• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Problems forwarding IPv6

Started by m6aUdS, September 05, 2011, 06:38:31 PM

Previous topic - Next topic

m6aUdS

Hello!

I am running a tunnel which is working great on my gateway (a Fedora machine). This is the same gateway I use for my LAN, forwarding normal IPv4.

The IPv6 is working on the gateway itself, but I can't seem to get it to forward packets from the inside. For example, if I ping6 ipv6.google.com from the gateway, it works great. If I ping6 from my LAN computers I get:
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms


Here is the ifconfig from the gateway:
em1       Link encap:Ethernet  HWaddr 00:0F:FE:79:28:0D 
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20f:feff:fe79:280d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29707956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42701868 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7941230004 (7.3 GiB)  TX bytes:54543885908 (50.7 GiB)
          Interrupt:19 Memory:f0500000-f0520000

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::cea7:b778/128 Scope:Link
          inet6 addr: 2001:470:1c:611::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:13071 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13127 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1853719 (1.7 MiB)  TX bytes:1155872 (1.1 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:330014 errors:0 dropped:0 overruns:0 frame:0
          TX packets:330014 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:57970421 (55.2 MiB)  TX bytes:57970421 (55.2 MiB)

p1p2      Link encap:Ethernet  HWaddr D8:5D:4C:80:9D:74 
          inet addr:206.167.X.X  Bcast:206.167.X.X  Mask:255.255.255.0
          inet6 addr: fe80::da5d:4cff:fe80:9d74/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43165500 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30138357 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:54684701476 (50.9 GiB)  TX bytes:7994396375 (7.4 GiB)
          Interrupt:20 Base address:0x6800

p1p3      Link encap:Ethernet  HWaddr 00:A1:B0:00:00:7B 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:16 Base address:0x1000

wlan0     Link encap:Ethernet  HWaddr E0:69:95:44:85:2E 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


Here is my ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      2001:470:1c:611::/64  anywhere                 

Chain OUTPUT (policy ACCEPT)
target     prot opt source


Here is my /etc/radvd.conf
# NOTE: there is no such thing as a working "by-default" configuration file.
#       At least the prefix needs to be specified.  Please consult the radvd.conf(5)
#       man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help.
#
#
interface em1
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix 2001:470:1c:611::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

};


Here is my /etc/sysctl.d/ipv6_forwarding.conf
net.ipv6.conf.all.forwarding = 1

I did
echo "1" >/proc/sys/net/ipv6/conf/all/forwarding
sudo sysctl -w net.ipv6.conf.all.forwarding=1


Now I dont really know what else to try...

Any idea?

Thank you!

cholzhauer

You need a public ipv6 address on the inside interface of your tunnel server

m6aUdS

Quote from: cholzhauer on September 05, 2011, 06:57:41 PM
You need a public ipv6 address on the inside interface of your tunnel server

Thank you for your answer!

Do I set any of my public /64 addresses to the internal interface statically? Or does it have to follow some rule?

cholzhauer

You can use any IP address you want from your routed /64.  If you have a /48, I would use an IP from a /64 in there instead.  Whatever it is, it has to be in the same subnet as the computers it's attached to

m6aUdS

I am still having problems :-(
I added a routed address to my internal interface and got the following:

em1       Link encap:Ethernet  HWaddr 00:0F:FE:79:28:0D 
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1c:611::3/64 Scope:Global
          inet6 addr: fe80::20f:feff:fe79:280d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15833070 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19381632 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7731819772 (7.2 GiB)  TX bytes:21748836952 (20.2 GiB)
          Interrupt:19 Memory:f0500000-f0520000

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::cea7:b778/128 Scope:Link
          inet6 addr: 2001:470:1c:611::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:5618 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5592 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:464320 (453.4 KiB)  TX bytes:458496 (447.7 KiB)

p1p2      Link encap:Ethernet  HWaddr D8:5D:4C:80:9D:74 
          inet addr:206.167.X.X  Bcast:206.167.183.255  Mask:255.255.255.0
          inet6 addr: fe80::da5d:4cff:fe80:9d74/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19422137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15853878 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21688426733 (20.1 GiB)  TX bytes:7662431160 (7.1 GiB)
          Interrupt:20 Base address:0xe800


As you can see, my tunnel is having:
inet6 addr: 2001:470:1c:611::2/64 Scope:Global

And my internal interface is having:
inet6 addr: 2001:470:1c:611::3/64 Scope:Global

The LAN computer I'm trying to forward has this ifconfig:
Quoteem1       Link encap:Ethernet  HWaddr F4:6D:04:34:92:2B 
          inet addr:192.168.0.184  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1c:611:f66d:4ff:fe34:922b/64 Scope:Global
          inet6 addr: fe80::f66d:4ff:fe34:922b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:515713 errors:0 dropped:0 overruns:0 frame:0
          TX packets:329319 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:723024695 (689.5 MiB)  TX bytes:30979452 (29.5 MiB)
          Interrupt:18 Memory:f7100000-f7120000

Which means radvd is working on the gateway, giving a good IPv6 address.

Here is a traceroute for ipv6.google.com from the gateway
Quotetraceroute to ipv6.google.com (2001:4860:800f::69), 30 hops max, 80 byte packets
1  2001:470:1c:611::1 (2001:470:1c:611::1)  13.226 ms  13.374 ms  14.053 ms
gige-g2-5.core1.tor1.he.net (2001:470:0:c0::1)  25.016 ms  25.042 ms  25.067 ms
3  2001:478:245:1::6 (2001:478:245:1::6)  13.928 ms  13.952 ms  13.975 ms
4  2001:4860::1:0:e38 (2001:4860::1:0:e38)  14.296 ms  14.452 ms  13.889 ms
5  2001:4860::8:0:2fc6 (2001:4860::8:0:2fc6)  29.911 ms  29.947 ms  28.774 ms
6  2001:4860::1:0:9ff (2001:4860::1:0:9ff)  34.939 ms  34.813 ms  35.892 ms
7  2001:4860:0:1::14d (2001:4860:0:1::14d)  36.041 ms  36.659 ms  36.671 ms
iad04s01-in-x69.1e100.net (2001:4860:800f::69)  36.249 ms  35.827 ms  35.821 ms

Seems it's exiting my network with 2001:470:1c:611::1, which is in my routed subnet, but I don't know this address, sry for the n00bness...

And finally, still my ping6 ipv6.google.com from my LAN...
QuotePING ipv6.google.com(iad04s01-in-x69.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 5999ms

I'm kind of mystified...  ???

Do you have an idea?

cholzhauer

You're using the wrong ip addresses....the ip range on your internal interface can't be the same as the ip range you use on your tunnel interface

m6aUdS

OH!
Thank you SO MUCH!

I did not notice my routed range was not the same as my endpoint!

Working perfectly now ^^

:D :D :D

ramsee