Explanation of ipv6 issues

| | Comments (0)
This probably should have been obvious, but:

Let's say that on Linux we have this networking configuration

*eth0---------\
                br0
*dummy0---/

*eth1

And only eth1 has an IP address assigned.

If traffic shows up on br0 that something wants to respond to (for example centos' default response that the packet is prohibited), and the response is within the subnet of eth1, the response will be sent out from eth1.

One specific example is there was a ping to 2001:470:0:76::2 showing up on br0. The ip6tables forward rules specified that this was to be rejected. eth1 had an ip address in the same subnet as 2001:470:0:76::2 and so the response was sent out on eth1.

Either changing the REJECT to DROP or having no IP address assigned in the same subnet as the traffic on br0 would have kept this from happening.

Leave a comment

About this Entry

This page contains a single entry by srn published on November 6, 2014 8:50 PM.

ipv6 issues was the previous entry in this blog.

Console issues field.prgmr.com is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.