• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Route won't add.

Started by kroberts, January 06, 2009, 04:52:07 PM

Previous topic - Next topic

kroberts

Hi,

I can ping6 on my manually configured local address and on ::1.

I have a Windows 2003 running VMware Server.

The VMware guest host is Centos 4.6.  It is behind a Pix firewall, and has a static mapping from the public IP to a 192.168 address, meaning it has both a public and private address which goes to only this guest host.

Using the "ip" script, I get everything to run without an error.

Here's what I get:
ip -f inet6 addr
1: lo: <LOOPBACK,UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
    inet6 fe80::20c:29ff:fe78:47b/64 scope link
       valid_lft forever preferred_lft forever
4: he-ipv6@NONE: <POINTOPOINT,NOARP,UP> mtu 1480
    inet6 2001:470:1f10:54d::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a8:4e4/128 scope link
       valid_lft forever preferred_lft forever

eth0 <not shown/not relevant>
he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::c0a8:4e4/128 Scope:Link
          inet6 addr: 2001:470:1f10:54d::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:7812 (7.6 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:168 errors:0 dropped:0 overruns:0 frame:0
          TX packets:168 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9640 (9.4 KiB)  TX bytes:9640 (9.4 KiB)

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 eth0


ip -f inet6 route
2001:470:1f10:54d::/64 via :: dev he-ipv6  metric 256  expires 2133328sec mtu 1480 advmss 1420 hoplimit 64
fe80::/64 dev eth0  metric 256  expires 1959214sec mtu 1500 advmss 1440 hoplimit 64
fe80::/64 via :: dev he-ipv6  metric 256  expires 2133325sec mtu 1480 advmss 1420 hoplimit 64
ff00::/8 dev eth0  metric 256  expires 1959214sec mtu 1500 advmss 1440 hoplimit 1
ff00::/8 dev he-ipv6  metric 256  expires 2133325sec mtu 1480 advmss 1420 hoplimit 1
default dev he-ipv6  metric 1  expires 2133340sec mtu 1480 advmss 1420 hoplimit 64
default dev he-ipv6  metric 1024  expires 2133329sec mtu 1480 advmss 1420 hoplimit 64

I posted the public IP to tunnelbroker.net.

I can ping6 my host-local and global scope addresses, but not the link-local.  It said 'invalid argument.'

Would somebody give me a hand?

Thanks.

broquea

Ok so your network is:

ISP --> PIX --> Win2k3 --> CentOS

Does the PIX pass Protocol 41 (not port 41, the actual protocol) to hosts behind it?

Can you turn up the tunnel on the Win2k3 machine and see it work?

The IP you gave the broker was the IP from your provider configured on your PIX's WAN?

I'm not 100% familiar with Win2k3 but if there is an IPv6 packet forwarding option, is it set? (Like sysctl has for linux)

kroberts

Not exactly, and thanks for responding.

My network is:

ISP --> PIX --> 3550 (does internal routing) --> CentOS.

The Win2003 is hosting the VM, but the VM acts as though it is another host on the same network, not as though there were a virtual network inside the Win2003 box.  As far as I've ever been able to tell, a VMware guest configured like this is virtually indistinguishable from a separate piece of hardware.

The PIX should pass protocol 41 from the remote HE ipv4 into the local endpoint host, at least if my Cisco-speak is correct.

The IP I gave the broker was the IP my traffic will be seen to be coming from.  I have 192.168.x.y mapped to a.b.c.d with a static mapping, and that a.b.c.d address is what I gave to tunnelbroker.net.

kroberts

OK, I figured it out!

I had the network-object on the PIX as the local 192.168.x.y address, not as the a.b.c.d address.  I keep forgetting how those rules work.

I can now ping the remote endpoint.

Thanks, you got me on the right track!