Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: CentOS as router, does not route a subnet of /48  (Read 4496 times)

Luigi Rosa

  • Newbie
  • *
  • Posts: 3
    • Siamo Geek
CentOS as router, does not route a subnet of /48
« on: May 19, 2013, 10:54:23 PM »

I am using a CentOS 6 64 bit as router.  eth0 is connected to Internet with dedicated IPv4 address, eth1 is on LAN

The tunnel of /64 IPv6 address block works fine on CentOS machine. I cannot route a /64 subnet of additional /48, the subnet is 2001:470:6b9c:1701::/64

HE tunnel is:

Server IPv4 Address:216.66.80.26
Server IPv6 Address:2001:470:1f08:203::1/64
Client IPv4 Address:62.123.164.113
Client IPv6 Address:2001:470:1f08:203::2/64
Routed IPv6 Prefixes
Routed /64:2001:470:1f09:203::/64
Routed /48: 2001:470:6b9c::/48

# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:1a:92:d3:84:f6 brd ff:ff:ff:ff:ff:ff
    inet 62.123.164.113/29 brd 62.123.164.119 scope global eth0
    inet6 2001:470:1f09:203::b16:b00b/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:92ff:fed3:84f6/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:1a:92:d3:94:6b brd ff:ff:ff:ff:ff:ff
    inet 10.19.67.254/24 brd 10.19.67.255 scope global eth1
    inet6 2001:470:6b9c:1701::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:92ff:fed3:946b/64 scope link
       valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
    link/sit 0.0.0.0 brd 0.0.0.0
5: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
    link/sit 62.123.164.113 peer 216.66.80.26
    inet6 2001:470:1f08:203::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::3e7b:a471/128 scope link
       valid_lft forever preferred_lft forever


# ip -6 route list
unreachable ::/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1f08:203::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:1f09:203::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:6b9c:1701::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295


From a Linux on LAN the traceroute to ipv6.google.com is blocked on Linux box:

traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2a00:1450:4001:806::1012) from 2001:470:6b9c:1701::cafe, 30 hops max, 24 byte packets
 1  mail.luigirosa.com (2001:470:6b9c:1701::1)  0.125 ms  0.137 ms  0.088 ms
 2  mail.luigirosa.com (2001:470:6b9c:1701::1)  0.09 ms !S  0.135 ms !S  0.094 ms !S



Any hint about this?

Thank you in advance
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 952
Re: CentOS as router, does not route a subnet of /48
« Reply #1 on: May 20, 2013, 02:26:29 AM »

Is packet forwarding enabled? Try
Code: [Select]
head /proc/sys/net/ipv6/conf/*/forwarding
Do you have any firwall rules, which may be blocking the packets? Try
Code: [Select]
ip6tables-save
Logged

Luigi Rosa

  • Newbie
  • *
  • Posts: 3
    • Siamo Geek
Re: CentOS as router, does not route a subnet of /48 [SOLVED]
« Reply #2 on: May 20, 2013, 05:00:13 AM »

Is packet forwarding enabled? Try
Code: [Select]
head /proc/sys/net/ipv6/conf/*/forwarding
Do you have any firwall rules, which may be blocking the packets? Try
Code: [Select]
ip6tables-save

Packet worwarding is enabled.

The problem were some firewall rules I forgot to remove, thank you for the suggestion and apologies for the stupid mistake...


Ciao,
Luig
Logged