• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Trouble with routing 64 prefix in fedora

Started by joyfulmantis, April 19, 2015, 11:31:16 PM

Previous topic - Next topic

joyfulmantis

Hello all,

I have successfully set up the ipv6 tunnel on a fedora computer, however I am having trouble configuring it as a router to share the routed 64 prefix with another debian computer that is connected to it. The debian computer successfully picks up an ipv6 address in the right prefix, and a ping6 to ipv6.google.com seems to be successful, but on closer inspection, the traceroute6 ends on the fedora computer.

From my Tunnel Details page :
Server IPv6 Address:  2001:470:1f1a:232::1/64
Client IPv6 Address:  2001:470:1f1a:232::2/64
Routed /64:  2001:470:1f1b:232::/64

on the fedora computer (the one with working ipv6 tunnel):

> cat /etc/sysconfig/network-scripts/ifcfg-he-ipv6
DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes                   
IPV6INIT=yes
IPV6TUNNELIPV4=216.66.87.14
IPV6TUNNELIPV4LOCAL=192.168.1.35
IPV6ADDR=2001:470:1f1a:232::2/64


> cat /etc/sysconfig/network-scripts/ifcfg-Shared_Ethenet
TYPE=Ethernet
BOOTPROTO=shared
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME="Shared Ethenet"
UUID=c17fc19f-4464-4b0c-bcca-7125be7f782f
ONBOOT=yes
HWADDR=54:04:A6:20:9C:91
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
ZONE=internal


> cat /etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=he-ipv6
IPV6_DEFAULTGW=2001:470:1f1a:232::1
IPV6FORWARDING=yes


> cat /etc/radvd.conf
interface p5p1
{
   AdvSendAdvert on;
   prefix 2001:470:1f1b:232::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
};


> sudo ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:1f1b:232:5604:a6ff:fe20:9c91/64 scope global noprefixroute dynamic
       valid_lft 86257sec preferred_lft 14257sec
    inet6 fe80::5604:a6ff:fe20:9c91/64 scope link
       valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:1f1b:232:62d8:19ff:fe83:bd7b/64 scope global noprefixroute dynamic
       valid_lft 83636sec preferred_lft 11636sec
    inet6 fdec:233d:661c:cb00:62d8:19ff:fe83:bd7b/64 scope global noprefixroute dynamic
       valid_lft 7186sec preferred_lft 3586sec
    inet6 fe80::62d8:19ff:fe83:bd7b/64 scope link
       valid_lft forever preferred_lft forever
9: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
    inet6 2001:470:1f1a:232::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a8:123/64 scope link
       valid_lft forever preferred_lft forever


> ping6 -c 3 ipv6.google.com
PING ipv6.google.com(bud02s22-in-x0e.1e100.net) 56 data bytes
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=1 ttl=53 time=92.2 ms
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=2 ttl=53 time=92.6 ms
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=3 ttl=53 time=92.6 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 92.246/92.517/92.697/0.401 ms


> traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:400d:807::200e), 30 hops max, 80 byte packets
1  joyfulmantis-1.tunnel.tserv1.bud1.ipv6.he.net (2001:470:1f1a:232::1)  71.182 ms  71.026 ms  71.823 ms
2  ge4-20.core1.bud1.he.net (2001:470:0:2ba::1)  77.241 ms  77.143 ms  77.039 ms
3  2001:7f8:35::1:5169:1 (2001:7f8:35::1:5169:1)  76.434 ms  77.388 ms  78.495 ms
4  2001:4860::1:0:4487 (2001:4860::1:0:4487)  102.534 ms  103.845 ms  104.133 ms
5  2001:4860:0:1::bf (2001:4860:0:1::bf)  105.521 ms  106.378 ms  107.169 ms
6  bud02s22-in-x0e.1e100.net (2a00:1450:400d:807::200e)  108.249 ms  92.142 ms  93.064 ms


and on the debian computer (the one receiving the shared internet):

» sudo ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:1f1b:232:ed69:b5e0:b890:bbc8/64 scope global temporary dynamic
       valid_lft 86140sec preferred_lft 14140sec
    inet6 2001:470:1f1b:232:211:24ff:fe85:83fe/64 scope global mngtmpaddr noprefixroute dynamic
       valid_lft 86140sec preferred_lft 14140sec
    inet6 fe80::211:24ff:fe85:83fe/64 scope link
       valid_lft forever preferred_lft forever


» ping6 -c 3 ipv6.google.com
PING ipv6.google.com(sof01s12-in-x0e.1e100.net) 56 data bytes
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=245 ms
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=250 ms
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=3 ttl=56 time=281 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 245.833/259.243/281.651/15.946 ms


» traceroute ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:4017:803::200e), 30 hops max, 80 byte packets
1  2001:470:1f1b:232:5604:a6ff:fe20:9c91 (2001:470:1f1b:232:5604:a6ff:fe20:9c91)  0.580 ms  0.521 ms  0.482 ms
2  2001:470:1f1b:232:5604:a6ff:fe20:9c91 (2001:470:1f1b:232:5604:a6ff:fe20:9c91)  0.504 ms !X  0.481 ms !X  0.451 ms !X

joyfulmantis

So my problem as it turned out, was that the firewall on the fedora computer was blocking the ipv6 packets.
Allowing the ipv6 packets through with
sudo firewall-cmd --direct --add-rule ipv6 filter FWDI_internal_allow 0 -j ACCEPT made things start working (well I still have troubles with MTU, but thats a different issue)

special thanks to rm of #ipv6.freenode for helping me diagnose the problem, and Jeff Sadowski of Fedora forums who's solution ( http://forums.fedoraforum.org/archive/index.php/t-301894.html ) I used.