• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Cannot create tunnel - "IP is not ICMP pingable"

Started by exoomer, June 08, 2011, 12:24:39 PM

Previous topic - Next topic

exoomer

Hi, I've tried to create a new tunnel and check how's IPv6 working, but I'm getting an error message:
IP is not ICMP pingable. Please make sure ICMP is not blocked. If you are blocking ICMP, please allow 66.220.2.74 through your firewall.
I've tried to disable my antivirus firewall, but it didn't helped. I checked my router settings, but I found there that pinging is allowed => http://img585.imageshack.us/img585/2465/zomgs.jpg
I have a DSL connection. I'm conncted to my router with a cable and I have MAC filter on (don't know if it may cause problems?).

cholzhauer

Yeah, I'm unable to ping you either.

What OS are you running?  Is the Windows firewall disabled too?

The MAC filter only comes into play when wireless clients try and connect to your router.

johnpoz

That is a gateway device, ie modem/router device so I would assume you don't have some other nat device in front of it?  Which could cause you problems with pinging for sure.

You using a proxy?  That 95.103 address you list in your screenshot is your actual IP (should be able to verify that by looking on your routers wan status page)..  If your using a proxy its possible he site is seeing the wrong IP for your end point, etc.

Also since your behind a NAT router, does that router support forwarding of protocol 41?

exoomer

a/ Windows 7
b/ I dont know if there is another device in front of it, the only think I know, that I'm connected to my router with a cable a the router is connectec by a cable to the DSL in the wall
c/ I'm not using a proxy
d/ I don't know if my router is supporting this forwarding, do you know where/how could I find it?

johnpoz

#4
You would have to check the docs or the maker or maybe their forums to if it supports forwarding protocol 41, I would think there should be some sort setup for it on the router ui if it did, for example on a pfsense router.

But as mentioned already can not ping that public IP you listed in your screen shot.

PING 95.103.xx.xx (95.103.xx.xx) 56(84) bytes of data.
^C
--- 95.103.xx.xx ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4021ms

I snipped out the actual ip because I don't want to post such info that is not mine to post.  did you actually verify that is your public IP via the status of your wan on your router.  I see that you have it set to enable - but its not responding.  So your not going to be able to bring up a tunnel even if the router forwards protocol 41.  I don't have to forward it from my screenshot since the router is the actual endpoint of the tunnel.

But you need to work out why you can not ping your IP before you can even think of bringing up a tunnel.  Contact your ISP would be your best bet.. Try rebooting your router after you enabled it to allow ping.  You can then try say this site to see if you can ping it or not.

http://www.subnetonline.com/pages/network-tools/online-ping-ipv4.php





exoomer

#5
Wey, now I realized that I had my router firewall truned on. When I turned it off, everything is going good. My bad. Thx all.

And last question. I now created a tunnel, copied the Example Configuration to my CMD, everything went OK, but I'm still using my IPv4. How can I enable IPv6?

cholzhauer

What commands did you use to configure the tunnel?

Lets see the output of ipconfig /all

exoomer

I've copied this:
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 95.102.xxx.xxx 216.66.84.42
netsh interface ipv6 add address IP6Tunnel 2001:470:1f12:8f5::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f12:8f5::1

ipconfig /all:
http://img27.imageshack.us/img27/4686/ahojtentonapistamostane.jpg

cholzhauer

Ah.  You're behind NAT, so you need to adjust your commands

Remove what you did the other day and try this instead


netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.36 216.66.84.42
netsh interface ipv6 add address IP6Tunnel 2001:470:1f12:8f5::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f12:8f5::1

exoomer


cholzhauer

Try this


netsh int ipv6 delete interface IP6Tunnel

johnpoz

Did you determine how to forward protocol 41 to your inside box you want to setup the tunnel on?  You could try putting it in the DMZ of your router.  But that does not always mean it forward that protocol.

Good luck - but as mentioned since your behind a nat you need to use use the IP of your computer vs the public IP of your router.

Im curious what is the point of that allow ping setting if you had to turn off your firewall all together to allow it to work??  That makes NO sense at all to me.

whatsit

#12
Excellent, that did the trick.  Thanks much.
For the record I had to dmz my computer. then tell my firewall to let the ping through from tunnelbroker. not sure I really want to stay dmz'd all the time. but it is nice to see it working.

johnpoz

Well then you would need a router that supports forwarding of protocol 41, anything does iptables can do it.  For example any router running dd-wrt would work.. And better yet if your router was running dd-wrt you could have the router be the tunnel endpoint vs some box on the inside of your nat/gateway.