• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

CentOS as router, does not route a subnet of /48

Started by Luigi Rosa, May 19, 2013, 10:54:23 PM

Previous topic - Next topic

Luigi Rosa

I am using a CentOS 6 64 bit as router.  eth0 is connected to Internet with dedicated IPv4 address, eth1 is on LAN

The tunnel of /64 IPv6 address block works fine on CentOS machine. I cannot route a /64 subnet of additional /48, the subnet is 2001:470:6b9c:1701::/64

HE tunnel is:

Server IPv4 Address:216.66.80.26
Server IPv6 Address:2001:470:1f08:203::1/64
Client IPv4 Address:62.123.164.113
Client IPv6 Address:2001:470:1f08:203::2/64
Routed IPv6 Prefixes
Routed /64:2001:470:1f09:203::/64
Routed /48: 2001:470:6b9c::/48

# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:1a:92:d3:84:f6 brd ff:ff:ff:ff:ff:ff
    inet 62.123.164.113/29 brd 62.123.164.119 scope global eth0
    inet6 2001:470:1f09:203::b16:b00b/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:92ff:fed3:84f6/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:1a:92:d3:94:6b brd ff:ff:ff:ff:ff:ff
    inet 10.19.67.254/24 brd 10.19.67.255 scope global eth1
    inet6 2001:470:6b9c:1701::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:92ff:fed3:946b/64 scope link
       valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
    link/sit 0.0.0.0 brd 0.0.0.0
5: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
    link/sit 62.123.164.113 peer 216.66.80.26
    inet6 2001:470:1f08:203::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::3e7b:a471/128 scope link
       valid_lft forever preferred_lft forever


# ip -6 route list
unreachable ::/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1f08:203::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:1f09:203::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:6b9c:1701::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295


From a Linux on LAN the traceroute to ipv6.google.com is blocked on Linux box:

traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2a00:1450:4001:806::1012) from 2001:470:6b9c:1701::cafe, 30 hops max, 24 byte packets
mail.luigirosa.com (2001:470:6b9c:1701::1)  0.125 ms  0.137 ms  0.088 ms
mail.luigirosa.com (2001:470:6b9c:1701::1)  0.09 ms !S  0.135 ms !S  0.094 ms !S



Any hint about this?

Thank you in advance

kasperd

Is packet forwarding enabled? Tryhead /proc/sys/net/ipv6/conf/*/forwarding

Do you have any firwall rules, which may be blocking the packets? Tryip6tables-save

Luigi Rosa

Quote from: kasperd on May 20, 2013, 02:26:29 AM
Is packet forwarding enabled? Tryhead /proc/sys/net/ipv6/conf/*/forwarding

Do you have any firwall rules, which may be blocking the packets? Tryip6tables-save

Packet worwarding is enabled.

The problem were some firewall rules I forgot to remove, thank you for the suggestion and apologies for the stupid mistake...


Ciao,
Luig