• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

CentOS routing help

Started by horsemen, December 21, 2010, 10:30:42 AM

Previous topic - Next topic

horsemen

Good day, I have set obtained a /48 and succseffly set up the tunnel, my router can ping6 ipv6.google.com and I get a responce, I can also visit it on my browser. however my other host on my lan can ping only the directly connected interface and nothing else. Any help would be aprechiated. Below is the router set up

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:FB:C0:CF 
          inet addr:75.152.109.214  Bcast:75.152.111.255  Mask:255.255.240.0
          inet6 addr: 2001:470:b115::2/48 Scope:Global
          inet6 addr: fe80::20c:29ff:fefb:c0cf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:158668 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165704 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:33953895 (32.3 MiB)  TX bytes:22004342 (20.9 MiB)
          Interrupt:67 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:0C:29:FB:C0:D9 
          inet6 addr: 2001:470:b115::3/48 Scope:Global
          inet6 addr: fe80::20c:29ff:fefb:c0d9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:162193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:163066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:18880419 (18.0 MiB)  TX bytes:18916588 (18.0 MiB)
          Interrupt:67 Base address:0x2080

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:b115::1/48 Scope:Global
          inet6 addr: fe80::4b98:6dd6/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:74935 errors:0 dropped:0 overruns:0 frame:0
          TX packets:74970 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7818272 (7.4 MiB)  TX bytes:9295572 (8.8 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2379 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2379 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3452546 (3.2 MiB)  TX bytes:3452546 (3.2 MiB)

ip -6 route show

unreachable ::/96 dev lo  metric 1024  expires 21334176sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21334176sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:b115::/48 via :: dev he-ipv6  metric 256  expires 21334280sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/48 dev eth0  metric 256  expires 21334280sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1  metric 256  expires 21334280sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21334118sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21334126sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21334280sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21334280sec mtu 1480 advmss 1420 hoplimit 4294967295


Config Script I use

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:b115::1/48 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip addr add 2001:470:b115::2/48 dev eth0
ip addr add 2001:470:b115::3/48 dev eth1
ip -f inet6 addr
sysctl -w net.ipv6.conf.all.forwarding=1

And my LAN host

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:26:18:3b:0b:1f 
          inet addr:10.0.0.10  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::226:18ff:fe3b:b1f/64 Scope:Link
          inet6 addr: 2001:470:b115::4/48 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:164831 errors:0 dropped:0 overruns:0 frame:0
          TX packets:161984 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19638355 (18.7 MiB)  TX bytes:18800088 (17.9 MiB)
          Interrupt:222 Base address:0x6000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:23 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2840 (2.7 KiB)  TX bytes:2840 (2.7 KiB)

ip -6 route show

2001:470:b115::/48 dev eth0  proto kernel  metric 256  expires 2590586sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::20c:29ff:fefb:c0d9 dev eth0  proto kernel  metric 1024  expires 224sec mtu 1500 advmss 1440 hoplimit 64


Again Thanks for any help

Shawn Foisy

cholzhauer

#1
First, a couple things.

The IP on he-ipv6 should be 2001:470:b115::2 and your default route should point to 2001:470:b115::1

The IP you have on eth0 should be out of the /48 you grabbed.  

EDIT:

Same thing for eth1..take a /64 out of your /48 and assign an address out of that

Same thing for your lan host...take another /64 out of your /48 and assign an IP address out of that

horsemen

Routed /48:    2001:470:b115::/48

the 2001:470:b115:: is my routable address space so using    2001:470:b115::X should be alright?

I am going to make the change noted above and let you know.

cholzhauer

If that's what you say it is, so be it.

The problem is you're using that same network for your tunnel /64

Let me see if I can make this clearer...  Lets say 2001:db8:1:1::/64 is your tunnel /64 and 2001:db8:f::/48 is your routed /48.  The address on he-ipv6 should be 2001:db8:1:1::2 and the default route should point to 2001:db8:1:1::1  For eth0 on your tunnel machine, you would select a /64 out of your /48, say 2001:db8:f:1::/64 and assign an address, say 2001:db8:f:1::1.  Then, for eth1, you assign another, say 2001:db8:f:2::1  (assuming those are connected to different networks).  For eth0 on your host computer, you select another, say 2001:db8:f:3::1

Make sense?

What is your tunnel /64 that's listed on the webpage?

horsemen

   Routed /64:    2001:470:1d:417::/64

so I made some changes to the script

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1d:417::2/64  dev he-ipv6
ip route add ::/0 dev he-ipv6
ip addr add 2001:470:b115::1:1/64 dev eth0
ip addr add 2001:470:b115::2:1/64 dev eth1
ip -f inet6 addr
sysctl -w net.ipv6.conf.all.forwarding=1

I think this right?
so on the host machine I would use say 2001:470:b115::3:1/64 dev eth0 ? and what about the next machine on the LAN i could use 2001:470:b115::3:2/64 ?

but eth1 and LAN machine are connected via a swith so they should be on the same network 2001:470:b115::2:2/64 ?

I am going to restart the router with the canges and see if anything works.

also how do i make the default route: 2001:db8:1:1::1  For eth0 on my tunnel machine?


cholzhauer

You are hosting this tunnel on a PC, right?  (as opposed to a cisco router or something)

If eth1 and your lan machines are on the same network segment, then yes, they should have the same  /64.  One host could be 2001:470:b115::2:2, one could be 2001:470:b115::2:3, ect.  If you did that, 2001:470:b115::3:1 would be acceptable to use on eth0

I'm not sure what you mean by this

Quote
also how do i make the default route: 2001:db8:1:1::1  For eth0 on my tunnel machine?

horsemen

You are hosting this tunnel on a PC, right?  (as opposed to a cisco router or something)
yes its a CentOS Linux box or well VM

and I ment how do I add the default route
ip -6 route add :: via 2001:470:1d:417::1/64 ?

So I canged the address and they are

eth0      Link encap:Ethernet  HWaddr 00:0C:29:FB:C0:CF 
          inet addr:75.152.109.214  Bcast:75.152.111.255  Mask:255.255.240.0
          inet6 addr: 2001:470:b115::1:1/64 Scope:Global
          inet6 addr: fe80::20c:29ff:fefb:c0cf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2539 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2274 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2522712 (2.4 MiB)  TX bytes:378260 (369.3 KiB)
          Interrupt:75 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:0C:29:FB:C0:D9 
          inet6 addr: 2001:470:b115::2:1/64 Scope:Global
          inet6 addr: fe80::20c:29ff:fefb:c0d9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:412 errors:0 dropped:0 overruns:0 frame:0
          TX packets:422 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:48828 (47.6 KiB)  TX bytes:51682 (50.4 KiB)
          Interrupt:75 Base address:0x2080

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1d:417::2/64 Scope:Global
          inet6 addr: fe80::4b98:6dd6/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:841 errors:0 dropped:0 overruns:0 frame:0
          TX packets:850 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:622887 (608.2 KiB)  TX bytes:231573 (226.1 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2636 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2636 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3861316 (3.6 MiB)  TX bytes:3861316 (3.6 MiB)

and LAN host is now 2001:470:b115::2:2/64 and it can ping 2001:470:b115::2:1 not a problem but not 2001:470:b115::1:1 I get destination unreachable address unreachable. If I try to ping the tunnel 2001:470:1d:417::2 I get Connect: Network unreachable.

Sorry for my ignorance, and thaks for the help

cholzhauer

So if you do a "ping6 2001:470:1d:417::1" it doesn't work?  That's the other end of the tunnel, which means your runnel isn't up.  But, from the traffic statistics, it looks like traffic is being sent. (There's more traffic there than there is on eth1)

You're going to want to route your /48 out eth1.

As for your default route, take a look at this  (Which, if you don't have a default route, pings wouldn't be working)

http://www.cyberciti.biz/tips/linux-ipv6-default-route-not-working.html

horsemen

this is what I get from the router

[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit

[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x68.1e100.net) 56 data bytes
64 bytes from iw-in-x68.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x68.1e100.net: icmp_seq=1 ttl=54 time=101 ms
64 bytes from iw-in-x68.1e100.net: icmp_seq=2 ttl=54 time=102 ms

as for routing the /48
[root@d75-152-109-214 ~]# ip -6 route add 2001:470:b115::/48 via 2001:470:b115::2:1 dev eth1
RTNETLINK answers: No route to host

I'm lost



cholzhauer

What do your routing tables look like now

horsemen

[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6  metric 1024  expires 21333788sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6  metric 256  expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0  metric 256  expires 21333739sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1  metric 256  expires 21333739sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21333618sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21333622sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#

cholzhauer


default dev he-ipv6  metric 1024  expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295


That's your default route.

I've read that for some kernels, you need to add that route from the link before

ip route add 2000::/3 dev he-ipv6

horsemen

i've added the route.

here is what I get from router

[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x63.1e100.net) 56 data bytes
64 bytes from iw-in-x63.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x63.1e100.net: icmp_seq=1 ttl=54 time=102 ms
64 bytes from iw-in-x63.1e100.net: icmp_seq=2 ttl=54 time=101 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 9875ms
rtt min/avg/max/mdev = 101.408/101.679/102.186/0.443 ms, pipe 2
[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=2 Time exceeded: Hop limit

--- 2001:470:1d:417::1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5380ms

also i did
ip route add 2001:470:b115::/48 dev eth1

[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6  metric 1024  expires 21333005sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6  metric 256  expires 21332957sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0  metric 256  expires 21332957sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1  metric 256  expires 21332957sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1  metric 1024  expires 21334321sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6  metric 1024  expires 21334136sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21332836sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21332840sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21332957sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21332957sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#

Host still can't ping outside 2001:470:b115::2:/64

Thanks for your help so far



cholzhauer

Something strange is happening


[carl@mars ~]$ ping6 2001:470:1d:417::2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1d:417::2
16 bytes from 2001:470:1d:417::2, icmp_seq=0 hlim=57 time=252.102 ms
16 bytes from 2001:470:1d:417::2, icmp_seq=1 hlim=57 time=149.014 ms
16 bytes from 2001:470:1d:417::2, icmp_seq=2 hlim=57 time=144.916 ms
16 bytes from 2001:470:1d:417::2, icmp_seq=3 hlim=57 time=144.671 ms
^C
--- 2001:470:1d:417::2 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 144.671/172.676/252.102/45.889 ms

[carl@mars ~]$ ping6 2001:470:1d:417::1
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1d:417::1
^C
--- 2001:470:1d:417::1 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss


According to that, I can ping your side of the tunnel, but not HE's side

I can even ping your eth1



[carl@mars ~]$ ping6  2001:470:b115::2:1
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:b115::2:1
16 bytes from 2001:470:b115::2:1, icmp_seq=0 hlim=57 time=146.072 ms
16 bytes from 2001:470:b115::2:1, icmp_seq=1 hlim=57 time=145.695 ms
16 bytes from 2001:470:b115::2:1, icmp_seq=2 hlim=57 time=145.200 ms
^C
--- 2001:470:b115::2:1 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 145.200/145.656/146.072/0.357 ms

horsemen

can you ping6  2001:470:b115::2:2 ?

and that is weird?

I will restart the router maybe somthing got cofufled in changing settings?