Hello
I'm unable to get my gateway ready to route ipv6-adresses to my lan :(
On gateway ipv6 works perfekt:
gateway:~ # ping6 www.kame.net
PING www.kame.net(orange.kame.net) 56 data bytes
64 bytes from orange.kame.net: icmp_seq=1 ttl=52 time=149 ms
64 bytes from orange.kame.net: icmp_seq=2 ttl=52 time=160 ms
64 bytes from orange.kame.net: icmp_seq=3 ttl=52 time=151 ms
But on clients:
dell:~# ping6 www.kame.net
PING www.kame.net(orange.kame.net) 56 data bytes
From ipv6-test.highspeed-bone.eu.org icmp_seq=1 Destination unreachable: Not neighbour
From ipv6-test.highspeed-bone.eu.org icmp_seq=2 Destination unreachable: Not neighbour
From ipv6-test.highspeed-bone.eu.org icmp_seq=3 Destination unreachable: Not neighbour
gateway:~ # ifconfig eth1 | grep inet6
inet6 addr: 2001:470:1f15:12e1::2/64 Scope:Global
inet6 addr: fe80::20b:6aff:fe80:f39d/64 Scope:Link
gateway:~ # ifconfig sixbone | grep inet6
inet6 addr: 2001:470:1f14:12e1::2/128 Scope:Global
inet6 addr: fe80::5cfa:cf14/128 Scope:Link
eth1 is my second lancard which is connected to a switch and routes my lan.
gateway:~ # route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:470:1f14:12e1::2/128 :: U 256 0 0 sixbone
2001:470:1f15:12e1::4/128 :: UH 1 0 0 eth1
2001:470:1f15:12e1::/64 :: U 256 0 0 eth1
2000::/3 :: U 1024 0 0 sixbone
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 sixbone
::/0 :: U 256 0 0 eth1
::1/128 :: U 0 6 1 lo
2001:470:1f14:12e1::2/128 :: U 0 55 1 lo
2001:470:1f15:12e1::/128 :: U 0 0 2 lo
2001:470:1f15:12e1::2/128 :: U 0 4 1 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::5cfa:cf14/128 :: U 0 0 1 lo
fe80::20a:cdff:fe06:16e2/128 :: U 0 0 1 lo
fe80::20b:6aff:fe80:f39d/128 :: U 0 84 1 lo
ff02::1/128 ff02::1 UC 0 1 0 eth1
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 sixbone
dell:~# ifconfig eth0 | grep inet6
inet6 Adresse: 2001:470:1f15:12e1:206:5bff:fe3a:d940/64 Gültigkeitsbereich:Global
inet6 Adresse: fe80::206:5bff:fe3a:d940/64 Gültigkeitsbereich:Verbindung
dell:~# route -A inet6
Kernel IPv6 Routentabelle
Ziel Nächster Hop Flags Metric Ref Benutzer Iface
::1/128 :: U 0 4 1 lo
2001:470:1f15:12e1:206:5bff:fe3a:d940/128 :: U 0 15 1 lo
2001:470:1f15:12e1::/64 :: UA 256 123 0 eth0
fe80::206:5bff:fe3a:d940/128 :: U 0 9 1 lo
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth0
::/0 fe80::20b:6aff:fe80:f39d UGDA 1024 18 0 eth0
gateway:/etc # cat radvd.conf
interface eth1
{
AdvSendAdvert on;
AdvLinkMTU 1280;
MaxRtrAdvInterval 300;
prefix 2001:470:1f15:12e1::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
I also enabled ip_forwarding in /proc for ipv6
I got a routed 2001:470:1f15:12e1::/64 and a 2001:470:d312::/48
Whats wrong?? :)
Quote from: lynxilein on February 21, 2009, 02:13:43 PM
gateway:~ # ifconfig eth1 | grep inet6
inet6 addr: 2001:470:1f15:12e1::2/64 Scope:Global
inet6 addr: fe80::20b:6aff:fe80:f39d/64 Scope:Link
gateway:~ # ifconfig sixbone | grep inet6
inet6 addr: 2001:470:1f14:12e1::2/128 Scope:Global
inet6 addr: fe80::5cfa:cf14/128 Scope:Link
eth1 is my second lancard which is connected to a switch and routes my lan.
Any firewalls?
2001:470:1f14:12e1::2 is not pingable from the outside world.
and I would vote for 2001:470:1f14:12e1::2/64 insted of .../128
try using address ending ::1 on eth1, not ::2
and the tunnel interface, should try using /64 instead
and in radvd.conf:
interface eth1
{
AdvSendAdvert on;
AdvHomeAgentFlag off;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:470:1f15:12e1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
grrrr got it :( the problem was that SuSe sets confusing firewall-rules
shutted down firewall - now it works, but I'm unable to find out which rule
is generating this error... :(
gateway:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_int all -- anywhere anywhere
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
forward_int all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
reject_func all -- anywhere anywhere
Chain input_ext (3 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain reject_func (2 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
mhhhh??? I dont have any ideas :(
It could be some rule blocking protocol 41 under ipv4 iptables, or something in ip6tables configuration?
gateway:/var/mail # ip6tables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
input_int all anywhere anywhere
input_ext all anywhere anywhere
input_ext all anywhere anywhere
input_ext all anywhere anywhere
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
forward_int all anywhere anywhere
forward_ext all anywhere anywhere
forward_ext all anywhere anywhere
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
ACCEPT all anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (2 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp echo-reply
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp parameter-problem
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG ipv6-icmp anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG udp anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG all anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
DROP all anywhere anywhere
Chain forward_int (1 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp echo-reply
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp parameter-problem
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG ipv6-icmp anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG udp anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG all anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
reject_func all anywhere anywhere
Chain input_ext (3 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp redirect
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpt:domain
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp anywhere anywhere tcp dpt:smtp
ACCEPT udp anywhere anywhere udp dpt:domain
reject_func tcp anywhere anywhere tcp dpt:ident state NEW
LOG tcp anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG ipv6-icmp anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all anywhere anywhere
Chain input_int (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain reject_func (2 references)
target prot opt source destination
REJECT tcp anywhere anywhere reject-with tcp-reset
REJECT udp anywhere anywhere reject-with icmp6-port-unreachable
REJECT all anywhere anywhere reject-with icmp6-addr-unreachable
DROP all anywhere anywhere
LOOOOOOOOOL
don't understand anything at the moment :D too much numbers in my head... urghs *g*