• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

[SOLVED] Rather lost on Debian Lenny...seems to not be working...what do I do?

Started by marcusw, January 21, 2011, 06:09:11 PM

Previous topic - Next topic


I set up a tunnel account and tried the commands to set it up:
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:XXX:XXX::2/64
route -A inet6 add ::/0 dev sit1

And when I nmap -6 my IPv6 endpoint address from that machine, I can see all my open ports just the way I should. I can even telnet into my web server at port 8000. But I can't telnet into ipv6.google.com (the name is resolved just fine) or do other IPv6-y things. This box is my gateway/server so it's directly connected to the net. My ISP is Cox, which has a tendency to randomly block things, so it may be their problem. But I doubt it. I have all IMCP things enabled with my firstarter firewall and have iptables set to allow all packets in either direction on sit0 and sit1. I'm on Debian Lenny.

Also, how do I do IPv6 on my LAN? Is there a DHCP server for that or something?

Oh, and to complicate things, I have a dynamic IP. My ISP won't give me static one, but it can't be helped. It stays the same until I reset my modem though, so it's not too bad...

I tried with a host on my LAN and am now seeing this in the syslog every time I try to ping my IPv6 with the "looking glass":
Jan 21 22:43:50 wannerhome kernel: [437956.022650] Unknown ForwardIN=eth1 OUT=eth0 SRC= DST= LEN=100 TOS=0x00 PREC=0x00 TTL=248 ID=0 DF PROTO=41 is the other computer I tried it from (Ubuntu 10.10 desktop). I stopped the tunnel like 1 hour ago and it's still thinking that that's where it should be headed. What can I do about this?

All right, the other end of the tunnel reset itself after several hours and I am now having no problems. There was an issue with firestarter, my firewall, which doesn't seem to know about IPv6, but I was able to fix it by adding the tunnel endpoint ( to the list of trusted hosts. With the GUI, you can do Policy tab > Allow connections from host section > Right Click > Add Rule > Tunnel endpoint in the box > Add, and then Apply Policy. If you like the CLI, all you have to do to set it up is this:
echo "<Server IPv4 address>, HE's IPv6 Tunnel Gateway" >> /etc/firestarter/inbound/allow-from && /etc/init.d/firestarter restart
And you should be good to go.

I can probably get the rest of my LAN set up my myself, but any pointers would be very much appreciated. What I'm looking for is assigning each machine an address on the routed /64 that I have assigned and have them accessible from the rest of the net. Thanks!

Got radvd to work with some hacking and am having some problems that look like routing glitches. Will start a new thread if I can't get this fixed.

I have everything working fine now. I've posted a complete guide to how I did it here: http://www.tunnelbroker.net/forums/index.php?topic=1420.0