• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HE ipv6 tunnel desn't work on my Ubuntu 12.10 desktop behind NAT

Started by gbcbooks, July 12, 2013, 10:45:39 PM

Previous topic - Next topic

gbcbooks

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.1.151
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
iface eth0 inet6 static
        address 2001:470:19:c7d::254
        netmask 64

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:470:18:bf1::2
        netmask 64
        endpoint 216.218.221.6
        local 192.168.1.151
        ttl 255
        gateway 2001:470:18:bf1::1

as you can see , my Ubuntu 12.10 desktop is behind NAT
here is command ifconfig shown in the windows
eth0      Link encap:Ethernet  HWaddr 90:e6:ba:52:b9:9f 
          inet addr:192.168.1.151  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:470:19:c7d::254/64 Scope:Global
          inet6 addr: fe80::92e6:baff:fe52:b99f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:182111 errors:0 dropped:1 overruns:0 frame:0
          TX packets:198293 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:91400911 (91.4 MB)  TX bytes:29752170 (29.7 MB)

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::c0a8:197/128 Scope:Link
          inet6 addr: 2001:470:18:bf1::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3028 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:308456 (308.4 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6530 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6530 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:515564 (515.5 KB)  TX bytes:515564 (515.5 KB)

wlan0     Link encap:Ethernet  HWaddr 00:0f:02:b9:e1:7a 
          UP BROADCAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

i had have ufw disabled and opened iptables\ip6tables for all connection
iptables
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere   

ip6tables
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere 


yay, i got a dynamic public ip address from ISP, and i verified my public ip address was correctly filled into HE web, DMZ was opened for 192.168.1.151 already

now the problem is i can not ping the gateway HE give to me

PING 2001:470:18:bf1::1(2001:470:18:bf1::1) 56 data bytes
^C
--- 2001:470:18:bf1::1 ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 118943ms



it seems sending packets are fine but no receiving

do i  missed any things?

allen4names

You have an IPv6 address configured on your eth0 interface. You can either remove the three lines starting with 'iface eth0 inet6 static' or for a test enter the command 'sudo ip -6 addr flush dev eth0'. I should note that that command will get rid of both IPv6 address on your eth0 interface.

kasperd

Quote from: gbcbooks on July 12, 2013, 10:45:39 PMas you can see , my Ubuntu 12.10 desktop is behind NAT
Not all NAT devices can handle protocol 41. Some can handle it out of the box. Others require you to configure explicitly which device behind the NAT can use protocol 41. And some NAT devices cannot handle it at all.

If you have a traceroute command with support for protocol 41, you can use that to find out how far your protocol 41 packets can make it.traceroute -n -P 41 216.218.221.6

allen4names

Quote from: kasperd on July 14, 2013, 11:16:04 AM
If you have a traceroute command with support for protocol 41, you can use that to find out how far your protocol 41 packets can make it.traceroute -n -P 41 216.218.221.6

Needs to be run with elevated privileges so use the 'sudo' command. For example...sudo traceroute -n -P 41 tserv1.sea1.he.net