• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Help my ipv6 is not working - clients can ping6 but firefox can't get sites

Started by dcottle, February 21, 2011, 02:35:10 PM

Previous topic - Next topic

dcottle

I just updated our main gateway server to centos-5.5

My clients all can ping ipv6.google.com and gets replies.  However you can't browse it just says not found.

I run test your ipv6 and it says no ipv6 address, yet its there:

PING ipv6.google.com(2404:6800:8004::68) 56 data bytes
64 bytes from 2404:6800:8004::68: icmp_seq=1 ttl=55 time=380 ms
64 bytes from 2404:6800:8004::68: icmp_seq=2 ttl=55 time=378 ms
64 bytes from 2404:6800:8004::68: icmp_seq=3 ttl=55 time=377 ms
64 bytes from 2404:6800:8004::68: icmp_seq=4 ttl=55 time=378 ms

Any idea's?

I dont have anything set in the server in iptables yet, make 41 is needed?

The server itself works perfectly 10 out of 10 for ipv6 test and surf all sites.

Considering my clients can ping6 any ipv6 address but not connect in firefox its got me lost what is wrong as its obviously working forwarding ipv6, atleast icmp and dns requests.

I really think its all in the iptables or ip6tables on the server, any help appreciated.

Thanks!

cholzhauer

if you think its in iptables, why not post the config? :)  do all of your clients have ipv6 addresses?

dcottle

#2
Thanks! I can't get it until later I am mobile on iPad. I think it's got to be in the ip6tables as clients can ping6 but not get sites I assume it's only allowing icmp6. It should have nothing to do with iptables on the server simply the server can firefox and it works with the iptables as it is.
All clients receive an ipv6 address via radvd confirmed by ifconfig as welll as they get ping6 replies.

Also the ping6 -c1 ipv6.google.com also passes the DNS request to the server as it then gets the ip and ping6 packet comes back.

It's confusing as I know something is blocking. I am running centos 5.5 could it be the firewall on the server?

It was all working, but I changed my server over to centos and ip6 on clients also stopped.

As clients can ping6 it means they have ip6 addresses, plus as the server has two nics it's forwarding ipv6 and of course my clients can surf the ip4 world. What ever is broken is on the server that's all that's been changed.

What's a setting I can put in ip6tablles to allow alll incoming?

Thanks.

dcottle

its not the firewall :(

with it disabled there are no ip6tables or iptables

Still the same clients can ping6 and nothing else

Server continues to work.

What do you need?

I am still at a loss icmp6 works but nothing else to the LAN.

This is from a clinet:

traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2404:6800:8004::68), 30 hops max, 80 byte packets
1  2001:xx:xx:2::1 (2001:xx:xx:2::1)  0.127 ms  0.083 ms  0.058 ms
xx-xx.xx.fmt2.ipv6.he.net (2001:xx:xx:175f::1)  169.861 ms  177.678 ms  184.057 ms
gige-g5-19.core1.fmt2.he.net (2001:470:0:45::1)  188.437 ms  188.633 ms  188.843 ms
10gigabitethernet1-2.core1.pao1.he.net (2001:470:0:30::2)  195.517 ms  195.697 ms  195.915 ms
core2-1-1-0.pao.net.google.com (2001:504:d::1f)  185.753 ms  185.492 ms  185.946 ms
6  2001:4860::1:0:7ea (2001:4860::1:0:7ea)  186.164 ms 2001:4860::1:0:21 (2001:4860::1:0:21)  186.124 ms 2001:4860::1:0:7ea (2001:4860::1:0:7ea)  185.807 ms
7  2001:4860::1:0:75 (2001:4860::1:0:75)  394.890 ms  281.277 ms 2001:4860::1:0:47 (2001:4860::1:0:47)  301.323 ms
8  2001:4860::1:0:165 (2001:4860::1:0:165)  280.633 ms  280.801 ms  281.737 ms
9  2001:4860::1:0:9f7 (2001:4860::1:0:9f7)  381.552 ms  382.409 ms  383.360 ms
10  2001:4860:0:1::d7 (2001:4860:0:1::d7)  385.059 ms  385.287 ms  385.499 ms
11  2404:6800:8004::68 (2404:6800:8004::68)  386.266 ms  386.644 ms  386.859 ms
>

cholzhauer

x'ing out addresses makes things harder.

what does ip/ifconfig look like on a machine that isn't working? Also, post a copy of the routing tables.

If you turn the firewall off, can you browse IPv6 sites from your router?

dcottle

Okay fixed at last!

I had to make a ip6tables in sysconfig


Generated by ip6tables-save v1.4.7 on Tue Feb 22 20:15:36 2011
*filter
:INPUT ACCEPT [463:78263]
:FORWARD ACCEPT [716:404072]
:OUTPUT ACCEPT [327:32189]
:RH-Firewall-1-INPUT - [0:0]
COMMIT
# Completed on Tue Feb 22 20:15:36 2011


Now clients have ip6 again...