• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

why it just doesn't work?

Started by zhmhua, September 26, 2012, 07:16:01 PM

Previous topic - Next topic

zhmhua

my system is CentOS 6.2

Firstly, I enable the ICMP and put my host in the DMZ(my router does not have place to specify the 41 protocol).

I created my tunnel and followed the instruction:


me$ sudo ip tunnel add he-ipv6 mode sit remote 216.218.224.42 local 192.168.2.5 ttl 255
me$ sudo ip link set he-ipv6 up
me$ sudo ip addr add 2001:470:1f0e:1113::2/64 dev he-ipv6
me$ sudo ip route add ::/0 dev he-ipv6


and this is my ifconfig result:

he-ipv6   Link encap:IPv6-in-IPv4  
         inet6 addr: fe80::c0a8:205/128 Scope:Link
         inet6 addr: 2001:470:1f0e:1113::2/64 Scope:Global
         UP POINTOPOINT RUNNING NOARP  MTU:1472  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:3370 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 b)  TX bytes:345224 (337.1 KiB)

lo        Link encap:Local Loopback  
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:138 errors:0 dropped:0 overruns:0 frame:0
         TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:13220 (12.9 KiB)  TX bytes:13220 (12.9 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:1B:77:27:F7:9D  
         inet addr:192.168.2.5  Bcast:192.168.2.255  Mask:255.255.255.0
         inet6 addr: fe80::21b:77ff:fe27:f79d/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
         RX packets:143822 errors:0 dropped:0 overruns:0 frame:0
         TX packets:99503 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:143461793 (136.8 MiB)  TX bytes:11951462 (11.3 MiB)


everything seems ok till now, but...


me$ ping6 ipv6.google.com
PING ipv6.google.com(yx-in-x67.1e100.net) 56 data bytes


here is the tcpdump record when I was trying to ping6 google

me# tcpdump -i he-ipv6
tcpdump: WARNING: he-ipv6: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on he-ipv6, link-type RAW (Raw IP), capture size 65535 bytes
17:36:40.835081 IP6 zhmhua-1-pt.tunnel.tserv8.dal1.ipv6.he.net > yx-in-x68.1e100.net: ICMP6, echo request, seq 1, length 64
17:36:41.834629 IP6 zhmhua-1-pt.tunnel.tserv8.dal1.ipv6.he.net > yx-in-x68.1e100.net: ICMP6, echo request, seq 2, length 64
17:36:42.834605 IP6 zhmhua-1-pt.tunnel.tserv8.dal1.ipv6.he.net > yx-in-x68.1e100.net: ICMP6, echo request, seq 3, length 64
(repeat...)


I think the address was resolved successfully, but it is just not able to ping.
I have tried both the outside IP and the NAT IP, It made no difference.

Can you figure out what's wrong with my operation? or need I present more diagnostic information?

cholzhauer

Your router is probably blocking protocol 41

zhmhua

But I have put my host in the DMZ.

Quote from: cholzhauer on September 26, 2012, 07:35:43 PM
Your router is probably blocking protocol 41

cholzhauer

That doesn't matter.  Some routers/firewalls have a DMZ mode that's "broken" when it comes to protocol41.  The only thing you can do is try a packet capture and see what you can see.

zhmhua

I have updated the packet capture result from tcpdump, can you help me to see what the problem is?

Quote from: cholzhauer on September 27, 2012, 10:21:44 AM
That doesn't matter.  Some routers/firewalls have a DMZ mode that's "broken" when it comes to protocol41.  The only thing you can do is try a packet capture and see what you can see.

broquea

If you don't see inbound Protocol 41 packets in your PCAP, that is the problem :)

zhmhua

then can I have it solved?

Quote from: broquea on September 27, 2012, 02:56:45 PM
If you don't see inbound Protocol 41 packets in your PCAP, that is the problem :)

broquea

#7
get a new router. plenty of posts on here to find in a search that report routers that the tunnel can terminate on or behind. I terminated my HE tunnel on a D-Link DIR-825 until Comcast provided me with native IPv6.

nickbeee

#8
Zhmhua, Please tell us what your router is that is doing the NAT. Even though you are in a DMZ you are still behind NAT and some NAT firewalls explicitly block protocol 41. So do some Wireless LAN controllers.

Is it a real PC or is it running in a virtual machine?

Take a tcpdump of the ipv4 interface that the tunnel terminates on which appears to be wlan0. That's where the protocol-41 should be, not on the tunnel (ipv6) interface.
tcpdump -i wlan0
will probably be quite busy so you will need to filter it...
tcpdump -i wlan0 'proto 41'
will show only tunnel traffic.

If your interface complains about promiscuous mode because it's a wlan then try
tcpdump -p -i wlan0 'proto 41'

We are expecting to see outbound protocol-41 here.

Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.

zhmhua

I am sorry for the delay.
I am running on a real machine, and my router's brand is BELKIN. I don't fully understand what do you mean by "is doing the NAT", but I have tried all the commands as your suggestion, but no key word 'proto 41' was found.

It's very kind of you, thank you.

Quote from: nickbeee on September 29, 2012, 04:19:39 PM
Zhmhua, Please tell us what your router is that is doing the NAT. Even though you are in a DMZ you are still behind NAT and some NAT firewalls explicitly block protocol 41. So do some Wireless LAN controllers.

Is it a real PC or is it running in a virtual machine?

Take a tcpdump of the ipv4 interface that the tunnel terminates on which appears to be wlan0. That's where the protocol-41 should be, not on the tunnel (ipv6) interface.
tcpdump -i wlan0
will probably be quite busy so you will need to filter it...
tcpdump -i wlan0 'proto 41'
will show only tunnel traffic.

If your interface complains about promiscuous mode because it's a wlan then try
tcpdump -p -i wlan0 'proto 41'

We are expecting to see outbound protocol-41 here.