Re: IP6tables crash

From: noi <noi@xxxxxxxx>
Date: Sat, 11 Mar 2006 09:59:59 GMT

On Fri, 10 Mar 2006 14:19:10 -0800, jollyroger wrote this:

The ip6 message means what it says. IP6 does not support state
matching, ie, if http do something.

Sorry pal I forgot to say I am totally new to Linux and to serious (non
Microsoft) computing .

So, what is ip6? And "State Matching"? I have installed SuSE 10 on a AMD
64 Sempron, no multiple processor or so. But the service is skipped when
loading: could it be that SuSE enables it only if it finds a
multiprocessor?

It seems the problem has been "fixed" by turning the firewall off, but I
am not sure.

Sorry I was away. IP6 is an new version of internet protocol address
scheme using 6 number sets instead of the 4 that are used in IP4. IP6 is
supposed to do 2 things, uniquely identify a host and increase the number
of network addresses available. I forget why iptables doesn't
do IP6 state matching.

IP4 normally uses numbering like 192.168.0.1 to identify a host machine on
a network. For IP4 usually the first 3 sets indicate the network and the
last indicate a host. There are complete descriptions on the internet
but that is the basic.

To communicate on the internet from say google to your pc. Your pc first
sends a little hello packet onto the internet looking for google. Machines
(routers, etc) pass that packet along until it gets to google which sends
back an acknowlegement packet which is also passed along until it gets
back to your PC. Then your PC starts sending packets to google with a port
number to telling the google machine what kind of connection you're
establishing. Google sends back a port number confirming the connection
and your pc has it's established connection.

The status of that port connection is its state, ie, new, established,
related. A new packet on that port, an established connection, a related
connection.

HTH
.

Follow-Ups:
- Re: IP6tables crash
  - From: stan

References:
- IP6tables crash
  - From: jollyroger
- Re: IP6tables crash
  - From: noi
- Re: IP6tables crash
  - From: jollyroger

Prev by Date: Re: logging everything on bash
Next by Date: behind NAT: how to find out the open number/ports of firewall ?
Previous by thread: Re: IP6tables crash
Next by thread: Re: IP6tables crash
Index(es):
- Date
- Thread

Relevant Pages

Re: peer to peer messaging
... attempts to open a connection to port 80 of the server at that IP address. ... For example a packet from my machine might have source IP ... Packets from the sever to my laptop would have those reversed. ...
(comp.lang.java.programmer)
Re: IPFW Dynamic Rules
... > So if the dynamic rule has the same behaviour as the origination ... > rule on the same port with the same protocol, ... If client sends UDP query to DNS on your machine, you get the packet: ... is deleted after connection is inactive for some time. ...
(FreeBSD-Security)
[NEWS] Cisco PIX TCP Connection DoS
... Get your security news from a reliable source. ... By crafting a special TCP packet and sending it to a vulnerable Cisco PIX, ... embryonic connection open until the embryonic connection timeout which is ...
(Securiteam)
Re: Nmap questions concering my router
... that may have to be fetched) is downloaded as one connection. ... >> all addresses (and may listen using just one interface to receive all ... sends packets to the correct protocol driver ... wire to an IP packet, and hands this to the IP driver which strips off ...
(comp.security.firewalls)
Re: Port "triggering"
... The reason you should specify the -d above is if you have two internal nets ... If you are connecting to some outside server your connection will never make ... Again, the rule you had takes every single packet going to port 3783, no ... At the end of each chain I do a: ...
(comp.os.linux.security)