Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 222446 - ipv6 connection tracking module doesn't track connections.
ipv6 connection tracking module doesn't track connections.
Status: CLOSED DUPLICATE of bug 214117
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2007-01-12 10:59 EST by D. Boyter
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-05 15:13:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description D. Boyter 2007-01-12 10:59:35 EST
Description of problem:
ipv6 conntrack modulel state RELATED,ESTABLISHED doesn't work.

Version-Release number of selected component (if applicable):

How reproducible:
Very reproducable

Steps to Reproduce:
1. Setup ip6tables with

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable

And perform /etc/rc.d/init.d/ip6tables restart

2. Try browsing an ipv6 only web page such as http://d6.6dns.org/info/ipv6
3. After the web page doesn't load execute iptables -L -v -n |less

Actual results:
A web page that doesn't load, and
A number of rejects with reject-with icmp6-port-unreachable, and
0 packets accepted with state RELATED,ESTABLISHED

Expected results:
A loaded web page,
A number of packets accepted with state RELATED,ESTABLASHED,
0 or very few packets rejected with reject-with icmp6-port-unreachable

Additional info:
Comment 1 D. Boyter 2007-01-12 11:01:19 EST
Kernel version is kernel-2.6.18-1.2868.fc6
Comment 2 Serge Droz 2007-01-22 14:16:30 EST
That's a dublicate of 214117
Comment 3 Chuck Ebbert 2007-02-05 15:13:29 EST

*** This bug has been marked as a duplicate of 214117 ***

Note You need to log in before you can comment on or make changes to this bug.