General IPv6 Topics > IPv6 on Linux & BSD & Mac

Can't remember

(1/3) > >>

gavsdavs:
I used btexact's broker for some years, they closed the service down, so I signed up the HE and got myself a tunnel.

I have a small ipv4 network which i want also to run ipv6 on, and route that traffic through a 6-in-4 gateway on a linux firewall.

I used the iproute2 solution, so I now have sit0 and he-ipv6 interfaces.

I'm transmitting frames, but getting nothing back. I can also see the ipv4 frames heading to the v4 address of the tunnel broker, but I'm not getting anything back.

What should I be looking for to diagnose this ?

I don't have an he-ipv6 or sit0 ip neighbours:
[root@router ~]#  ip -6 neigh show
fe80::210:a7ff:fe08:5db6 dev eth0 lladdr 00:10:a7:08:5d:b6 REACHABLE

amph:
after you log in you should look on the bottom left where it says 'example configs', hit that and then select the second one down 'linux-net-tool' and follow all thoes rules on your linux machine that is connected to the internet, then try to use ipv6 and try to ping the ipv6 ip of the he.net tunnel side.

that config will make sure you have the appropriate sit device..

amph

gavsdavs:
Yep, I have tried both net-tools and ip-route2 example configs.
I've also tried disabling ip6tables and just trying it with my firewall as the only access device, and I never get a single frame back from the tunnel broker.

Tunnel setup configs:
--------------------------------
#!/bin/sh
if ! [ -f /proc/net/if_inet6 ]
then echo "IPv6 is not installed!" 1>&2; exit 1; fi
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.80.26
sleep 2
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f08:13b::2/64
route -A inet6 add ::/0 gw fe80::a63:63fe dev sit1              (not sure about this one, I used to need it)
#route -A inet6 add 2000::/3 gw fe80::d579:1855 dev sit1
ifconfig eth0 inet6 add 2001:470:1f08:13b:207:95ff:fe05:92fc/64   (my "internal" interface)
route -A inet6 add ::/0 dev sit1
ifconfig sit1 inet6 add 2001:470:1f08:13b::2/64

- or even -

#ip tunnel add he-ipv6 mode sit remote 216.66.80.26 local 62.49.1.52 ttl 255
#ip link set he-ipv6 up
#ip addr add 2001:470:1f08:13b::2/64 dev he-ipv6
#ip addr add 2001:470:1f08:13b:207:95ff:fe05:92fc/64 dev eth0
#ip route add ::/0 dev he-ipv6
#ip -f inet6 addr
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

--------------------------------

This is ifconfig - lots of frames transmitted, no replies.
sit1      Link encap:IPv6-in-IPv4
          inet6 addr: 2001:470:1f08:13b::2/64 Scope:Global
          inet6 addr: fe80::a63:63fe/64 Scope:Link
          inet6 addr: fe80::a00:fe/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:19833 (19.3 KiB)

Is there a verbose way to setup the tunnel to check my configs ?

tcpdump (ppp0, host 216.66.80.26):
08:30:18.961494 IP 62.49.1.52 > 216.66.80.26: IP6 2001:470:1f08:13b:210:a7ff:fe08:5db6.36214 > 2001:740:c000:0:2d0:b7ff:fe74:2a8b.33437: UDP, length 40
08:30:18.971095 IP 62.49.1.52 > 216.66.80.26: IP6 2001:470:1f08:13b:210:a7ff:fe08:5db6.36217 > 2001:740:c000:0:2d0:b7ff:fe74:2a8b.33438: UDP, length 40
08:30:18.971141 IP 62.49.1.52 > 216.66.80.26: IP6 2001:470:1f08:13b:210:a7ff:fe08:5db6.36218 > 2001:740:c000:0:2d0:b7ff:fe74:2a8b.33439: UDP, length 40
08:30:18.971175 IP 62.49.1.52 > 216.66.80.26: IP6 2001:470:.1f08:13b:210:a7ff:fe08:5db6.36220 > 2001:740:c000:0:2d0:b7ff:fe74:2a8b.33440: UDP, length 40
08:30:18.971207 IP 62.49.1.52 > 216.66.80.26: IP6 2001:470:1f08:13b:210:a7ff:fe08:5db6.36221 > 2001:740:c000:0:2d0:b7ff:fe74:2a8b.33441: UDP, length 40

Frames going to your broker, nothing ever comes back.

If I change between iproute2 and net-tools methods I have to update both my ipv4 firewall and my ip6 firewall to correctly declare my external interfaces. I do this, but I never get anything back. I don't block anything on the firewall either.

broquea:
I've verified your config exists on the tunnel server.
I cannot ping either your ipv4 endpoint or your side of the /64 from the tunnel server.
Please paste the output of: route -A inet6 -n

amph:
correct me if i'm wrong (and maybe this is his problem) but the tunnel should be setup on a machine directly connected to the internet with a public routable ip address...

i havn't tried to set one of these up via nat yet but i'm not sure how nat would handle it since there are no ports to forward (though, icmp can be natted due to header ID's and the such....)

Navigation

[0] Message Index

[#] Next page

Go to full version