• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Traceroute ends on wrong server

Started by leitec, November 17, 2010, 10:21:53 AM

Previous topic - Next topic

leitec

Hello,

I have a tunnel set up at home on my OpenBSD 4.5 router with clients running various OS's. While everything appears to work well, when I traceroute from an outside server to one of my clients behind my router, the traceroute ends on the router instead of the actual machine.

Traceroute to my router, 'bert':

% traceroute6 bert.v6.staticky.com
traceroute6 to bert.v6.staticky.com (2001:470:8:75b::1) from 2001:470:4:2a5::2, 64 hops max, 12 byte packets
1  devious-1.tunnel.tserv12.mia1.ipv6.he.net  16.905 ms  17.21 ms  16.861 ms
2  gige-g2-3.core1.mia1.he.net  16.457 ms  16.35 ms  16.106 ms
3  10gigabitethernet4-3.core1.atl1.he.net  32.324 ms  40.706 ms  30.826 ms
4  10gigabitethernet6-4.core1.ash1.he.net  63.08 ms  51.06 ms  51.273 ms
5  gige-gbge0.tserv13.ash1.ipv6.he.net  52.422 ms  52.204 ms  51.818 ms
6  bert.v6.staticky.com  63.714 ms  63.734 ms  62.904 ms
%


Traceroute to another machine, 'wouter':

% traceroute6 wouter.v6.staticky.com
traceroute6 to wouter.v6.staticky.com (2001:470:8:75b:21e:52ff:fe74:d4b3) from 2001:470:4:2a5::2, 64 hops max, 12 byte packets
1  devious-1.tunnel.tserv12.mia1.ipv6.he.net  17.218 ms  17.459 ms  16.839 ms
2  gige-g2-3.core1.mia1.he.net  19.347 ms  16.357 ms  16.449 ms
3  10gigabitethernet4-3.core1.atl1.he.net  39.456 ms  40.068 ms  30.953 ms
4  10gigabitethernet6-4.core1.ash1.he.net  50.962 ms  51.979 ms  51.052 ms
5  gige-gbge0.tserv13.ash1.ipv6.he.net  52.318 ms  52.159 ms  52.489 ms
6  leitec-1-pt.tunnel.tserv13.ash1.ipv6.he.net  63.805 ms  62.199 ms  61.837 ms
%


I'm not sure if this is a problem with my pf rules or if it's something else. I wasn't sure exactly how to map the /64 onto my router, i.e. where I should assign the (prefix)::1 IP I gave the router. I ended up putting it on the local network interface. This is only a minor worry of mine since the network actually works quite well. The only issue I had was MTU-related, where certain clients would randomly halt ssh sessions and the like. I use rtadvd to set the MTU to 1480 on my v6 clients, which has worked well.

As far as pf is concerned, I allow only a few inbound TCP ports and all ICMP6 to the v6 clients behind the router/firewall.

Relevant ifconfig data:

sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:24:c7:b6:b0
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.2.3.1 netmask 0xffffff00 broadcast 10.2.3.255
        inet6 fe80::200:24ff:fec7:b6b0%sis0 prefixlen 64 scopeid 0x1
        inet6 2001:470:8:75b::1 prefixlen 64
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1480
        priority: 0
        groups: gif egress
        physical address inet 66.44.61.162 --> 216.66.22.2
        inet6 fe80::200:24ff:fec7:b6b0%gif0 ->  prefixlen 64 scopeid 0x6
        inet6 2001:470:7:75b::2 -> 2001:470:7:75b::1 prefixlen 128


Any ideas?

Thanks!

leitec

Hmm... answered my own question. I didn't realize traceroute depended on UDP; I thought it was ICMP only. Now that I'm passing UDP it works.