AX56U - Error adding iptables rule when using IPv6

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

brianto

New Around Here
HI,

AX56U with merlin 384.18

I have iptables rules in firewall-start like this:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 23.21.43.50:1512
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 23.21.43.50:1512

It works when using IPv4 only.

When I activated IPv6, using tunnelbroker setting, I got these error messages:

[ERROR cmdlist] cmdlist_ucast_create_bin,1904: Could not ipv4_addresses_table_add

IPv6 works, but those rules wasn't loaded. Tried to disable IPv6 firewall but the errors persist.

Any helps, tips, pointers for this problem?
Many thanks in advance.
 

SomeWhereOverTheRainBow

Very Senior Member
HI,

AX56U with merlin 384.18

I have iptables rules in firewall-start like this:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 23.21.43.50:1512
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 23.21.43.50:1512

It works when using IPv4 only.

When I activated IPv6, using tunnelbroker setting, I got these error messages:

[ERROR cmdlist] cmdlist_ucast_create_bin,1904: Could not ipv4_addresses_table_add

IPv6 works, but those rules wasn't loaded. Tried to disable IPv6 firewall but the errors persist.

Any helps, tips, pointers for this problem?
Many thanks in advance.
The problem with ipv6 is that there is limits to the firewall rules with asuswrt in general. even merlin asuswrt. it is the same issue. the trick is that you either have to not use IPV6 or block it for what ever you don't want it to be able to do and allow it for only whatever you want it to do.
 

brianto

New Around Here
Hi,
Thanks for the tips.

Somehow, changing the destination ip address to another provider is what works for me.
Now, I can bypass transparent dns proxy and still have IPv6.

Cheers.
 
Last edited:

brianto

New Around Here
Hi,

I spoke too soon

While the errors disappear when I look into dmesg, the result is still the same.

When IPV6 works, the IPV4 iptables rules are abandoned.
When I disable IPV6, the iptables rules are working.

Cheers.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top