ipv6 network fail (newbie alert)

Nick Edwards nick.z.edwards at gmail.com
Wed Mar 6 23:59:30 CET 2013


traceroute now results in

1  * * *
 2  * * *
 3  * * *


trying to get out to the internet, which is better error than before :)



On 3/7/13, Nick Edwards <nick.z.edwards at gmail.com> wrote:
> You are correct about iptables, it is still showing rules FFS, I had
> to disable the firewall script and reboot, seems to have fixed  the
> LAN to LAN... no idea why it was not flushing...
>
> They all respond with multiple returns, but clients can still not
> access the Inet via the GW...
>
>
>
> On 3/7/13, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
>> Son it appears that NDP is disabled on your GW, or is not working, or has
>> the wrong address configured, or a cable went loose ;-)
>>
>> Can you do at least the "ping6 -I eth0 ff02::1%eth0" on the clients/GW
>> and
>> get multiple replies?
>>
>>> -----Original Message-----
>>> From: Nick Edwards [mailto:nick.z.edwards at gmail.com]
>>> Sent: mercredi 6 mars 2013 23:18
>>> To: Eric Vyncke (evyncke)
>>> Cc: ipv6-ops at lists.cluenet.de
>>> Subject: Re: ipv6 network fail (newbie alert)
>>>
>>> Hi,
>>> On GW response is empty
>>>
>>> on client
>>> ip -6 neigh show:
>>> 2001:470:XXX2:524::5 dev eth0  FAILED
>>>
>>> and I have no firewalls in debugging this all rules are flushed and set
>>> to
>>> accept
>>>
>>>
>>>
>>> On 3/6/13, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
>>> > At first sight, it seems OK (except that I usually uses RADVD so the
>>> > default route is a link-local and not a global)
>>> >
>>> > Can you do: "ip -6 neigh show" & "ip6tables -L" on client/gateway?
>>> >
>>> >> -----Original Message-----
>>> >> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de
>>> >> [mailto:ipv6-ops-
>>> >> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Nick Edwards
>>> >> Sent: mercredi 6 mars 2013 08:16
>>> >> To: ipv6-ops at lists.cluenet.de
>>> >> Subject: ipv6 network fail (newbie alert)
>>> >>
>>> >> Hi,
>>> >> Firstly, I'll admit I'm not expert with ipv6, but have been around in
>>> >> the
>>> >> ipv4 world for years. I have for a while been running a private
>>> >> ipv6 LAN at home using  fd0d:......./64  that worked  fine in my
>>> >> linux based LAN.
>>> >>
>>> >> So I set up a tunnel with HE, from the PC that connects which I'll
>>> >> call GW I can ping  the other end of tunnel and get out to the world
>>> >> using that machine directly.
>>> >>
>>> >> But now I have removed the private range on the 3 PC's, substituting
>>> >> it for the routed /64 range HE gives us (yes, the routed, not the
>>> >> tunnel's /64)
>>> >>
>>> >> The LAN does not respond on ipv6 address on any machine, no box on
>>> >> the LAN can reach any other box on the LAN using ipv6 nor access the
>>> >> internet via
>>> >> ipv6 (but do still work using NAT and  ipv4 if I down all
>>> >> ipv6) this is with the tunnel up or down.
>>> >>
>>> >> I am using static manually entered IP's as these are servers, so
>>> >> radvd and
>>> >> dhcp6 etc are not in use.
>>> >>
>>> >> I'll show the config for GW and one other PC (all PC's use linux)
>>> >> XXX1 will be the tunnel and XXX2  the routed /64 subnets
>>> >>
>>> >>
>>> >> GW:
>>> >>   (sysctl.conf)   net.ipv6.conf.all.forwarding=1
>>> >>
>>> >> he-ipv6   Link encap:IPv6-in-IPv4
>>> >>           inet6 addr: 2001:470:XXX1:524::2/64 Scope:Global
>>> >>           inet6 addr: fe80::a0a:91/128 Scope:Link
>>> >>
>>> >>
>>> >> eth0
>>> >>           inet6 addr: 2001:470:XXX2:524::5/64 Scope:Global
>>> >>           inet6 addr: fe80::211:50ff:fe08:2ad9/64 Scope:Link
>>> >>
>>> >> route table
>>> >> 2001:470:XXX1:524::/64 via :: dev he-ipv6  proto kernel  metric 256
>>> >> mtu
>>> >> 1480
>>> >> advmss 1420 hoplimit 0
>>> >> 2001:470:XXX2:524::/64 dev eth0  proto kernel  metric 256  mtu 1500
>>> >> advmss
>>> >> 1440 hoplimit 0
>>> >> fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480
>>> >> advmss
>>> >> 1420
>>> >> hoplimit 0
>>> >> fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440
>>> >> hoplimit
>>> >> 0 default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0
>>> >>
>>> >>
>>> >>
>>> >> On the second box
>>> >>
>>> >> eth0
>>> >>           inet6 addr: fe80::214:c2ff:fe0b:dccf/64 Scope:Link
>>> >>           inet6 addr: 2001:470:XXX2:524::6/64 Scope:Global
>>> >>
>>> >> and routing
>>> >> 2001:470:XXX2:524::/64 dev eth0  proto kernel  metric 256
>>> >> fe80::/64 dev eth0  proto kernel  metric 256
>>> >> ff00::/8 dev eth0  metric 256
>>> >> default via 2001:470:XXX2:524::5 dev eth0  metric 1024
>>> >>
>>> >>
>>> >> This is loaded from rc.ipv6 as:
>>> >>
>>> >> /usr/sbin/ip addr add 2001:470:XXX2:524::6/64 dev eth0 /usr/sbin/ip
>>> >> -6 route add default via 2001:470:XXX2:524::5 dev eth0
>>> >>
>>> >>
>>> >> I have also tried swapping the GW pc around to another box.
>>> >> PC's to world _or_ GW with ipv6 all result in:  Destination
>>> >> unreachable: Address unreachable
>>> >> Machines ping6'ing themselves do respond.
>>> >>
>>> >> I know this should work because I've set ipv6 on VPS's and upped them
>>> >> and set routes the same way
>>> >>
>>> >> Also interesting if its kernel fault being as to why the routed range
>>> >> wont work locally either when the private range does. I have another
>>> >> box on network setup same as second box with a diff IP of course, and
>>> >> suffers same fate, all boxes have been rebooted after each change to
>>> >> make sure there is no possible residue left over.
>>> >>
>>> >> Appreciate someone batting me with a clue stick, I'm sure the problem
>>> >> is very obvious, just not to me.
>>> >>
>>> >> Thanks
>>> >> Niki
>>> >
>>
>



More information about the ipv6-ops mailing list