On Mon, 16 May 2011, Todd Lyons wrote:
Double check the kernel version you have. IIRC kernels before 2.6.20 didn't have the ability to do RELATED,ESTABLISHED in ipv6. This hit me on a CentOS box that I was using as a gateway. I am unaware if there is a version of their 2.6.18 that has the patches backported (googling seemed to indicate it has not been done, and most are just waiting for new release of CentOS 6). RH6 works properly.
From my experience, kernels older than 2.6.27 or so are simply to be avoided for anything v6 - in addition to no iptables state pre20, there were some RA processing bugs that would result in great fun if, for example, your upstream MTU ever changed. Finding usable backports on CentOS was an exercise in futility.
-e