|
What is proto59: IPv6-NoNxt (No Next Header for IPv6) [RFC1883]
![[nl]](/s/countries/nl.gif) Shadow Hawkins on Friday, 04 September 2009 13:18:03
Hello,
I have a sixxs tunnel and I'm creating a firewall using ip6tables.
I have allowed the local lan subnet to internet and I have allowed icmpv6.
I see the following packets being rejected by ip6tables:
IN=sixxs OUT=<if-out> SRC=<ipv6 address> DST=<ipv6 address> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
They are going to an ipv6 enabled host and I am having the following rules:
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
So I suppose it is not related...
Does anybody know what it is and if I should accept it?
With kind regards,
Tom
What is proto59: IPv6-NoNxt (No Next Header for IPv6) [RFC1883]
Does anybody know what it is and if I should accept it?
Afaik you should never see these kind of packets on your interface.
The best thing you can check is why that host is talking to your host.
As you stripped out the IP addresses, not much can be said about it.
Is it coming from a PoP?
Firewalls are something that the administrator of the network configures on what comes in and goes out. You'll have to decide if you like that packet or not.
(and not forget that there are loads of ways to get into your network by using the ip/ports/protocols that you open... even with established state)
What is proto59: IPv6-NoNxt (No Next Header for IPv6) [RFC1883]
Shadow Hawkins on Friday, 04 September 2009 16:29:08
Hi Jeroen,
Thank you for responding.
I will start a trace on my sixxs interface to see what happens there.
Here's a less stripped version of the logging:
Sep 4 13:05:07 host kernel: [1708092.423009] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:08e5:1a1d:b3e3:3599 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:06:05 host kernel: [1708149.956731] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:18b4:0dad:ba6a:d8e4 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:07:09 host kernel: [1708213.640000] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:18b4:0dad:ba6a:d8e4 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:07:28 host kernel: [1708232.890973] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:3431:119b:e7af:bd5f DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:08:52 host kernel: [1708316.700364] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:18b4:0dad:ba6a:d8e4 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:10:28 host kernel: [1708413.105809] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:3431:119b:e7af:bd5f DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:10:33 host kernel: [1708417.926630] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:28ff:0f25:715d:3fbd DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:11:33 host kernel: [1708478.370528] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:3c0a:1eda:9d80:c530 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:12:18 host kernel: [1708522.819693] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:28ff:0f25:715d:3fbd DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:14:13 host kernel: [1708638.397237] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:3431:119b:e7af:bd5f DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:14:53 host kernel: [1708677.780972] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:28a3:0c0d:b5b8:56c5 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:15:08 host kernel: [1708692.747435] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:28a3:0c0d:b5b8:56c5 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:15:23 host kernel: [1708707.675331] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:08e5:1a1d:b3e3:3599 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:15:27 host kernel: [1708712.385231] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:28a3:0c0d:b5b8:56c5 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:15:46 host kernel: [1708731.362798] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:28a3:0c0d:b5b8:56c5 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:15:57 host kernel: [1708741.606615] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:1025:3d96:9d2a:a6f9 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:16:28 host kernel: [1708773.376440] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:3431:119b:e7af:bd5f DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:18:17 host kernel: [1708882.284768] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:1054:2866:b9bf:5d68 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:18:45 host kernel: [1708909.692632] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:08e5:1a1d:b3e3:3599 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:20:40 host kernel: [1709024.820230] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:cf2e:3096:002f:3663:8357:840b DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:20:44 host kernel: [1709028.769270] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:3431:119b:e7af:bd5f DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:23:29 host kernel: [1709193.918249] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:08e5:1a1d:b3e3:3599 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:24:26 host kernel: [1709251.366296] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:08e5:1a1d:b3e3:3599 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:25:11 host kernel: [1709296.117237] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:08e5:1a1d:b3e3:3599 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Sep 4 13:25:23 host kernel: [1709308.275935] FIREWALL6 sixxs: IN=sixxs OUT=eth4 SRC=2001:0000:4137:9e50:280a:15a6:b8b2:3637 DST=<ipv6 dest> LEN=40 TC=0 HOPLIMIT=14 FLOWLBL=0 PROTO=59
Do you know what PROTO=59 is? I have read the part about that in the rfc, but it doesn't say anything to me...
What is proto59: IPv6-NoNxt (No Next Header for IPv6) [RFC1883]
Do you know what PROTO=59 is? I have read the part about that in the rfc, but it doesn't say anything to me...
It basically means that you will just have [ETHERNET][IPv6] and that is it, instead of for instance [ETHERNET][IPv6][TCP]
Ethernet has a protocol field with 0x86DD in it, which says "after my header there is IPv6", same for IPv6, the next header just points to 59, which for IP protocols means "nothing left".
As the above are all Teredo hosts, and clearly they know an address in your network, you must be talking to them already, otherwise it is kinda tricky to find your host. As such, which application (I assume it is p2p/BT) are you running. Might be that some implementation somewhere does something odd.
Only true way to find out what it is: wireshark it.
|
![[ch]](/s/countries/ch.gif)
on Friday, 04 September 2009 14:15:50
Posting is only allowed when you are