Good morning!
My network configuration:
(I have external fixed IP 188.134.79.126, but not assigned to my interface, all packet redirected to 10.201.112.143 from ISP).
[root@r1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:8B:8E:F9:51
inet addr:10.201.112.143 Bcast:10.201.112.255 Mask:255.255.255.0
inet6 addr: fe80::250:8bff:fe8e:f951/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19022056 errors:0 dropped:0 overruns:0 frame:0
TX packets:21037780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54593712 (52.0 MiB) TX bytes:735333259 (701.2 MiB)
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: fe80::ac9:708f/128 Scope:Link
inet6 addr: 2001:470:1f04:1331::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:72 errors:0 dropped:0 overruns:0 frame:0
TX packets:560 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7680 (7.5 KiB) TX bytes:51239 (50.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:410 errors:0 dropped:0 overruns:0 frame:0
TX packets:410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38768 (37.8 KiB) TX bytes:38768 (37.8 KiB)
Pinging my tunnel endpoint - OK
(ping 3 times)
[root@r1 ~]# ping6 -n 2001:470:1f04:1331::1
PING 2001:470:1f04:1331::1(2001:470:1f04:1331::1) 56 data bytes
64 bytes from 2001:470:1f04:1331::1: icmp_seq=1 ttl=64 time=173 ms
64 bytes from 2001:470:1f04:1331::1: icmp_seq=2 ttl=64 time=173 ms
64 bytes from 2001:470:1f04:1331::1: icmp_seq=3 ttl=64 time=173 ms
^C
--- 2001:470:1f04:1331::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 173.107/173.257/173.364/0.109 ms
3 packets pairs passed via he-ipv6 interface - OK.
[324595.704625] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2001:0470:1f04:1331:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5423 SEQ=1
[324595.877978] V6/I:_IN=he-ipv6 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00:45:40:00:7c:00:00:40:00:f3:29:5b:42:48:34:68:4a:0a:c9:70:8f TUNNEL=72.52.104.74->10.201.112.143 SRC=2001:0470:1f04:1331:0000:0000:0000:0001 DST=2001:0470:1f04:1331:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=5423 SEQ=1
[324596.706522] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2001:0470:1f04:1331:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5423 SEQ=2
[324596.879677] V6/I:_IN=he-ipv6 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00:45:40:00:7c:00:00:40:00:f3:29:5b:42:48:34:68:4a:0a:c9:70:8f TUNNEL=72.52.104.74->10.201.112.143 SRC=2001:0470:1f04:1331:0000:0000:0000:0001 DST=2001:0470:1f04:1331:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=5423 SEQ=2
[324597.707885] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2001:0470:1f04:1331:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5423 SEQ=3
[324597.881294] V6/I:_IN=he-ipv6 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00:45:40:00:7c:00:00:40:00:f3:29:5b:42:48:34:68:4a:0a:c9:70:8f TUNNEL=72.52.104.74->10.201.112.143 SRC=2001:0470:1f04:1331:0000:0000:0000:0001 DST=2001:0470:1f04:1331:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=5423 SEQ=3
and 3 packet pairs of protocol 41 passed via eth0 interface - OK.
[324595.704785] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324595.877809] HE/I:_IN=eth0 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00 SRC=72.52.104.74 DST=10.201.112.143 LEN=124 TOS=0x00 PREC=0x40 TTL=243 ID=0 DF PROTO=41
[324596.706619] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324596.879520] HE/I:_IN=eth0 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00 SRC=72.52.104.74 DST=10.201.112.143 LEN=124 TOS=0x00 PREC=0x40 TTL=243 ID=0 DF PROTO=41
[324597.707981] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324597.881140] HE/I:_IN=eth0 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00 SRC=72.52.104.74 DST=10.201.112.143 LEN=124 TOS=0x00 PREC=0x40 TTL=243 ID=0 DF PROTO=41
But no answer from IPv6 sites. Pinging google - no answer.
(ping 4 times)
[root@r1 ~]# ping6 -n ipv6.google.com
PING ipv6.google.com(2a00:1450:8001::93) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
4 packets go out via he-ipv6 interface.
[324899.688545] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=1
[324900.688274] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=2
[324901.688250] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=3
[324902.688282] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=4
and 4 protocol 41 packets go out via eth0 interface.
[324899.688688] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324900.688375] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324901.688349] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324902.688386] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
There is no reply at all.
Instead of ipv6.google.com other sites have the same effect,
but I can ping my neighbours (1330::1, 1320::1 etc).
[root@r1 ~]# ping6 -n 2001:470:1f04:1330::1
PING 2001:470:1f04:1330::1(2001:470:1f04:1330::1) 56 data bytes
64 bytes from 2001:470:1f04:1330::1: icmp_seq=1 ttl=64 time=171 ms
64 bytes from 2001:470:1f04:1330::1: icmp_seq=2 ttl=64 time=171 ms
^C
--- 2001:470:1f04:1330::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 171.593/171.599/171.605/0.006 ms
What my be wrong?
Thank you for any help.
Ivan.
You don't have a default (ipv6) route??? I can ping the HE side (::1), but not your side (::2).
What commands did you use to set up the tunnel?
What do your routing tables look like?
Quote from: troz on May 01, 2011, 09:33:57 PM
You don't have a default (ipv6) route???
I have, of course. As you can see, my outgoing packets succesfully running into he-ipv6 interface, then (protocol 41 encapsulated) via eth0 to 72.52.104.74 (tunnel broker).
Quote from: troz on May 01, 2011, 09:33:57 PM
I can ping the HE side (::1), but not your side (::2).
I scan iptables log, and see no any incoming protocol 41 packet on eth0. :(
I can ping 1330::1, 1320::1 but not 1330::2, 1320::2 too.
Quote from: cholzhauer on May 02, 2011, 05:57:21 AM
What commands did you use to set up the tunnel?
I have used command suggested by tunnelbroker:
ip tunnel add he-ipv6 mode sit remote 72.52.104.74 local 10.201.112.143 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1f04:1331::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
Quote from: cholzhauer on May 02, 2011, 05:57:21 AM
What do your routing tables look like?
Here is the
ip -6 route show output:
unreachable ::/96 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:a00::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:7f00::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:ac10::/28 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:e000::/19 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
default dev he-ipv6 metric 1024 mtu 1480 advmss 1420 hoplimit 0
And all my packets routed to he-ipv6, encapsulated into protocol 41 packets and passed out.
(outgoing packets logged by iptables).
Are you running IP6tables?
Quote from: cholzhauer on May 02, 2011, 07:24:53 AM
Are you running IP6tables?
Yes, I do. But only to log all in /out packets, and drop V6 packet, if they appear at ISP-connected eth0.
*raw
-A PREROUTING -j LOG --log-prefix V6/I:_
COMMIT
*mangle
-A POSTROUTING -j LOG --log-prefix V6/O:_
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i he-ipv6 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j DROP
COMMIT
Output made by -j LOG rules can be seen in my first message.