• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

CentOS IPv6 router passing packets out via HE tunnel but not back to local LAN

Started by hhoffman, May 20, 2011, 09:15:19 AM

Previous topic - Next topic

hhoffman

Hi All,

First, I'm a noob when it comes to ipv6. I've read up on the various docs and searched the forums and have managed to get most of the configs together for a ipv6 router running on CentOS.
The tunnel to HE is up and running and I can ping6/traceroute6/and browse from the router/firewall to the ipv6 world.

[windows7] <---->[eth1]linux router[sit1][eth0_publicip]<====>[hurricane_electric]

I also, have radvd configured on the router's internal interface (eth1). A windows 7 laptop gets a ipv6 address from radvd and also has a link local ipv6 addr on it's interface.

I'm trying to ping out from the windows7 client to ipv6.google.com. I see the packets come through the router and go out to HE via sit1. I see replies come back but they never make it back to the windows7 client. And here's where I'm stuck. I'm not sure what to do next, and any pointers would be greatly appreciated.

Here are the relevant configs (I think I've included everything):
IPv6 Tunnel Endpoints
Server IPv4 Address:216.66.22.2
Server IPv6 Address:2001:470:7:d74::1/64
Client IPv4 Address:108.36.164.246
Client IPv6 Address:2001:470:7:d74::2/64

Available DNS Resolvers
Anycasted IPv6 Caching Nameserver:2001:470:20::2
Anycasted IPv4 Caching Nameserver:74.82.42.42

Routed IPv6 Prefixes
Routed /64:2001:470:8:d74::/64
Routed /48:2001:470:e43c::/48 [X]

(from the linux router/firewall)
#ip addr list
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:23:d0:8f:16 brd ff:ff:ff:ff:ff:ff
    inet 108.36.164.246/24 brd 108.36.164.255 scope global eth0
    inet6 fe80::204:23ff:fed0:8f16/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:23:d0:8f:17 brd ff:ff:ff:ff:ff:ff
    inet 172.16.255.254/24 brd 172.16.255.255 scope global eth1
    inet6 fe80::204:23ff:fed0:8f17/64 scope link
       valid_lft forever preferred_lft forever
6: sit1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue
    link/sit 0.0.0.0 peer 216.66.22.2
    inet6 2001:470:7:d74::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::ac10:fffe/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::6c24:a4f6/64 scope link
       valid_lft forever preferred_lft forever


#ip route list
default dev sit1  metric 1024  expires 21267322sec mtu 1480 advmss 1420 hoplimit 4294967295
108.36.164.0/24 dev eth0  proto kernel  scope link  src 108.36.164.246
172.16.255.0/24 dev eth1  proto kernel  scope link  src 172.16.255.254
169.254.0.0/16 dev eth1  scope link
default via 108.36.164.1 dev eth0

#ip -6 route list
unreachable ::/96 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:7:d74::/64 via :: dev sit1  metric 256  expires 21251835sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:8:d74::/64 dev sit1  metric 1  expires 21251835sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21251835sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21251823sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21251825sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev sit1  metric 256  expires 21251835sec mtu 1480 advmss 1420 hoplimit 4294967295

# grep forwarding /etc/sysctl.conf
net.ipv6.conf.all.forwarding = 1


# cat /etc/radvd.conf
# NOTE: there is no such thing as a working "by-default" configuration file.
#       At least the prefix needs to be specified.  Please consult the radvd.conf(5)
#       man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help.
#
#
interface eth1
{
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 2001:470:8:d74::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
#               AdvRouterAddr off;
        };

};


[root@108.36.164.246 ~]$ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=0 ttl=51 time=212 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=51 time=239 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=51 time=229 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=51 time=232 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=51 time=216 ms


[ From a windows 7 client behind the linux firewall I ping -6 ipv6.google.com ]
#tcpdump -i sit1 -lnn
11:55:26.419652 IP6 2001:470:8:d74:3009:b350:1b5:ac83 > 2001:4860:800e::68: ICMP6, echo request, seq 5832, length 40
11:55:26.446708 IP6 2001:4860:800e::68 > 2001:470:8:d74:3009:b350:1b5:ac83: ICMP6, echo reply, seq 5832, length 40
11:55:26.446731 IP6 fe80::ac10:fffe > 2001:4860:800e::68: ICMP6, redirect, 2001:470:8:d74:3009:b350:1b5:ac83 to 2001:470:8:d74:3009:b350:1b5:ac83, length 136
11:55:26.446742 IP6 2001:4860:800e::68 > 2001:470:8:d74:3009:b350:1b5:ac83: ICMP6, echo reply, seq 5832, length 40
11:55:26.463581 IP6 2001:4860:800e::68 > 2001:470:8:d74:3009:b350:1b5:ac83: ICMP6, echo reply, seq 5832, length 40
11:55:26.463598 IP6 fe80::ac10:fffe > 2001:4860:800e::68: ICMP6, redirect, 2001:470:8:d74:3009:b350:1b5:ac83 to 2001:470:8:d74:3009:b350:1b5:ac83, length 136
11:55:26.463608 IP6 2001:4860:800e::68 > 2001:470:8:d74:3009:b350:1b5:ac83: ICMP6, echo reply, seq 5832, length 40
11:55:26.464281 IP6 fe80::d842:1602 > fe80::ac10:fffe: ICMP6, destination unreachable, beyond scope 2001:4860:800e::68, source address fe80::ac10:fffe, length 184
11:55:26.473416 IP6 2001:4860:800e::68 > 2001:470:8:d74:3009:b350:1b5:ac83: ICMP6, echo reply, seq 5832, length 40
11:55:26.473433 IP6 fe80::ac10:fffe > 2001:4860:800e::68: ICMP6, redirect, 2001:470:8:d74:3009:b350:1b5:ac83 to 2001:470:8:d74:3009:b350:1b5:ac83, length 136
11:55:26.473446 IP6 2001:4860:800e::68 > 2001:470:8:d74:3009:b350:1b5:ac83: ICMP6, echo reply, seq 5832, length 40
11:55:26.474014 IP6 fe80::d842:1602 > fe80::ac10:fffe: ICMP6, destination unreachable, beyond scope 2001:4860:800e::68, source address fe80::ac10:fffe, length 184

cholzhauer

You need an IPv6 address on eth1

It needs to be in the same subnet as the address of your Windows machine

hhoffman


ashemta

have you installed wide-dhcpv6/dhcp6s.conf?
if so can I please have the configuration

and / etc / network / interfaces
my case and quite similar to your

thank you