Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: trying to talk between two ipv6 networks with no firewalls  (Read 3166 times)

jrwren

  • Newbie
  • *
  • Posts: 6
trying to talk between two ipv6 networks with no firewalls
« on: November 28, 2010, 06:30:52 PM »

One is a comcast 6to4. it looks configured correctly. multiple hosts can browse sites like ipv6.google.com and http://ipv6.whatismyipv6.net/?s=browser_environment

The other is a hurricane electric tunnel. it too lets multiple hosts browse the same sites.

But when a host from one tries to ping or traceroute or nmap or connect to port 80, it times out.

e.g.

from 2001:470:1f11:3bb:213:20ff:fe61:e7d4/64

jrwren@baltar:~$ ping6 2002:47ee:e061:1:e1ae:efe8:df4b:968a
PING 2002:47ee:e061:1:e1ae:efe8:df4b:968a(2002:47ee:e061:1:e1ae:efe8:df4b:968a) 56 data bytes
^C
--- 2002:47ee:e061:1:e1ae:efe8:df4b:968a ping statistics ---
17 packets transmitted, 0 received, 100% packet loss, time 16127ms


jrwren@baltar:~$ traceroute6  2002:47ee:e061:1:e1ae:efe8:df4b:968a
traceroute to 2002:47ee:e061:1:e1ae:efe8:df4b:968a (2002:47ee:e061:1:e1ae:efe8:df4b:968a) from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, 30 hops max, 16 byte packets
 1  2001:470:1f11:3bb::1 (2001:470:1f11:3bb::1)  3.229 ms  0.343 ms  0.248 ms
 2  jrwren-2.tunnel.tserv9.chi1.ipv6.he.net (2001:470:1f10:3bb::1)  61.931 ms  58.821 ms  59.188 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *



from 2002:47ee:e061:1:e1ae:efe8:df4b:968a/64


jrwren@delays:{4}~/src/openwrt $ ping6 2001:470:1f11:3bb:213:20ff:fe61:e7d4
PING 2001:470:1f11:3bb:213:20ff:fe61:e7d4(2001:470:1f11:3bb:213:20ff:fe61:e7d4) 56 data bytes
^C
--- 2001:470:1f11:3bb:213:20ff:fe61:e7d4 ping statistics ---
82 packets transmitted, 0 received, 100% packet loss, time 81091ms

jrwren@delays:{4}~/src/openwrt $ traceroute6 2001:470:1f11:3bb:213:20ff:fe61:e7d4
traceroute to 2001:470:1f11:3bb:213:20ff:fe61:e7d4 (2001:470:1f11:3bb:213:20ff:fe61:e7d4) from 2002:47ee:e061:1:210:b5ff:feb1:1a6e, 30 hops max, 24 byte packets
 1  2002:47ee:e061:1::1 (2002:47ee:e061:1::1)  0.424 ms  0.394 ms  0.345 ms
 2  2002:c058:6301:: (2002:c058:6301::)  277.793 ms  246.361 ms  429.501 ms
 3  ge-6-28-ur05.area4.il.chicago.comcast.net (2001:558:fe04:1::1)  278.378 ms  294.549 ms  290.968 ms
 4  te-8-2-ur04.area4.il.chicago.comcast.net (2001:558:300:55::1)  324.476 ms  352.136 ms  451.184 ms
 5  te-1-3-0-0-ar01.elmhurst.il.chicago.comcast.net (2001:558:300:56::2)  494.39 ms  401.255 ms  472.648 ms
 6  pos-0-7-0-0-ar01.indianapolis.in.indiana.comcast.net (2001:558:300:138::2)  316.961 ms  405.678 ms  380.116 ms
 7  2001:558:0:f6ab::1 (2001:558:0:f6ab::1)  558.226 ms  330.829 ms  420.681 ms
 8  pos-0-3-0-0-pe01.56marietta.ga.ibone.comcast.net (2001:558:0:f5e1::2)  325.719 ms  394.291 ms  582.615 ms
 9  * * *
10  * * *
11  gige-g3-16.core1.ash1.he.net (2001:470:0:191::1)  541.701 ms  398.324 ms  432.189 ms
12  10gigabitethernet1-2.core1.nyc4.he.net (2001:470:0:36::2)  311.117 ms  344.03 ms  519.227 ms
13  10gigabitethernet1-2.core1.chi1.he.net (2001:470:0:4e::1)  405.022 ms  464.816 ms  472.198 ms
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  *



In the process of writing this post i realized that on the 2002:47ee:e061:1::/64 router I was missing a default route. it just turns out that most of the ipv6 hosts that i know of did have routes.

Now I think something must be configured wrong with my he tunnel.

its route table looks like this:

2001:470:1f10:3bb::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:1f11:3bb::/64 dev br0  proto kernel  metric 256  mtu 1280 advmss 1220 hoplimit 4294967295
fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev wifi0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev ath0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev wifi1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev ath1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295
unreachable default dev lo  proto kernel  metric -1  error -128 hoplimit 255
ff00::/8 dev br0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev wifi0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev ath0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev wifi1  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev ath1  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth1  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev he-ipv6  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
unreachable default dev lo  proto kernel  metric -1  error -128 hoplimit 255

its addresses look like this:

1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
       valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::c23f:eff:fe8d:3d9d/64 scope link
       valid_lft forever preferred_lft forever
6: wifi0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
       valid_lft forever preferred_lft forever
7: wifi1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::c23f:eff:fe8d:3d9e/64 scope link
       valid_lft forever preferred_lft forever
8: br0: <BROADCAST,MULTICAST,PROMISC,UP,10000> mtu 1500
    inet6 2001:470:1f11:3bb::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
       valid_lft forever preferred_lft forever
18: ath0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
       valid_lft forever preferred_lft forever
19: ath1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::c23f:eff:fe8d:3d9e/64 scope link
       valid_lft forever preferred_lft forever
22: he-ipv6: <POINTOPOINT,NOARP,UP,10000> mtu 1480
    inet6 2001:470:1f10:3bb::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::ad0e:24d1/128 scope link
       valid_lft forever preferred_lft forever
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: trying to talk between two ipv6 networks with no firewalls
« Reply #1 on: November 29, 2010, 05:11:23 AM »

The HE side seems to be working

Code: [Select]
[carl@mars ~]$ ping6 2001:470:1f11:3bb:213:20ff:fe61:e7d4
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1f11:3bb:213:20ff:fe61:e7d4
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=0 hlim=61 time=99.937 ms
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=1 hlim=61 time=108.854 ms
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=2 hlim=61 time=108.914 ms
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=3 hlim=61 time=104.931 ms
^C
--- 2001:470:1f11:3bb:213:20ff:fe61:e7d4 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 99.937/105.659/108.914/3.677 ms

If I had to wager a guess, I'd say it's the 6to4 stuff that isn't working as I can't ping any of the addresses you listed, but I can ping every HE address you listed.
Logged

jrwren

  • Newbie
  • *
  • Posts: 6
Re: trying to talk between two ipv6 networks with no firewalls
« Reply #2 on: November 29, 2010, 08:26:43 AM »

thanks for that.

i saw on twitter that comcast was having network issues last night, maybe that includes their 6to4

The strange part is that i from those comcast 6to4 addresses i could browse ipv6 websites, but i couldn't browse a website on that he tunnel.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: trying to talk between two ipv6 networks with no firewalls
« Reply #3 on: November 29, 2010, 08:29:16 AM »

Is there a default route on the HE side?

Or is this it?
Code: [Select]
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295
Logged

jrwren

  • Newbie
  • *
  • Posts: 6
Re: trying to talk between two ipv6 networks with no firewalls
« Reply #4 on: November 29, 2010, 11:10:41 AM »

that is it.
Logged