hello forum
i have two machines, one setup as tunnelserver (hws1)
and ones as a second server (hws2)
in my ipv6 routeable block (2001:470:1f15:109f::/64)
the addresses i assign from my routable block on hws1 can be ping6'ed and traceroute6'ed
any addresses i assign to hws2 are not reachable
i can however traceroute out from hws2 to for example ipv6.google.com
i can see packets coming in for hws2 with tcpdump on hws1 the he-ipv6 interface but hws1 does not forward them
any help appreciated
regards
hoyte swager
forwarding is enabled on hws1:
[root@hws1 root]# cat /proc/sys/net/ipv6/conf/all/forwarding
1
ipv6 addresses on hws1:
[root@hws1 root]# ip -6 addr
2: eth0: <BROADCAST,MULTICAST,UP> qlen 1000
inet6 2001:470:1f15:109f::f1/128 scope global
13: he-ipv6: <POINTOPOINT,NOARP,UP>
inet6 2001:470:1f14:109f::2/64 scope global
ipv6 routes on hws1:
[root@hws1 root]# ip -6 route
2001:470:1f14:109f::/64 via :: dev he-ipv6 metric 256 mtu 1280 advmss 1220
2001:470:1f15:109f::/64 dev eth0 metric 1024 mtu 1280 advmss 1220
2000::/3 dev he-ipv6 metric 1024 mtu 1280 advmss 1220
default dev he-ipv6 metric 1024 mtu 1280 advmss 1220
ipv6 addresses on hws2:
[root@hws2 root]# ip -6 addr
2: eth0: <BROADCAST,MULTICAST,UP> qlen 1000
inet6 2001:470:1f15:109f::f2/128 scope global
ipv6 routes on hws2:
[root@hws2 root]# ip -6 route
2001:470:1f14:109f::/64 via 2001:470:1f15:109f::f1 dev eth0 metric 1024 mtu 1500 advmss 1440
2001:470:1f15:109f::/64 dev eth0 metric 1024 mtu 1500 advmss 1440
2000::/3 via 2001:470:1f15:109f::f1 dev eth0 metric 1024 mtu 1500 advmss 1440
default via 2001:470:1f15:109f::f1 dev eth0 metric 1024 mtu 1500 advmss 1440
traceroute from hws2:
[root@hws2 root]# traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2a00:1450:8005::63) from 2001:470:1f15:109f::f2, 30 hops max, 16 byte packets
1 hws1.digi.nl (2001:470:1f15:109f::f1) 0.288 ms 0.132 ms 0.116 ms
2 digidoc-1.tunnel.tserv11.ams1.ipv6.he.net (2001:470:1f14:109f::1) 18.091 ms 19.874 ms 20.302 ms
3 gige-g2-20.core1.ams1.he.net (2001:470:0:7d::1) 16.091 ms 2.57 ms 14.482 ms
4 pr61.ams04.net.google.com (2001:7f8:1::a501:5169:1) 4.839 ms 41.875 ms 2.063 ms
5 2001:4860::1:0:8 (2001:4860::1:0:8) 3.885 ms 2.7 ms 2.752 ms
6 2001:4860::1:0:2a (2001:4860::1:0:2a) 6.99 ms 6.778 ms 6.809 ms
7 2001:4860::2:0:66e (2001:4860::2:0:66e) 6.773 ms 6.057 ms 6.734 ms
8 2001:4860:0:1::65 (2001:4860:0:1::65) 7.056 ms 11.217 ms 19.75 ms
9 2a00:1450:8005::63 (2a00:1450:8005::63) 11.879 ms 6.764 ms 6.763 ms
tcpdump of incoming ping for hws2 on hws1:
[root@hws1 root]# tcpdump -i he-ipv6 -n ip6 and not port 53
tcpdump: WARNING: he-ipv6: no IPv4 address assigned
tcpdump: listening on he-ipv6
16:29:09.782706 2001:5c0:1400:a::d3 > 2001:470:1f15:109f::f2: icmp6: echo request
16:29:10.782766 2001:5c0:1400:a::d3 > 2001:470:1f15:109f::f2: icmp6: echo request
16:29:11.782586 2001:5c0:1400:a::d3 > 2001:470:1f15:109f::f2: icmp6: echo request
16:29:12.773569 2001:470:1f14:109f::2 > 2001:5c0:1400:a::d3: icmp6: 2001:470:1f15:109f::f2 unreachable address
16:29:12.773585 2001:470:1f14:109f::2 > 2001:5c0:1400:a::d3: icmp6: 2001:470:1f15:109f::f2 unreachable address
16:29:12.773603 2001:470:1f14:109f::2 > 2001:5c0:1400:a::d3: icmp6: 2001:470:1f15:109f::f2 unreachable address
16:29:12.782604 2001:5c0:1400:a::d3 > 2001:470:1f15:109f::f2: icmp6: echo request
16:29:15.773620 2001:470:1f14:109f::2 > 2001:5c0:1400:a::d3: icmp6: 2001:470:1f15:109f::f2 unreachable address
but a ping from hws1 to hws2 works fine:
[root@hws1 root]# ping6 -c 3 2001:470:1f15:109f::f2
PING 2001:470:1f15:109f::f2(2001:470:1f15:109f::f2) from 2001:470:1f15:109f::f1 : 56 data bytes
64 bytes from 2001:470:1f15:109f::f2: icmp_seq=1 ttl=64 time=0.247 ms
64 bytes from 2001:470:1f15:109f::f2: icmp_seq=2 ttl=64 time=0.112 ms
64 bytes from 2001:470:1f15:109f::f2: icmp_seq=3 ttl=64 time=0.126 ms
--- 2001:470:1f15:109f::f2 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 1999ms
rtt min/avg/max/mdev = 0.112/0.161/0.247/0.062 ms
What OS?
[root@hws1 root]# uname -a
Linux hws1 2.4.37 #2 Thu Sep 24 11:34:04 EDT 2009 i686 unknown
[root@hws2 root]# uname -a
Linux hws2 2.4.37 #9 SMP Fri May 8 17:02:39 CEST 2009 i686 unknown
regards
hoyte
Are you running some sort of firewall on hws2 that would be blocking this traffic?
no, currently all on accept
the weirdest thing is it worked just now for a moment and then stopped working again
so the problem seems intermittent
???
regards
hoyte
[root@hws1 external]# ip6tables -L -v
Chain INPUT (policy ACCEPT 8468 packets, 2513K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 962 packets, 84304 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 8576 packets, 977K bytes)
pkts bytes target prot opt in out source destination
(successfull traceroute)
imac:bin root# traceroute6 -n 2001:470:1f15:109f::f2
traceroute6 to 2001:470:1f15:109f::f2 (2001:470:1f15:109f::f2) from 2001:5c0:1400:a::d3, 64 hops max, 12 byte packets
1 2001:5c0:1400:a::d2 18.122 ms 18.078 ms 18.380 ms
2 2001:4de0:1000:a22::1 18.650 ms 18.379 ms 40.232 ms
3 2001:4de0:a::1 27.201 ms 24.781 ms 25.192 ms
4 2001:7f8:1::a500:6939:1 23.258 ms 24.664 ms 24.964 ms
5 2001:470:0:7d::2 23.210 ms 23.575 ms 22.402 ms
6 2001:470:1f14:109f::2 20.464 ms 20.440 ms 20.761 ms
7 2001:470:1f15:109f::f2 20.718 ms 21.009 ms 20.689 ms
(followed by failed ping)
imac:bin root# ping6 2001:470:1f15:109f::f2
PING6(56=40+8+8 bytes) 2001:5c0:1400:a::d3 --> 2001:470:1f15:109f::f2
Request timeout for icmp_seq=0
Request timeout for icmp_seq=1
Request timeout for icmp_seq=2
(followed by failed traceroute, failing on the tunnel server)
imac:bin root# traceroute6 -n 2001:470:1f15:109f::f2
traceroute6 to 2001:470:1f15:109f::f2 (2001:470:1f15:109f::f2) from 2001:5c0:1400:a::d3, 64 hops max, 12 byte packets
1 2001:5c0:1400:a::d2 18.991 ms 18.163 ms 17.947 ms
2 2001:4de0:1000:a22::1 18.783 ms 18.361 ms 18.672 ms
3 2001:4de0:a::1 18.518 ms 18.686 ms 18.468 ms
4 2001:7f8:1::a500:6939:1 29.018 ms 25.165 ms 32.461 ms
5 2001:470:0:7d::2 23.255 ms 23.693 ms 22.734 ms
6 2001:470:1f14:109f::2 20.448 ms 20.572 ms 20.628 ms
7 2001:470:1f14:109f::2 3016.277 ms !A 3019.986 ms !A *
it gets even weirder
if i keep the ping from outside running to hws2, the one that is timing out,
the moment i do a ping6 from hws2 to the hws1 on its routable address
the outside ping to hws2 start working again !?
maybe ipv6 and 2.4.37 was not a good idea ;-( ?
i am trying to get some legacy servers reachable but cannot upgrade the kernel due to an old app running on it
any help appreciated
regards
hoyte
after putting the tunnel server on a newer kernel, things seem to be working more stable
[root@mon1 mail]# uname -a
Linux mon1 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:40 EST 2010 i686 athlon i386 GNU/Linux
apparently the 2.4.37 kernel can't handle the tunnel router in ipv6 very well
regards
hoyte