• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

problems after reboot [solved]

Started by daviessm, July 30, 2008, 01:18:45 PM

Previous topic - Next topic

daviessm

Hi, I've had a tunnel working for the past few months with no problems but the server rebooted due to a power outage yesterday and now I'm having a problem with the tunnel!

After a bit of sleuthing I've discovered that the SIT tunnel seems to work. By running wireshark I can see that when I send a ping packet, it leaves sit1 (my tunnel interface) and is then encapsulated in IPv4 and sent on to the remote host. I can then see the returning echo reply coming down my IPv4 eth1 - but the packet never shows up on sit1.

Since wireshark sees packets before they hit netfilter my first thought was that iptables was blocking the incoming protocol 41 packets but it's not. IPv4 and 6 forwarding are enabled in the kernel but there must be some setting I'm missing that causes the incoming packets to vanish after they're received on the IPv4 side!

Any help would be appreciated - I can provide configs and anything, just let me know what you need! :)

Thanks for any help,
Steve

daviessm

Just to add to this, ipv6 routing seems to be working - using tcpdump I can see that packets from my laptop are routed correctly down sit1 and responses (ping responses or connection handshakes) are correctly returning down it (viewed by a tcpdump on eth1) but the packets still seem to disappear after that and don't show up on the tcpdump on sit1!

I'm probably missing a sysctl setting or something (not IPv6 forwarding) but I have no idea which one!

Please help :) Thanks

snarked

Using iptables, protocol 41 has to be accepted in the INPUT chain of the filter table, not FORWARD.  Your efforts imply that you may be using the forward chain, not input, to permit them.

daviessm

Hi, even with both FORWARD and INPUT set with policy ACCEPT I'm still having the same problem..thanks though!

daviessm

I got it fixed - I'd specified the endpoint of my SIT tunnel as my external IP instead of the local one in the DMZ that my external router rewrites packets with - so my server was sending them out with a different source address from what it was receiving them back with in the destination address field, and not understanding what to do with them.