Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Tunnel is OK, but seems like no routing.  (Read 3320 times)

kashey

  • Newbie
  • *
  • Posts: 4
Tunnel is OK, but seems like no routing.
« on: May 01, 2011, 01:26:22 PM »


Good morning!

My network configuration:

(I have external fixed IP 188.134.79.126, but not assigned to my interface, all packet redirected to 10.201.112.143 from ISP).

Code: [Select]
[root@r1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:8B:8E:F9:51
          inet addr:10.201.112.143  Bcast:10.201.112.255  Mask:255.255.255.0
          inet6 addr: fe80::250:8bff:fe8e:f951/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19022056 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21037780 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:54593712 (52.0 MiB)  TX bytes:735333259 (701.2 MiB)

he-ipv6   Link encap:IPv6-in-IPv4
          inet6 addr: fe80::ac9:708f/128 Scope:Link
          inet6 addr: 2001:470:1f04:1331::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:72 errors:0 dropped:0 overruns:0 frame:0
          TX packets:560 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7680 (7.5 KiB)  TX bytes:51239 (50.0 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:410 errors:0 dropped:0 overruns:0 frame:0
          TX packets:410 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:38768 (37.8 KiB)  TX bytes:38768 (37.8 KiB)

Pinging my tunnel endpoint - OK

(ping 3 times)

Code: [Select]
[root@r1 ~]# ping6 -n 2001:470:1f04:1331::1
PING 2001:470:1f04:1331::1(2001:470:1f04:1331::1) 56 data bytes
64 bytes from 2001:470:1f04:1331::1: icmp_seq=1 ttl=64 time=173 ms
64 bytes from 2001:470:1f04:1331::1: icmp_seq=2 ttl=64 time=173 ms
64 bytes from 2001:470:1f04:1331::1: icmp_seq=3 ttl=64 time=173 ms
^C
--- 2001:470:1f04:1331::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 173.107/173.257/173.364/0.109 ms

3 packets pairs passed via he-ipv6 interface - OK.

Code: [Select]
[324595.704625] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2001:0470:1f04:1331:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5423 SEQ=1
[324595.877978] V6/I:_IN=he-ipv6 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00:45:40:00:7c:00:00:40:00:f3:29:5b:42:48:34:68:4a:0a:c9:70:8f TUNNEL=72.52.104.74->10.201.112.143 SRC=2001:0470:1f04:1331:0000:0000:0000:0001 DST=2001:0470:1f04:1331:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=5423 SEQ=1

[324596.706522] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2001:0470:1f04:1331:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5423 SEQ=2
[324596.879677] V6/I:_IN=he-ipv6 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00:45:40:00:7c:00:00:40:00:f3:29:5b:42:48:34:68:4a:0a:c9:70:8f TUNNEL=72.52.104.74->10.201.112.143 SRC=2001:0470:1f04:1331:0000:0000:0000:0001 DST=2001:0470:1f04:1331:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=5423 SEQ=2

[324597.707885] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2001:0470:1f04:1331:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5423 SEQ=3
[324597.881294] V6/I:_IN=he-ipv6 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00:45:40:00:7c:00:00:40:00:f3:29:5b:42:48:34:68:4a:0a:c9:70:8f TUNNEL=72.52.104.74->10.201.112.143 SRC=2001:0470:1f04:1331:0000:0000:0000:0001 DST=2001:0470:1f04:1331:0000:0000:0000:0002 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=5423 SEQ=3

and 3 packet pairs of protocol 41 passed via eth0 interface - OK.

Code: [Select]
[324595.704785] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324595.877809] HE/I:_IN=eth0 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00 SRC=72.52.104.74 DST=10.201.112.143 LEN=124 TOS=0x00 PREC=0x40 TTL=243 ID=0 DF PROTO=41
[324596.706619] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324596.879520] HE/I:_IN=eth0 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00 SRC=72.52.104.74 DST=10.201.112.143 LEN=124 TOS=0x00 PREC=0x40 TTL=243 ID=0 DF PROTO=41
[324597.707981] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324597.881140] HE/I:_IN=eth0 OUT= MAC=00:50:8b:8e:f9:51:00:21:d7:b1:07:d1:08:00 SRC=72.52.104.74 DST=10.201.112.143 LEN=124 TOS=0x00 PREC=0x40 TTL=243 ID=0 DF PROTO=41


But no answer from IPv6 sites. Pinging google - no answer.

(ping 4 times)

Code: [Select]
[root@r1 ~]# ping6 -n ipv6.google.com
PING ipv6.google.com(2a00:1450:8001::93) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

4 packets go out via he-ipv6 interface.

Code: [Select]
[324899.688545] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=1
[324900.688274] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=2
[324901.688250] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=3
[324902.688282] V6/O:_IN= OUT=he-ipv6 SRC=2001:0470:1f04:1331:0000:0000:0000:0002 DST=2a00:1450:8001:0000:0000:0000:0000:0093 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=5428 SEQ=4

and 4 protocol 41 packets go out via eth0 interface.

Code: [Select]
[324899.688688] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324900.688375] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324901.688349] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41
[324902.688386] HE/O:_IN= OUT=eth0 SRC=10.201.112.143 DST=72.52.104.74 LEN=124 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=41

There is no reply at all.

Instead of ipv6.google.com other sites have the same effect,
but I can ping my neighbours (1330::1, 1320::1 etc).

Code: [Select]
[root@r1 ~]# ping6 -n 2001:470:1f04:1330::1
PING 2001:470:1f04:1330::1(2001:470:1f04:1330::1) 56 data bytes
64 bytes from 2001:470:1f04:1330::1: icmp_seq=1 ttl=64 time=171 ms
64 bytes from 2001:470:1f04:1330::1: icmp_seq=2 ttl=64 time=171 ms
^C
--- 2001:470:1f04:1330::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 171.593/171.599/171.605/0.006 ms


What my be wrong?


Thank you for any help.

Ivan.

Logged

troz

  • Newbie
  • *
  • Posts: 7
Re: Tunnel is OK, but seems like no routing.
« Reply #1 on: May 01, 2011, 09:33:57 PM »

You don't have a default (ipv6) route???  I can ping the HE side (::1), but not your side (::2).
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2732
Re: Tunnel is OK, but seems like no routing.
« Reply #2 on: May 02, 2011, 05:57:21 AM »

What commands did you use to set up the tunnel?

What do your routing tables look like?
Logged

kashey

  • Newbie
  • *
  • Posts: 4
Re: Tunnel is OK, but seems like no routing.
« Reply #3 on: May 02, 2011, 06:03:29 AM »

You don't have a default (ipv6) route???
I have, of course. As you can see, my outgoing packets succesfully running into he-ipv6 interface, then (protocol 41 encapsulated) via eth0 to 72.52.104.74 (tunnel broker).

I can ping the HE side (::1), but not your side (::2).
I scan iptables log, and see no any incoming protocol 41 packet on eth0. :(

I can ping 1330::1, 1320::1 but not 1330::2, 1320::2 too.
Logged

kashey

  • Newbie
  • *
  • Posts: 4
Re: Tunnel is OK, but seems like no routing.
« Reply #4 on: May 02, 2011, 07:07:07 AM »

What commands did you use to set up the tunnel?
I have used command suggested by tunnelbroker:
Code: [Select]
ip tunnel add he-ipv6 mode sit remote 72.52.104.74 local 10.201.112.143 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1f04:1331::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

What do your routing tables look like?

Here is the ip -6 route show output:

Code: [Select]
unreachable ::/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:a00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 2002:e000::/19 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0

And all my packets routed to he-ipv6, encapsulated into protocol 41 packets and passed out.
(outgoing packets logged by iptables).
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2732
Re: Tunnel is OK, but seems like no routing.
« Reply #5 on: May 02, 2011, 07:24:53 AM »

Are you running IP6tables?

Logged

kashey

  • Newbie
  • *
  • Posts: 4
Re: Tunnel is OK, but seems like no routing.
« Reply #6 on: May 02, 2011, 07:56:06 AM »

Are you running IP6tables?

Yes, I do. But only to log all in /out packets, and drop V6 packet, if they appear at ISP-connected eth0.

Code: [Select]
*raw
-A PREROUTING -j LOG --log-prefix V6/I:_
COMMIT

*mangle
-A POSTROUTING -j LOG --log-prefix V6/O:_
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i he-ipv6 -j ACCEPT
-A INPUT -i lo      -j ACCEPT
-A INPUT -j DROP
COMMIT

Output made by -j LOG rules can be seen in my first message.
Logged