Now that IPV4 address exhaustion is upon us, I'm looking at setting up an IPV6 tunnel with tunnelbroker.net to start playing around with IPV6. To do this, protocol 41 needs to be forwarded from the WAN interface to my test system. The Tomato GUI only allows selection of TCP and UDP protocols for port forwarding - what iptables commands should be used to forward prototol 41? (I figure the appropriate commands can be placed in the Firewall script.)
I think I have it figured out - for test purposes since I don't have the tunnel set up yet I found that adding the following to the firewall script (instead of using port forwarding via web interface) would forward ssh traffic:
iptables -A wanin -p tcp —dport 22 -d 192.168.1.100 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp —dport 22 -j DNAT —to 192.168.1.100
So, hopefully the following should work for forwarding protocol 41 for the IPV6:
iptables -A wanin -p 41 -d 192.168.1.100 -j ACCEPT
iptables -A PREROUTING -t nat -p 41 -j DNAT —to 192.168.1.100
I'll give it a try as soon as I get the tunnel set up…
Umm, I think you mean WANPREROUTING, not PREROUTING?
I can confirm that the following works:
iptables -t nat -A WANPREROUTING -p 41 -j DNAT --to-destination 192.168.1.100 iptables -A wanin -p 41 -d 192.168.1.100 -j ACCEPT
Note that "-p ipv6" can be used as an alias for "-p 41".
Also, ipv6-enabled builds in the next release of TomatoUSB will support using a static IPv6 tunnel (such as tunnelbroker.net) directly from the router, and include an interface page for configuring them.
Thanks, WANPREROUTING was the missing piece that was needed to get this to work, I can now ping ipv6 addresses across the tunnel. Will definitely have to try out the next Tomato release when it's available, sounds great.