Her is my setup
modprobe sit
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.80.90
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:yyy7:xx::2/64 > client ipv6 address
route -A inet6 add ::/0 dev sit1
radvd
ip -6 addr add 2001:470:yyy8:xx::100/64 dev eth1 > Routed /64: address
config for radvd give routed "2001:470:yyy8:xx:0000:0000:0000:0000 " 64 addresses
I can ping with every address in my network to any outside network
My problem is that ping from outside network don't get any answer.
appart from this one 2001:470:xxx8:xx::100 my router (Suse linux enterprise edition 11)
this address answers perfectly.
I can ping internally.
Can anyone help ???
Tor Emil
Does "ip6tables -L" show any rules?
I can't ping your tunnel end-point or the address assigned to eth1.
Traceroutes just to see traffic going through the tunnel server.
core1.sto1.he.net> traceroute ipv6 2001:470:27:a9::2
Tracing the route to IPv6 node from 1 to 30 hops
1 1 ms 1 ms 1 ms 1g-eth0.tserv24.sto1.ipv6.he.net [2001:470:0:11e::2]
2 * * * ?
3 * * * ?
4 * * * ?
5 * * * ?
core1.sto1.he.net> traceroute ipv6 2001:470:28:a9::100
Tracing the route to IPv6 node from 1 to 30 hops
1 1 ms 1 ms 1 ms 1g-eth0.tserv24.sto1.ipv6.he.net [2001:470:0:11e::2]
2 * * * ?
3 * * * ?
4 * * * ?
5 * * * ?
My iptables -L output
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
input_int all -- anywhere anywhere
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
forward_int all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
DROP all -- anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
reject_func all -- anywhere anywhere
Chain input_ext (3 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpts:tcpmux:65535 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpts:tcpmux:65535
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5801 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:5801
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5901 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:5901
ACCEPT udp -- anywhere anywhere udp dpts:tcpmux:65535
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
I dont understand wy you cant ping my addresses I can from www.berkom.blazing.de
Her is the result from one off them
Results:
1 2a01:30:100a::1 0.798 ms 0.664 ms 0.470 ms
2 2a01:30:100f::2 21.697 ms 19.391 ms 21.229 ms
3 2001:470:15:7a::1 27.776 ms 27.935 ms 26.896 ms
4 gige-g2-5.core1.fra1.he.net (2001:470:0:a5::1) 29.449 ms 29.273 ms 29.315 ms
5 10gigabitethernet1-1.core1.sto1.he.net (2001:470:0:110::2) 54.403 ms 53.452 ms 60.856 ms
6 1g-eth0.tserv24.sto1.ipv6.he.net (2001:470:0:11e::2) 52.640 ms 53.822 ms 53.792 ms
7 2001:470:28:a9::100 84.602 ms 87.132 ms 85.038 ms
Results:
1 2a01:30:100a::1 0.796 ms 2.455 ms 1.803 ms
2 2a01:30:100f::2 21.859 ms 20.060 ms 19.297 ms
3 2001:470:15:7a::1 28.924 ms 29.699 ms 28.856 ms
4 gige-g2-5.core1.fra1.he.net (2001:470:0:a5::1) 26.912 ms 30.154 ms 28.012 ms
5 10gigabitethernet1-1.core1.sto1.he.net (2001:470:0:110::2) 54.128 ms 55.197 ms 59.994 ms
6 1g-eth0.tserv24.sto1.ipv6.he.net (2001:470:0:11e::2) 56.148 ms 54.865 ms 54.810 ms
7 2001:470:27:a9::2 84.474 ms 85.454 ms 87.061 ms
As you can see both is answering ?????????
x'ing out IP addresses does nothing and makes troubleshooting harder.
See the point her is the correct with addresses
Quotemodprobe sit
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.80.90
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:27:a9::2/64 > client ipv6 address
route -A inet6 add ::/0 dev sit1
radvd
ip -6 addr add 2001:470:28:a9::100/64 dev eth1 > Routed /64: address
config for radvd give routed "2001:470:28:a9:0000:0000:0000:0000 " 64 addresses
I can ping with every address in my network to any outside network
My problem is that ping from outside network don't get any answer.
apart from 2001:470:28:a9::100 my router (Suse linux enterprise edition 11 and 2001:470:27:a9::2
I just came across this yesterday too...why are you using both sit0 and sit1?
Other then that, if you drop the firewall, does everything work?
I'm guessing the reason he has sit0 and sit1 is because it's the config tunnelbroker generates for Linux-net-tools (which is correct as far as I know):
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.80.90
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470::X/64
route -A inet6 add ::/0 dev sit1
The same traceroutes I did yesterday are now working:
core1.sto1.he.net> traceroute ipv6 2001:470:27:a9::2
Tracing the route to IPv6 node from 1 to 30 hops
1 1 ms 1 ms 1 ms 1g-eth0.tserv24.sto1.ipv6.he.net [2001:470:0:11e::2]
2 32 ms 36 ms 33 ms torhowden-1-pt.tunnel.tserv24.sto1.ipv6.he.net [2001:470:27:a9::2]
core1.sto1.he.net> traceroute ipv6 2001:470:28:a9::100
Tracing the route to IPv6 node from 1 to 30 hops
1 1 ms 1 ms 1 ms 1g-eth0.tserv24.sto1.ipv6.he.net [2001:470:0:11e::2]
2 34 ms 44 ms 36 ms 2001:470:28:a9::100
Did you change anything?
What about the output for "ip6tables -L"? "iptables -L" only shows rules for IPv4.
Mr. typo was out walking again ;D
her is ip6tables
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere state ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere state RELATED
input_int all anywhere anywhere
input_ext all anywhere anywhere
input_ext all anywhere anywhere
input_ext all anywhere anywhere
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
forward_int all anywhere anywhere
forward_ext all anywhere anywhere
forward_ext all anywhere anywhere
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
ACCEPT all anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (2 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp echo-reply
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp parameter-problem
LOG all 2001:470:28:a9::/64 2000::/3 limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-FORW '
ACCEPT all 2001:470:28:a9::/64 2000::/3 state NEW,RELATED,ESTABLISHED
ACCEPT all 2000::/3 2001:470:28:a9::/64 state RELATED,ESTABLISHED
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
DROP all anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp echo-reply
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp parameter-problem
LOG all 2001:470:28:a9::/64 2000::/3 limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-FORW '
ACCEPT all 2001:470:28:a9::/64 2000::/3 state NEW,RELATED,ESTABLISHED
ACCEPT all 2000::/3 2001:470:28:a9::/64 state RELATED,ESTABLISHED
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
reject_func all anywhere anywhere
Chain input_ext (3 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp redirect
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpts:tcpmux:65535 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpts:tcpmux:65535
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpt:domain
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpt:ssh
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5801 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpt:5801
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5901 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpt:5901
ACCEPT udp anywhere anywhere udp dpts:tcpmux:65535
ACCEPT udp anywhere anywhere udp dpt:domain
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp anywhere anywhere reject-with tcp-reset
REJECT udp anywhere anywhere reject-with icmp6-port-unreachable
REJECT all anywhere anywhere reject-with icmp6-addr-unreachable
DROP all anywhere anywhere
I have not done any changes in my setup
And firewall is not started yet due to testing (one problem taken away)
her is a tracroute for 2001:470:28:a9::300 one of my internal servers
Results:
1 2a01:30:100a::1 0.730 ms 0.512 ms 0.541 ms
2 2a01:30:100f::2 19.429 ms 20.223 ms 21.175 ms
3 2001:470:15:7a::1 29.431 ms 29.303 ms 29.092 ms
4 gige-g2-5.core1.fra1.he.net (2001:470:0:a5::1) 27.411 ms 28.966 ms 29.101 ms
5 10gigabitethernet1-1.core1.sto1.he.net (2001:470:0:110::2) 52.398 ms 73.993 ms 54.787 ms
6 1g-eth0.tserv24.sto1.ipv6.he.net (2001:470:0:11e::2) 54.685 ms 52.950 ms 54.751 ms
7 2001:470:27:a9::2 84.687 ms 85.132 ms 83.624 ms
8 * * * and continuing to number 30
TEH
If you don't have ip6tables running the only other idea that comes to mind is a routing problem. What does "route -6" show?
Quote from: torhowden on February 08, 2011, 12:09:03 AM
I have not done any changes in my setup
And firewall is not started yet due to testing (one problem taken away)
Based on that ip6tables output you do have a firewall that is blocking incoming connections.