• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

tunnel blocking irc ports.

Started by burnout, April 26, 2012, 05:51:27 PM

Previous topic - Next topic


Quote from: lattera on May 10, 2012, 05:56:00 PMBut a TCP traceroute to port 6667 doesn't work.
Where is the output? Would be nice to compare those outputs with different port numbers.

Additionally it would be useful to see a tcpdump of a TCP traceroute where it is the IPv4 TTL that is varied instead of the IPv6 TTL. Such thing is almost fully supported in my IPv6 stack, but I don't know if any other software have such features. You can however do the same thing manually as follows:
1. Start tcpdump with a command similar to: tcpdump -pni eth0 'proto 41' -s0 -Uw dumpfile
2. Ensure the 6in4 packets have TTL 1 as they leave your gateway. For example this can be done with iptables: tcpdump -t mangle -I OUTPUT -p 41 -j TTL --ttl-set 1
3. Attempt to connect to TCP port 6667 and 80 on the same remote IPv6 address using any tool (for example nc or telnet).
4. Repeat from step 2 with TTL 2, etc.

The tcpdump man page has a fat warning against using --ttl-set. That is because --ttl-set can potentially increase the TTL. However since iptables does not have a safe variant, that would have been appropriate for this particular usage, I think you should go with it anyway. Just remember to remove those iptables rules once you are done.


I had a similar issue, I had achieved the sage level, hit the unblock option, but still was unable to use IRC using my tunnel over ipv6.

My tunnel dated back from 2010 or 2011. After a lot of struggle, I decided to delete my old tunnel and create a new one. I created a completely identical tunnel, only changed the settings on my side to match the new tunnel settings... and after unblocking irc on my new tunnel, irc worked instantly.

@HE: there is really something wrong with old tunnels and unblocking IRC. Obviously, something is still being filtered there.