libnetfilter-queue and lsi

The default flags are:
* hipd: -bkN
* hipfw: -bklpF

I can't repeat this on two 64-bit precise machines. I even tried logging with ssh over an LSI and then ran sudo, but pinging of the LSI still works. Juhani, please let me know if I got something wrong.

Another question: does, e.g,. ssh to the lsi still work even though ping wouldn't?

Hi,

It looks to me that you got everything right.
I have tried this again and I could still repeat this.

I tried setting up two hosts, and running both ping and ping6 on both of them toward the other host.
Initially:
vm -> charlie, ping: ok, ping6: ok
charlie -> vm, ping: no, ping6: ok

Now running sudo on vm did not change anything. Running sudo on charlie resulted in:
vm -> charlie, ping: no, ping6: ok
charlie -> vm, ping: no, ping6: ok

I had not noticed before that the IPv4 ping only received responses one way and I haven't isolated the reason yet. I tried restarting all hip components at both ends; I did manage to get ping working the other way, but then the other would not. So always one way or the other but never both at the same time.

SSH to the LSI continues to work, but that is because the SSH server also listens to IPv6 connections and it gets translated. Failing to connect with "nc -4" at both ends supports this; and if you say "nc -6" at the server and "nc -4" at the client and connect to the LSI, the connection works.

Both hosts are 64 bit Ubuntu 12.04, running kernel 3.5.0-40 and the latest hipl compiled from trunk.