I just updated our main gateway server to centos-5.5
My clients all can ping ipv6.google.com and gets replies. However you can't browse it just says not found.
I run test your ipv6 and it says no ipv6 address, yet its there:
PING ipv6.google.com(2404:6800:8004::68) 56 data bytes
64 bytes from 2404:6800:8004::68: icmp_seq=1 ttl=55 time=380 ms
64 bytes from 2404:6800:8004::68: icmp_seq=2 ttl=55 time=378 ms
64 bytes from 2404:6800:8004::68: icmp_seq=3 ttl=55 time=377 ms
64 bytes from 2404:6800:8004::68: icmp_seq=4 ttl=55 time=378 ms
Any idea's?
I dont have anything set in the server in iptables yet, make 41 is needed?
The server itself works perfectly 10 out of 10 for ipv6 test and surf all sites.
Considering my clients can ping6 any ipv6 address but not connect in firefox its got me lost what is wrong as its obviously working forwarding ipv6, atleast icmp and dns requests.
I really think its all in the iptables or ip6tables on the server, any help appreciated.
Thanks!
if you think its in iptables, why not post the config? :) do all of your clients have ipv6 addresses?
Thanks! I can't get it until later I am mobile on iPad. I think it's got to be in the ip6tables as clients can ping6 but not get sites I assume it's only allowing icmp6. It should have nothing to do with iptables on the server simply the server can firefox and it works with the iptables as it is.
All clients receive an ipv6 address via radvd confirmed by ifconfig as welll as they get ping6 replies.
Also the ping6 -c1 ipv6.google.com also passes the DNS request to the server as it then gets the ip and ping6 packet comes back.
It's confusing as I know something is blocking. I am running centos 5.5 could it be the firewall on the server?
It was all working, but I changed my server over to centos and ip6 on clients also stopped.
As clients can ping6 it means they have ip6 addresses, plus as the server has two nics it's forwarding ipv6 and of course my clients can surf the ip4 world. What ever is broken is on the server that's all that's been changed.
What's a setting I can put in ip6tablles to allow alll incoming?
Thanks.
its not the firewall :(
with it disabled there are no ip6tables or iptables
Still the same clients can ping6 and nothing else
Server continues to work.
What do you need?
I am still at a loss icmp6 works but nothing else to the LAN.
This is from a clinet:
traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2404:6800:8004::68), 30 hops max, 80 byte packets
1 2001:xx:xx:2::1 (2001:xx:xx:2::1) 0.127 ms 0.083 ms 0.058 ms
2 xx-xx.xx.fmt2.ipv6.he.net (2001:xx:xx:175f::1) 169.861 ms 177.678 ms 184.057 ms
3 gige-g5-19.core1.fmt2.he.net (2001:470:0:45::1) 188.437 ms 188.633 ms 188.843 ms
4 10gigabitethernet1-2.core1.pao1.he.net (2001:470:0:30::2) 195.517 ms 195.697 ms 195.915 ms
5 core2-1-1-0.pao.net.google.com (2001:504:d::1f) 185.753 ms 185.492 ms 185.946 ms
6 2001:4860::1:0:7ea (2001:4860::1:0:7ea) 186.164 ms 2001:4860::1:0:21 (2001:4860::1:0:21) 186.124 ms 2001:4860::1:0:7ea (2001:4860::1:0:7ea) 185.807 ms
7 2001:4860::1:0:75 (2001:4860::1:0:75) 394.890 ms 281.277 ms 2001:4860::1:0:47 (2001:4860::1:0:47) 301.323 ms
8 2001:4860::1:0:165 (2001:4860::1:0:165) 280.633 ms 280.801 ms 281.737 ms
9 2001:4860::1:0:9f7 (2001:4860::1:0:9f7) 381.552 ms 382.409 ms 383.360 ms
10 2001:4860:0:1::d7 (2001:4860:0:1::d7) 385.059 ms 385.287 ms 385.499 ms
11 2404:6800:8004::68 (2404:6800:8004::68) 386.266 ms 386.644 ms 386.859 ms
>
x'ing out addresses makes things harder.
what does ip/ifconfig look like on a machine that isn't working? Also, post a copy of the routing tables.
If you turn the firewall off, can you browse IPv6 sites from your router?
Okay fixed at last!
I had to make a ip6tables in sysconfig
Generated by ip6tables-save v1.4.7 on Tue Feb 22 20:15:36 2011
*filter
:INPUT ACCEPT [463:78263]
:FORWARD ACCEPT [716:404072]
:OUTPUT ACCEPT [327:32189]
:RH-Firewall-1-INPUT - [0:0]
COMMIT
# Completed on Tue Feb 22 20:15:36 2011
Now clients have ip6 again...