching IP
address found
# opp
normal|advanced|none
# transform order 213 #
crypto preference
order (1=AES,
2=3DES,
3=NULL)
nat plain-udp
# use UDP
capsulation (for
NATted
environments)
#nat port local 11111 #
change local
default
UDP port
#nat port peer 22222 #
change local
peer UDP port
debug medium
# debug
verbosity: all,
medium, low
or none
default-hip-version 1 #
default HIP
version
number for
the I1
message.
(1=HIPv1, 2=HIPv2)
------------------------------____________--------------------__--__--__--__--__--__----------__----__----__----__----__----____------__------__------__------____------
paola@ubuntu:~$ sudo
iptables -L -n
Chain INPUT (policy
ACCEPT)
target prot opt
source
destination
HIPFW-INPUT all --
0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT 139 --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT 139 --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT udp --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
udp
spt:10500
ACCEPT esp --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT icmpv6--
0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT all --
1.0.0.0/8 <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
1.0.0.0/8 <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
Chain FORWARD
(policy ACCEPT)
target prot opt
source
destination
HIPFW-FORWARD all --
0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
Chain OUTPUT
(policy ACCEPT)
target prot opt
source
destination
HIPFW-OUTPUT all --
0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT 139 --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT udp --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
udp
dpt:10500
ACCEPT esp --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT icmpv6--
0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
...
