Hi, everyone.
With Broquea's help, I think it is from the e-mail... :p I've been working on getting the tunnel to work.
The config of the server:
OS: CentOS 5.5 with cPanel installed.
iptables: yes
I did the following:
Quoteifconfig sit0 up
ifconfig sit0 inet6 tunnel ::66.220.18.42
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:c:67f::2/64
route -A inet6 add ::/0 dev sit1
then with Broquea's help, I did the following:
iptables -A INPUT -p 41 -i eth0 -j ACCEPT
iptables -A INPUT -p 41 -i sit0 -j ACCEPT
iptables -A INPUT -p 41 -i sit1 -j ACCEPT
So here's the following ifconfig output:
Quoteroot@serv [~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.10 Bcast:69.61.68.15 Mask:255.255.255.248
inet6 addr: fe80::21c:c0ff:fef2:26a6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21826620 errors:0 dropped:0 overruns:0 frame:0
TX packets:29327296 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5360738967 (4.9 GiB) TX bytes:31752490950 (29.5 GiB)
Memory:d0700000-d0720000
eth0:1 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.11 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:2 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.12 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:3 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.13 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:4 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.14 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:5 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.34 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:6 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.35 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:7 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.36 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:8 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.37 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:9 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.38 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:10 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.39 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:11 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.40 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:12 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.41 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:13 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.42 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:14 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.43 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:15 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.44 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:16 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.45 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
eth0:17 Link encap:Ethernet HWaddr 00:1C:C0:F2:26:A6
inet addr:69.61.68.46 Bcast:69.61.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:d0700000-d0720000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1961182 errors:0 dropped:0 overruns:0 frame:0
TX packets:1961182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:206697510 (197.1 MiB) TX bytes:206697510 (197.1 MiB)
sit0 Link encap:IPv6-in-IPv4
inet6 addr: ::69.61.68.45/96 Scope:Compat
inet6 addr: ::69.61.68.44/96 Scope:Compat
inet6 addr: ::69.61.68.14/96 Scope:Compat
inet6 addr: ::69.61.68.13/96 Scope:Compat
inet6 addr: ::69.61.68.46/96 Scope:Compat
inet6 addr: ::69.61.68.12/96 Scope:Compat
inet6 addr: ::69.61.68.41/96 Scope:Compat
inet6 addr: ::69.61.68.11/96 Scope:Compat
inet6 addr: ::69.61.68.40/96 Scope:Compat
inet6 addr: ::69.61.68.10/96 Scope:Compat
inet6 addr: ::69.61.68.43/96 Scope:Compat
inet6 addr: ::69.61.68.42/96 Scope:Compat
inet6 addr: ::69.61.68.37/96 Scope:Compat
inet6 addr: ::69.61.68.36/96 Scope:Compat
inet6 addr: ::127.0.0.1/96 Scope:Unknown
inet6 addr: ::69.61.68.39/96 Scope:Compat
inet6 addr: ::69.61.68.38/96 Scope:Compat
inet6 addr: ::69.61.68.35/96 Scope:Compat
inet6 addr: ::69.61.68.34/96 Scope:Compat
UP RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
sit1 Link encap:IPv6-in-IPv4
inet6 addr: fe80::453d:442d/64 Scope:Link
inet6 addr: fe80::453d:442c/64 Scope:Link
inet6 addr: fe80::453d:440e/64 Scope:Link
inet6 addr: 2001:470:c:67f::2/64 Scope:Global
inet6 addr: fe80::453d:440d/64 Scope:Link
inet6 addr: fe80::453d:442e/64 Scope:Link
inet6 addr: fe80::453d:440c/64 Scope:Link
inet6 addr: fe80::453d:4429/64 Scope:Link
inet6 addr: fe80::453d:440b/64 Scope:Link
inet6 addr: fe80::453d:4428/64 Scope:Link
inet6 addr: fe80::453d:440a/64 Scope:Link
inet6 addr: fe80::453d:442b/64 Scope:Link
inet6 addr: fe80::453d:442a/64 Scope:Link
inet6 addr: fe80::453d:4425/64 Scope:Link
inet6 addr: fe80::453d:4424/64 Scope:Link
inet6 addr: fe80::453d:4427/64 Scope:Link
inet6 addr: fe80::453d:4426/64 Scope:Link
inet6 addr: fe80::453d:4423/64 Scope:Link
inet6 addr: fe80::453d:4422/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:44 dropped:0 overruns:0 carrier:44
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
And I tried running tcpdump, but I was a little overwhelmed by the dump going by so fast because this server receives a LOT of traffic.
So I'll ask for others' eyes on this, as I need to ensure I'm getting this right, haha. If you guys need further info, please let me know. :)
OK, so what problem(s) are you having?
Basically, I'm having trouble checking to see if the ipv6to4 tunnel is working.
I know a tcpdump would be the preferred option, but I'd like to confirm from the outside whether it actually works or not.
Basically, what I'm trying to do is to verify that the tunnel is in fact working and can receive/send ipv6 to 4 traffic.
Gotcha
I tried pinging your side of the tunnel, but didn't work
mars# ping6 2001:470:c:67f::2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:c:67f::2
^C
--- 2001:470:c:67f::2 ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
I saw you're using IPTables (I'm not familiar with it, so forgive me for being dumb) but if you're not blocking ICMP, I can't get through
Yes, I'm using IPTables.
And yes, I'm blocking ICMP. Anyone that traceroutes to the server tends to get blocked, though I'm considering unblocking ICMP. I'm checking the firewall and making an edit to allow traceroutes.
Edit: Should be allowed now, I think.
No, still doesn't work
We won't get into the IMCP blocking debate.
What service can we test if you're blocking ICMP?
Please note that HE tunnels are "6in4", not "6to4". 6to4 are assigned from 2002::/16.
Quote from: cholzhauer on September 29, 2010, 05:01:04 AM
No, still doesn't work
We won't get into the IMCP blocking debate.
What service can we test if you're blocking ICMP?
You can test HTTPD, as I know for certain anyone can reach it... I know that one's reachable, heh. I'm not entirely sure yet, as I've been figuring out how all of this works, as this isn't like ipv4. As for the site, it'd be shatteredtears.com
Snarked: Ah, thanks for the correction.
I'll be contacting CSF/cPanel shortly for further help on ipv6in4.
[carl@mars ~]$ host shatteredtears.com
shatteredtears.com has address 69.61.68.10
shatteredtears.com mail is handled by 0 mail6.zoneedit.com.
shatteredtears.com mail is handled by 0 mail7.zoneedit.com.
Nope, that site isn't IPv6 capable.
Hm. Alright. I'll disable the server's IPTables for the moment and take it out of the equation and see what happens.
Thanks for helping me out so far!
Quote
Hm. Alright. I'll disable the server's IPTables for the moment and take it out of the equation and see what happens.
That won't work for this. You'll need to edit the DNS entry if you want the site to be associated with an IPv6 address
Alright, I'm going to try assigning an IPv6 address to the site. >_>
I'm kinda fighting this one.
I assigned the IP: 2001:470:c:67f::2 to shatteredtears.com
but it doesn't seem to have taken, so I think it's something else at issue here. I'm going to contact my datacenter and see if they can help me out here, as they seem to have a working IPv6 setup on their VPS servers.
ping works to that address
[carl@mars ~]$ ping6 2001:470:c:67f::2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:c:67f::2
16 bytes from 2001:470:c:67f::2, icmp_seq=0 hlim=56 time=259.932 ms
16 bytes from 2001:470:c:67f::2, icmp_seq=1 hlim=56 time=254.006 ms
16 bytes from 2001:470:c:67f::2, icmp_seq=2 hlim=56 time=255.635 ms
^C
--- 2001:470:c:67f::2 ping6 statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/std-dev = 254.006/256.524/259.932/2.500 ms
But you're right, no DNS entry yet
Score, something works! IT WORKS! hahahaha
Alright, working on it. I think this requires an AAAA?
Yes, an AAAA record is used for IPv6
Added! :D
Should work now... I think. One more question:
Would this work so long as I assign other IPs, say: 2001:470:c:67f::3 for example, to other domains on the server?
Yes, but you'll never be able to set reverse DNS since you are using the link /64 and not the routed /64.
Ah! Okay, so to make sure I can set reverse DNS, how would I proceed in this manner?
Configure IPs out of your routed /64 instead, on your server. Then you can control rDNS after delegation to whatever server or service you will use to manage it. Broker accounts get access to dns.he.net automatically if you want to use that service.
Gotcha, that's what I was trying to learn how to do, to route IPs out of my assigned /64.
Thanks a whole bunch for the help so far!
I'll be dropping by that service in a bit to check it out.
Edit: So, I click on Routed /48 and I see a bunch of stuff, in my tunnel detail list.
Jesus.
It took several hours of banging my head against the wall this morning.
Turns out it's not CSF at fault.
It's the darned kernel. We're running pre-2.6.20. Which means CSF kills the connections unintentionally.
HOWEVER! I can at least say that IPv6in4 now works!
Try checking shatteredtears.com via IPv6. ;D
So... the solution is to essentially disable CSF and/or upgrade to post-2.6.2x kernel and reenable CSF to make it work.
For now, I'm just going to wait for a kernel upgrade and leave CSF disabled. :/