I am using a CentOS 6 64 bit as router. eth0 is connected to Internet with dedicated IPv4 address, eth1 is on LAN
The tunnel of /64 IPv6 address block works fine on CentOS machine. I cannot route a /64 subnet of additional /48, the subnet is 2001:470:6b9c:1701::/64
HE tunnel is:
Server IPv4 Address:216.66.80.26
Server IPv6 Address:2001:470:1f08:203::1/64
Client IPv4 Address:62.123.164.113
Client IPv6 Address:2001:470:1f08:203::2/64
Routed IPv6 Prefixes
Routed /64:2001:470:1f09:203::/64
Routed /48: 2001:470:6b9c::/48
# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:1a:92:d3:84:f6 brd ff:ff:ff:ff:ff:ff
inet 62.123.164.113/29 brd 62.123.164.119 scope global eth0
inet6 2001:470:1f09:203::b16:b00b/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21a:92ff:fed3:84f6/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:1a:92:d3:94:6b brd ff:ff:ff:ff:ff:ff
inet 10.19.67.254/24 brd 10.19.67.255 scope global eth1
inet6 2001:470:6b9c:1701::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21a:92ff:fed3:946b/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
5: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/sit 62.123.164.113 peer 216.66.80.26
inet6 2001:470:1f08:203::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::3e7b:a471/128 scope link
valid_lft forever preferred_lft forever
# ip -6 route list
unreachable ::/96 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1f08:203::/64 via :: dev he-ipv6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:1f09:203::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:6b9c:1701::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 mtu 1480 advmss 1420 hoplimit 4294967295
From a Linux on LAN the traceroute to ipv6.google.com is blocked on Linux box:
traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2a00:1450:4001:806::1012) from 2001:470:6b9c:1701::cafe, 30 hops max, 24 byte packets
1 mail.luigirosa.com (2001:470:6b9c:1701::1) 0.125 ms 0.137 ms 0.088 ms
2 mail.luigirosa.com (2001:470:6b9c:1701::1) 0.09 ms !S 0.135 ms !S 0.094 ms !S
Any hint about this?
Thank you in advance
Is packet forwarding enabled? Tryhead /proc/sys/net/ipv6/conf/*/forwarding
Do you have any firwall rules, which may be blocking the packets? Tryip6tables-save
Quote from: kasperd on May 20, 2013, 02:26:29 AM
Is packet forwarding enabled? Tryhead /proc/sys/net/ipv6/conf/*/forwarding
Do you have any firwall rules, which may be blocking the packets? Tryip6tables-save
Packet worwarding is enabled.
The problem were some firewall rules I forgot to remove, thank you for the suggestion and apologies for the stupid mistake...
Ciao,
Luig