Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Linux & BSD & Mac => Topic started by: joyfulmantis on April 19, 2015, 11:31:16 PM

Title: Trouble with routing 64 prefix in fedora
Post by: joyfulmantis on April 19, 2015, 11:31:16 PM
Hello all,

I have successfully set up the ipv6 tunnel on a fedora computer, however I am having trouble configuring it as a router to share the routed 64 prefix with another debian computer that is connected to it. The debian computer successfully picks up an ipv6 address in the right prefix, and a ping6 to ipv6.google.com seems to be successful, but on closer inspection, the traceroute6 ends on the fedora computer.

From my Tunnel Details page :
Server IPv6 Address:  2001:470:1f1a:232::1/64
Client IPv6 Address:  2001:470:1f1a:232::2/64
Routed /64:  2001:470:1f1b:232::/64

on the fedora computer (the one with working ipv6 tunnel):

> cat /etc/sysconfig/network-scripts/ifcfg-he-ipv6
DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes                   
IPV6INIT=yes
IPV6TUNNELIPV4=216.66.87.14
IPV6TUNNELIPV4LOCAL=192.168.1.35
IPV6ADDR=2001:470:1f1a:232::2/64


> cat /etc/sysconfig/network-scripts/ifcfg-Shared_Ethenet
TYPE=Ethernet
BOOTPROTO=shared
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME="Shared Ethenet"
UUID=c17fc19f-4464-4b0c-bcca-7125be7f782f
ONBOOT=yes
HWADDR=54:04:A6:20:9C:91
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
ZONE=internal


> cat /etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=he-ipv6
IPV6_DEFAULTGW=2001:470:1f1a:232::1
IPV6FORWARDING=yes


> cat /etc/radvd.conf
interface p5p1
{
   AdvSendAdvert on;
   prefix 2001:470:1f1b:232::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
};


> sudo ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:1f1b:232:5604:a6ff:fe20:9c91/64 scope global noprefixroute dynamic
       valid_lft 86257sec preferred_lft 14257sec
    inet6 fe80::5604:a6ff:fe20:9c91/64 scope link
       valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:1f1b:232:62d8:19ff:fe83:bd7b/64 scope global noprefixroute dynamic
       valid_lft 83636sec preferred_lft 11636sec
    inet6 fdec:233d:661c:cb00:62d8:19ff:fe83:bd7b/64 scope global noprefixroute dynamic
       valid_lft 7186sec preferred_lft 3586sec
    inet6 fe80::62d8:19ff:fe83:bd7b/64 scope link
       valid_lft forever preferred_lft forever
9: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
    inet6 2001:470:1f1a:232::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a8:123/64 scope link
       valid_lft forever preferred_lft forever


> ping6 -c 3 ipv6.google.com
PING ipv6.google.com(bud02s22-in-x0e.1e100.net) 56 data bytes
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=1 ttl=53 time=92.2 ms
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=2 ttl=53 time=92.6 ms
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=3 ttl=53 time=92.6 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 92.246/92.517/92.697/0.401 ms


> traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:400d:807::200e), 30 hops max, 80 byte packets
1  joyfulmantis-1.tunnel.tserv1.bud1.ipv6.he.net (2001:470:1f1a:232::1)  71.182 ms  71.026 ms  71.823 ms
2  ge4-20.core1.bud1.he.net (2001:470:0:2ba::1)  77.241 ms  77.143 ms  77.039 ms
3  2001:7f8:35::1:5169:1 (2001:7f8:35::1:5169:1)  76.434 ms  77.388 ms  78.495 ms
4  2001:4860::1:0:4487 (2001:4860::1:0:4487)  102.534 ms  103.845 ms  104.133 ms
5  2001:4860:0:1::bf (2001:4860:0:1::bf)  105.521 ms  106.378 ms  107.169 ms
6  bud02s22-in-x0e.1e100.net (2a00:1450:400d:807::200e)  108.249 ms  92.142 ms  93.064 ms


and on the debian computer (the one receiving the shared internet):

» sudo ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:1f1b:232:ed69:b5e0:b890:bbc8/64 scope global temporary dynamic
       valid_lft 86140sec preferred_lft 14140sec
    inet6 2001:470:1f1b:232:211:24ff:fe85:83fe/64 scope global mngtmpaddr noprefixroute dynamic
       valid_lft 86140sec preferred_lft 14140sec
    inet6 fe80::211:24ff:fe85:83fe/64 scope link
       valid_lft forever preferred_lft forever


» ping6 -c 3 ipv6.google.com
PING ipv6.google.com(sof01s12-in-x0e.1e100.net) 56 data bytes
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=245 ms
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=250 ms
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=3 ttl=56 time=281 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 245.833/259.243/281.651/15.946 ms


» traceroute ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:4017:803::200e), 30 hops max, 80 byte packets
1  2001:470:1f1b:232:5604:a6ff:fe20:9c91 (2001:470:1f1b:232:5604:a6ff:fe20:9c91)  0.580 ms  0.521 ms  0.482 ms
2  2001:470:1f1b:232:5604:a6ff:fe20:9c91 (2001:470:1f1b:232:5604:a6ff:fe20:9c91)  0.504 ms !X  0.481 ms !X  0.451 ms !X
Title: Re: Trouble with routing 64 prefix in fedora
Post by: joyfulmantis on April 20, 2015, 02:20:05 AM
So my problem as it turned out, was that the firewall on the fedora computer was blocking the ipv6 packets.
Allowing the ipv6 packets through with
sudo firewall-cmd --direct --add-rule ipv6 filter FWDI_internal_allow 0 -j ACCEPT made things start working (well I still have troubles with MTU, but thats a different issue)

special thanks to rm of #ipv6.freenode for helping me diagnose the problem, and Jeff Sadowski of Fedora forums who's solution ( http://forums.fedoraforum.org/archive/index.php/t-301894.html ) I used.