[ntp:questions] IPv6 and ip6tables

Xavier Robin geckolimo at gmail.com
Mon Mar 11 09:10:17 UTC 2013


Hi,

Has anyone some experience serving NTP over IPv6 through an ip6tables firewall here?

Despite the fact that I opened port 123 (both UPD and TCP), as soon as I set the INPUT policy to DROP, NTP becomes unreachable. Is it using a different port on ipv6 or something like this? The server is fully reachable when the INPUT policy is ACCEPT. It is also reachable over ipv4 with the same iptables rule (and DROP policy). 

I append the rules at the bottom of this email. I should also note that it is a virtual (Xen) server with Ubuntu 12.04 Server, kernel 3.2.39 with ip6tables v1.4.12 and NTP server version 1:4.2.6.p3+dfsg-1ubuntu3.1 (from standard Ubuntu repos).

Any input would be very much appreciated.

Xavier



xavier at arthur:~$ sudo ip6tables -L
[sudo] password for xavier: 
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere            
ACCEPT     all      anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp      anywhere             anywhere             tcp dpt:(some ports...)
ACCEPT     udp      anywhere             anywhere             udp dpt:ntp
ACCEPT     tcp      anywhere             anywhere             tcp dpt:ntp
ACCEPT     tcp      anywhere             anywhere             tcp dpt:(more ports...)
ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp router-advertisement
ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp router-solicitation
ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp echo-request
ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp echo-reply

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



More information about the questions mailing list