ipv6 network fail (newbie alert)
Nick Edwards
nick.z.edwards at gmail.com
Wed Mar 6 23:55:05 CET 2013
You are correct about iptables, it is still showing rules FFS, I had
to disable the firewall script and reboot, seems to have fixed the
LAN to LAN... no idea why it was not flushing...
They all respond with multiple returns, but clients can still not
access the Inet via the GW...
On 3/7/13, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
> Son it appears that NDP is disabled on your GW, or is not working, or has
> the wrong address configured, or a cable went loose ;-)
>
> Can you do at least the "ping6 -I eth0 ff02::1%eth0" on the clients/GW and
> get multiple replies?
>
>> -----Original Message-----
>> From: Nick Edwards [mailto:nick.z.edwards at gmail.com]
>> Sent: mercredi 6 mars 2013 23:18
>> To: Eric Vyncke (evyncke)
>> Cc: ipv6-ops at lists.cluenet.de
>> Subject: Re: ipv6 network fail (newbie alert)
>>
>> Hi,
>> On GW response is empty
>>
>> on client
>> ip -6 neigh show:
>> 2001:470:XXX2:524::5 dev eth0 FAILED
>>
>> and I have no firewalls in debugging this all rules are flushed and set
>> to
>> accept
>>
>>
>>
>> On 3/6/13, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
>> > At first sight, it seems OK (except that I usually uses RADVD so the
>> > default route is a link-local and not a global)
>> >
>> > Can you do: "ip -6 neigh show" & "ip6tables -L" on client/gateway?
>> >
>> >> -----Original Message-----
>> >> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de
>> >> [mailto:ipv6-ops-
>> >> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Nick Edwards
>> >> Sent: mercredi 6 mars 2013 08:16
>> >> To: ipv6-ops at lists.cluenet.de
>> >> Subject: ipv6 network fail (newbie alert)
>> >>
>> >> Hi,
>> >> Firstly, I'll admit I'm not expert with ipv6, but have been around in
>> >> the
>> >> ipv4 world for years. I have for a while been running a private
>> >> ipv6 LAN at home using fd0d:......./64 that worked fine in my
>> >> linux based LAN.
>> >>
>> >> So I set up a tunnel with HE, from the PC that connects which I'll
>> >> call GW I can ping the other end of tunnel and get out to the world
>> >> using that machine directly.
>> >>
>> >> But now I have removed the private range on the 3 PC's, substituting
>> >> it for the routed /64 range HE gives us (yes, the routed, not the
>> >> tunnel's /64)
>> >>
>> >> The LAN does not respond on ipv6 address on any machine, no box on
>> >> the LAN can reach any other box on the LAN using ipv6 nor access the
>> >> internet via
>> >> ipv6 (but do still work using NAT and ipv4 if I down all
>> >> ipv6) this is with the tunnel up or down.
>> >>
>> >> I am using static manually entered IP's as these are servers, so
>> >> radvd and
>> >> dhcp6 etc are not in use.
>> >>
>> >> I'll show the config for GW and one other PC (all PC's use linux)
>> >> XXX1 will be the tunnel and XXX2 the routed /64 subnets
>> >>
>> >>
>> >> GW:
>> >> (sysctl.conf) net.ipv6.conf.all.forwarding=1
>> >>
>> >> he-ipv6 Link encap:IPv6-in-IPv4
>> >> inet6 addr: 2001:470:XXX1:524::2/64 Scope:Global
>> >> inet6 addr: fe80::a0a:91/128 Scope:Link
>> >>
>> >>
>> >> eth0
>> >> inet6 addr: 2001:470:XXX2:524::5/64 Scope:Global
>> >> inet6 addr: fe80::211:50ff:fe08:2ad9/64 Scope:Link
>> >>
>> >> route table
>> >> 2001:470:XXX1:524::/64 via :: dev he-ipv6 proto kernel metric 256
>> >> mtu
>> >> 1480
>> >> advmss 1420 hoplimit 0
>> >> 2001:470:XXX2:524::/64 dev eth0 proto kernel metric 256 mtu 1500
>> >> advmss
>> >> 1440 hoplimit 0
>> >> fe80::/64 via :: dev he-ipv6 proto kernel metric 256 mtu 1480
>> >> advmss
>> >> 1420
>> >> hoplimit 0
>> >> fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440
>> >> hoplimit
>> >> 0 default dev he-ipv6 metric 1024 mtu 1480 advmss 1420 hoplimit 0
>> >>
>> >>
>> >>
>> >> On the second box
>> >>
>> >> eth0
>> >> inet6 addr: fe80::214:c2ff:fe0b:dccf/64 Scope:Link
>> >> inet6 addr: 2001:470:XXX2:524::6/64 Scope:Global
>> >>
>> >> and routing
>> >> 2001:470:XXX2:524::/64 dev eth0 proto kernel metric 256
>> >> fe80::/64 dev eth0 proto kernel metric 256
>> >> ff00::/8 dev eth0 metric 256
>> >> default via 2001:470:XXX2:524::5 dev eth0 metric 1024
>> >>
>> >>
>> >> This is loaded from rc.ipv6 as:
>> >>
>> >> /usr/sbin/ip addr add 2001:470:XXX2:524::6/64 dev eth0 /usr/sbin/ip
>> >> -6 route add default via 2001:470:XXX2:524::5 dev eth0
>> >>
>> >>
>> >> I have also tried swapping the GW pc around to another box.
>> >> PC's to world _or_ GW with ipv6 all result in: Destination
>> >> unreachable: Address unreachable
>> >> Machines ping6'ing themselves do respond.
>> >>
>> >> I know this should work because I've set ipv6 on VPS's and upped them
>> >> and set routes the same way
>> >>
>> >> Also interesting if its kernel fault being as to why the routed range
>> >> wont work locally either when the private range does. I have another
>> >> box on network setup same as second box with a diff IP of course, and
>> >> suffers same fate, all boxes have been rebooted after each change to
>> >> make sure there is no possible residue left over.
>> >>
>> >> Appreciate someone batting me with a clue stick, I'm sure the problem
>> >> is very obvious, just not to me.
>> >>
>> >> Thanks
>> >> Niki
>> >
>
More information about the ipv6-ops
mailing list