• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Getting protocol 41 forwarding and IPV6 working

Started by lfoothome, December 22, 2011, 06:16:48 AM

Previous topic - Next topic

lfoothome

Can't find anything that specifically addresses my issue for my thick old brain so here goes.
1. My IPV6 test client
    A.  Is running Centos 6.2 and uname -a returns following:
Quote
Linux mythbox.ladodomain 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
B.  Has /etc/sysconfig/network setup as follows:
Quote
NETWORKING=yes
HOSTNAME=mythbox.ladodomain
GATEWAY=192.168.2.1
NETWORKING_IPV6=yes
IPV6FORWARDING=yes
IPV6_AUTOCONF=no
IPV6_AUTOTUNNEL=yes
C. Has /etc/sysconfig/network-scripts/ifcfg-br0 setup as follows:
Quote
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DELAY=0
NM_CONTROLLED=no
IPADDR=192.168.2.201
NETMASK=255.255.255.0
IPV6INIT=yes
IPV6ADDR=2001:470:1f10:115d::2/64
IPV6_DEFAULTGW=2001:470:1f10:115d::1
D. Has /etc/sysconfig/network-scripts/ifcfg-eth0 setup as follows:
Quote
DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT=yes
HWADDR=00:1D:60:9C:B8:1D
TYPE=Ethernet
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
BRIDGE=br0
E. Has had the following commands run on it
Quote
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::209.51.181.2
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f10:115d::2/64
route -A inet6 add ::/0 dev sit1
F.   Has iptables rule for INPUT table which reads as follows:
Quote
iptables -A INPUT -p 41 -j ACCEPT

2.  The router is a LINKSYS WRT300N v1.1 running DD_WRT firmware v24_sp2 mini and has the following iptables rules.
Quote
      iptables -A INPUT -p 41 -d $WanIp -j ACCEPT
      iptables -t nat -A PREROUTING -p 41 -d $WanIp -j DNAT --to 192.168.2.201
      iptables -A FORWARD -p 41 -j ACCEPT

I've read and reread the guides and googled a ton.  I know I am missing something painfully simple.  Thanks for the help.

Bob

cholzhauer

What about trying it with no iptables stuff enabled?

nickbeee

#2
Quote from: cholzhauer on December 22, 2011, 06:18:08 AM
What about trying it with no iptables stuff enabled?

I used a WRT54GS2 at one site with dd-wrt.v24_micro_generic.bin. It just worked with proto-41, no iptables tweaking was required.

Can you ping your end of the tunnel (::2)? can you ping the HE end of the tunnel (::1)?
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.

lfoothome

ping6 :2 works but ping6 :1 destination host unreachable

kasperd

Why do you have a br0 interface? The br driver is used if you want a computer with multiple Ethernet interfaces to act as if it was a switch. It doesn't sound like you have any need for that in your use case.

So, for a starter I think you should remove the br0 config and ensure you don't have the driver loaded.

Next you need to start doing a few dumps of network traffic to find out how far those echo requests go. Does your router send them out to the Internet? Do they have the correct addresses when they leave your network? Do you get replies? Are the replies forwarded to the proper destination?

lfoothome

This box is a virtual host for several guests and br0 is needed to bridge the virtual nics to real hdwe. 

Thanks for the wireshark suggestion it is probably time to break it out

lfoothome

Got it working -- I scrapped the iptables entries on the NAT appliance, removed all the IPV6 config stuff for br0,... and then with just ipv4 working used the linux-route2 commands and did as the tutorial video and it works.  Much easier than I envisioned.  Sometimes simpler is easier is the lesson here.