my system is CentOS 6.2
Firstly, I enable the ICMP and put my host in the DMZ(my router does not have place to specify the 41 protocol).
I created my tunnel and followed the instruction:
me$ sudo ip tunnel add he-ipv6 mode sit remote 216.218.224.42 local 192.168.2.5 ttl 255
me$ sudo ip link set he-ipv6 up
me$ sudo ip addr add 2001:470:1f0e:1113::2/64 dev he-ipv6
me$ sudo ip route add ::/0 dev he-ipv6
and this is my ifconfig result:
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: fe80::c0a8:205/128 Scope:Link
inet6 addr: 2001:470:1f0e:1113::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1472 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3370 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:345224 (337.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:138 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13220 (12.9 KiB) TX bytes:13220 (12.9 KiB)
wlan0 Link encap:Ethernet HWaddr 00:1B:77:27:F7:9D
inet addr:192.168.2.5 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::21b:77ff:fe27:f79d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
RX packets:143822 errors:0 dropped:0 overruns:0 frame:0
TX packets:99503 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:143461793 (136.8 MiB) TX bytes:11951462 (11.3 MiB)
everything seems ok till now, but...
me$ ping6 ipv6.google.com
PING ipv6.google.com(yx-in-x67.1e100.net) 56 data bytes
here is the tcpdump record when I was trying to ping6 google
me# tcpdump -i he-ipv6
tcpdump: WARNING: he-ipv6: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on he-ipv6, link-type RAW (Raw IP), capture size 65535 bytes
17:36:40.835081 IP6 zhmhua-1-pt.tunnel.tserv8.dal1.ipv6.he.net > yx-in-x68.1e100.net: ICMP6, echo request, seq 1, length 64
17:36:41.834629 IP6 zhmhua-1-pt.tunnel.tserv8.dal1.ipv6.he.net > yx-in-x68.1e100.net: ICMP6, echo request, seq 2, length 64
17:36:42.834605 IP6 zhmhua-1-pt.tunnel.tserv8.dal1.ipv6.he.net > yx-in-x68.1e100.net: ICMP6, echo request, seq 3, length 64
(repeat...)
I think the address was resolved successfully, but it is just not able to ping.
I have tried both the outside IP and the NAT IP, It made no difference.
Can you figure out what's wrong with my operation? or need I present more diagnostic information?
Your router is probably blocking protocol 41
But I have put my host in the DMZ.
Quote from: cholzhauer on September 26, 2012, 07:35:43 PM
Your router is probably blocking protocol 41
That doesn't matter. Some routers/firewalls have a DMZ mode that's "broken" when it comes to protocol41. The only thing you can do is try a packet capture and see what you can see.
I have updated the packet capture result from tcpdump, can you help me to see what the problem is?
Quote from: cholzhauer on September 27, 2012, 10:21:44 AM
That doesn't matter. Some routers/firewalls have a DMZ mode that's "broken" when it comes to protocol41. The only thing you can do is try a packet capture and see what you can see.
If you don't see inbound Protocol 41 packets in your PCAP, that is the problem :)
then can I have it solved?
Quote from: broquea on September 27, 2012, 02:56:45 PM
If you don't see inbound Protocol 41 packets in your PCAP, that is the problem :)
get a new router. plenty of posts on here to find in a search that report routers that the tunnel can terminate on or behind. I terminated my HE tunnel on a D-Link DIR-825 until Comcast provided me with native IPv6.
Zhmhua, Please tell us what your router is that is doing the NAT. Even though you are in a DMZ you are still behind NAT and some NAT firewalls explicitly block protocol 41. So do some Wireless LAN controllers.
Is it a real PC or is it running in a virtual machine?
Take a tcpdump of the ipv4 interface that the tunnel terminates on which appears to be wlan0. That's where the protocol-41 should be, not on the tunnel (ipv6) interface.
tcpdump -i wlan0
will probably be quite busy so you will need to filter it...
tcpdump -i wlan0 'proto 41'
will show only tunnel traffic.
If your interface complains about promiscuous mode because it's a wlan then try
tcpdump -p -i wlan0 'proto 41'
We are expecting to see outbound protocol-41 here.
I am sorry for the delay.
I am running on a real machine, and my router's brand is BELKIN. I don't fully understand what do you mean by "is doing the NAT", but I have tried all the commands as your suggestion, but no key word 'proto 41' was found.
It's very kind of you, thank you.
Quote from: nickbeee on September 29, 2012, 04:19:39 PM
Zhmhua, Please tell us what your router is that is doing the NAT. Even though you are in a DMZ you are still behind NAT and some NAT firewalls explicitly block protocol 41. So do some Wireless LAN controllers.
Is it a real PC or is it running in a virtual machine?
Take a tcpdump of the ipv4 interface that the tunnel terminates on which appears to be wlan0. That's where the protocol-41 should be, not on the tunnel (ipv6) interface.
tcpdump -i wlan0
will probably be quite busy so you will need to filter it...
tcpdump -i wlan0 'proto 41'
will show only tunnel traffic.
If your interface complains about promiscuous mode because it's a wlan then try
tcpdump -p -i wlan0 'proto 41'
We are expecting to see outbound protocol-41 here.