Hi everyone!
I have a Mac Mini that, while it was running Snow Leopard, had no problems acting as the IPv6 router for my small network. Since upgrading to Lion a few days ago, I've been unable to both ping its IPv6 interface, and connect to any hosted services on it via IPv6. The mini is still able to ping and use IPv6 services on the internet, and the other computers on the network which get IPv6 addresses from the minis rtadvd service are able to use the IPv6 internet.
I tried to figure this out yesterday and this morning, but had no luck. The best I can come up with is that its a routing issue on the mini. If I tcpdump the gif0 interface, which if the tunnel interface, I can see my external host (2001:470:5:97a::1) is pinging the first address of my routed /64, which is assigned to en0 on the mini, but nothing responds over the tunnel. Below is a snippet of the tcpdump.
12:07:13.178945 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 1, length 64
12:07:14.185405 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 2, length 64
12:07:15.193452 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 3, length 64
12:07:16.201447 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 4, length 64
12:07:17.209511 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 5, length 64
12:07:18.217356 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 6, length 64
12:07:19.225472 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 7, length 64
12:07:20.233422 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 8, length 64
12:07:21.246180 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 9, length 64
12:07:22.258692 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 10, length 64
Below are the relevant configs:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 2001:470:1f05:108:: prefixlen 64
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 192.168.0.99 --> 72.52.104.74
inet6 fe80::225:4bff:feb4:2a08%gif0 prefixlen 64 scopeid 0x2
inet6 2001:470:1f04:108::2 --> 2001:470:1f04:108::1 prefixlen 128
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:25:4b:b4:2a:08
inet6 fe80::225:4bff:feb4:2a08%en0 prefixlen 64 scopeid 0x4
inet 192.168.0.99 netmask 0xffffff00 broadcast 192.168.0.255
inet6 2001:470:1f05:108::1 prefixlen 64
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
And the routing table:
Internet6:
Destination Gateway Flags Netif Expire
default 2001:470:1f04:108::1 UGSc gif0
::1 link#1 UHL lo0
2001::4137:9e76:808:2d5:b736:3df8 2001:470:1f04:108::1 UGHW3Ii gif0 3475
2001::4137:9e76:103f:1abd:b04f:6855 2001:470:1f04:108::1 UGHW3Ii gif0 3564
2001::4137:9e76:1c7d:d4f5:cd86:c5db 2001:470:1f04:108::1 UGHWIi gif0
2001::4137:9e76:3815:e2b:475d:ff72 2001:470:1f04:108::1 UGHW3Ii gif0 3512
2001::5ef5:79fb:30a6:25c7:ba58:36b 2001:470:1f04:108::1 UGHW3Ii gif0 3548
2001:470:5:79a::1 2001:470:1f04:108::1 UGHW3Ii gif0 3279
2001:470:5:97a::1 2001:470:1f04:108::1 UGHW3Ii gif0 3494
2001:470:1f04:108::1 2001:470:1f04:108::2 UHL gif0
2001:470:1f04:108::1 link#2 UHLI gif0
2001:470:1f04:108::2 link#2 UHL lo0
2001:470:1f05:108:: link#1 UHL lo0
2001:470:1f05:108::/64 fe80::1%lo0 UcI lo0
2001:470:1f05:108::1 0:25:4b:b4:2a:8 UHLS lo0
2001:4860:4860::8844 2001:470:1f04:108::1 UGHW3Ii gif0 2010
2001:4860:4860::8888 2001:470:1f04:108::1 UGHW3Ii gif0 3105
2607:f8b0:4001:c01::63 2001:470:1f04:108::1 UGHWIi gif0
2607:f8b0:4001:c01::68 2001:470:1f04:108::1 UGHW3Ii gif0 1615
2607:f8b0:4001:c01::69 2001:470:1f04:108::1 UGHW3Ii gif0 3295
2607:f8b0:4001:c01::93 2001:470:1f04:108::1 UGHW3Ii gif0 2875
2607:fcd0:100:c21:216:3cff:fe8d:d540 2001:470:1f04:108::1 UGHW3Ii gif0 3439
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%gif0/64 link#2 UCI gif0
fe80::1%gif0 link#2 UHLWIi gif0
fe80::225:4bff:feb4:2a08%gif0 link#2 UHLI lo0
fe80::4901:6562:347a:262a%gif0 link#2 UHLWIi gif0
fe80::c62c:3ff:fe17:60ab%gif0 link#2 UHLWIi gif0
fe80::%en0/64 link#4 UCI en0
fe80::225:4bff:feb4:2a08%en0 0:25:4b:b4:2a:8 UHLI lo0
fe80::a20b:baff:fe8e:4e%en0 a0:b:ba:8e:0:4e UHLWIi en0
fe80::c62c:3ff:fe17:60ab%en0 c4:2c:3:17:60:ab UHLWIi en0
ff01::%lo0/32 fe80::1%lo0 UmCI lo0
ff01::%gif0/32 link#2 UmCI gif0
ff01::%en0/32 link#4 UmCI en0
ff02::%lo0/32 fe80::1%lo0 UmCI lo0
ff02::%gif0/32 link#2 UmCI gif0
ff02::%en0/32 link#4 UmCI en0
Can anyone see any glaring errors in the configs, or problems in the routing table?
Thank you for your time! :)
Did you have to re-configure the tunnel after you upgraded?
Quote from: cholzhauer on February 13, 2012, 11:26:51 AM
Did you have to re-configure the tunnel after you upgraded?
No, I didn't touch the configuration after the upgrade.
Has Lion changed the way the firewall is configured? Can you turn off the firewall temporarily and repeat the tests?
Looks like I will be sticking with 10.6 for a while longer then!
Quote from: nickbeee on February 13, 2012, 04:08:45 PM
Has Lion changed the way the firewall is configured? Can you turn off the firewall temporarily and repeat the tests?
I have the
ip6fw set to allow everything:
65535 allow ipv6 from any to any