| View previous topic :: View next topic |
| Author |
Message |
lalebarde
Guru
Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne
|
 Posted: Wed Mar 27, 2013 3:57 pm Post subject: ipv6 set-up |
 |
|
Hi all,
I am willing to set-up my PC for using ipv6, since my ISP provides it. I have performed some homeworks about ipv6, but I wonder why I cannot ping6 at my local address (the firewall is full ACCEPT).
| Code: | # ping6 fe80::8626:3bff:fe19:f562/64
unknown host
# ping6 fe80::9097:c3ff:fe7c:4204/64
unknown host
# ping6 fe80::9051:5bff:feb4:ab6a/64
unknown host |
I need some insight please.
Here is my set-up :
| Code: |
Internet ----- ADSL modem/router ----- eth0 PC1 qtap0 ----- br0 ----- em0 VPC2
FreeBox | Gentoo qemu FreeBSD
|
|-- eth0 PC2 Gentoo |
| Code: | # dmesg | grep -i ipv6
[ 1.143219] IPv6 over IPv4 tunneling driver
[ 37.096994] br0: no IPv6 routers present
[ 37.240773] eth0: no IPv6 routers present
[ 44.492819] qtap0: no IPv6 routers present
[ 4307.330342] br0: no IPv6 routers present
[ 4307.713438] qtap0: no IPv6 routers present
[ 4382.463953] br0: no IPv6 routers present
[ 4454.803635] qtap0: no IPv6 routers present |
| Code: | # grep -i ipv6 .config
CONFIG_IPV6=y
# CONFIG_IPV6_PRIVACY is not set
# CONFIG_IPV6_ROUTER_PREF is not set
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
# CONFIG_IPV6_MIP6 is not set
CONFIG_IPV6_SIT=y
# CONFIG_IPV6_SIT_6RD is not set
CONFIG_IPV6_NDISC_NODETYPE=y
# CONFIG_IPV6_TUNNEL is not set
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IPV6_MROUTE is not set
# IPv6: Netfilter Configuration
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y |
| Code: | # cat /etc/conf.d/net | nocomment
dns_domain_lo="MAISON"
modules="iproute2"
bridge_br0="qtap0"
brctl_br0="setfd 0"
rc_need_br0="net.qtap0"
config_eth0="192.168.0.10/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="212.27.40.240 212.27.40.241"
config_br0="192.168.99.1/24"
config_qtap0="null"
tuntap_qtap0="tap"
tunctl_qtap0="-u alain"
mac_qtap0="02:5a:4b:3c:2d:1e"
modules="wpa_supplicant"
wpa_supplicant_eth0="-Dwext"
config_wlan0=( "dhcp" ) |
| Code: | # ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.99.1 netmask 255.255.255.0 broadcast 192.168.99.255
inet6 fe80::9097:c3ff:fe7c:4204 prefixlen 64 scopeid 0x20<link>
ether 92:51:5b:b4:ab:6a txqueuelen 0 (Ethernet)
RX packets 39878 bytes 2444674 (2.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 56808 bytes 78151328 (74.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::8626:3bff:fe19:f562 prefixlen 64 scopeid 0x20<link>
ether 84:26:3b:19:f5:62 txqueuelen 1000 (Ethernet)
RX packets 3 bytes 314 (314.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 568 (568.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Boucle locale)
RX packets 172221 bytes 9795894 (9.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172221 bytes 9795894 (9.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
qtap0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::9051:5bff:feb4:ab6a prefixlen 64 scopeid 0x20<link>
ether 92:51:5b:b4:ab:6a txqueuelen 500 (Ethernet)
RX packets 39878 bytes 3002966 (2.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 63989 bytes 78623930 (74.9 MiB)
TX errors 0 dropped 0 overruns 1 carrier 0 collisions 0
sit0: flags=193<UP,RUNNING,NOARP> mtu 1480
inet6 ::127.0.0.1 prefixlen 96 scopeid 0x90<compat,host>
inet6 ::192.168.99.1 prefixlen 96 scopeid 0x80<compat,global>
inet6 ::192.168.0.10 prefixlen 96 scopeid 0x80<compat,global>
sit txqueuelen 0 (IPv6-dans-IPv4)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 5 dropped 0 overruns 0 carrier 0 collisions 0 |
| Code: | # uname -a
Linux JANUS 2.6.37-tuxonice #10 SMP PREEMPT Mon Jan 21 12:41:58 CET 2013 x86_64 Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz GenuineIntel GNU/Linux |
|
|
| Back to top |
|
 |
kurly
Apprentice
Joined: 02 Apr 2012
Posts: 260
|
| Posted: Wed Mar 27, 2013 6:17 pm Post subject: |
|
|
The fe80 addresses are "Link Local" and are not your public IPs. It seems that none of your interfaces have an actual public IPv6 IP associated with them.
If you really just want to see a ping go through, try ping6 fe80::8626:3bff:fe19:f562%eth0 (You will not have to append an interface name on a public IP.) |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54805
Location: 56N 3W
|
| Posted: Wed Mar 27, 2013 7:41 pm Post subject: |
|
|
lalebarde,
How do you get a public IPv6 address?
Your IPv4 setup is all static, do you need to add IPv6 addresses to it?
| Code: | modules="iproute2"
# baselayout 2
# no brackets for baselayout2
config_eth0="212.110.180.12/24
2001:41c8:123:112::2/64"
routes_eth0="default via 212.110.180.254
default via 2001:41c8:123:112::1" |
Most providers allocate users a /64, which is the square of the entire IPv4 address space.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
lalebarde
Guru
Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne
|
| Posted: Fri Mar 29, 2013 4:19 pm Post subject: |
|
|
Thanks both of you. I progress, but when I connect to ipv6 test servers like http://test-ipv6.com/, it tels me | Quote: | | No IPv6 address detected |
| Code: | # cat /etc/conf.d/net | nocomment
dns_domain_lo="MAISON"
modules="iproute2"
bridge_br0="qtap0"
brctl_br0="setfd 0"
rc_need_br0="net.qtap0"
config_eth0="192.168.0.10/24
xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465/64
xxxx:xxxx:xxxx:xxxx::0:10/64"
routes_eth0="default via 192.168.0.1
xxxx:xxxx:xxxx:xxxx::1/64"
dns_servers_eth0="212.27.40.240
212.27.40.241
2a01:e00::1
2a01:e00::2"
config_br0="192.168.99.1/24
xxxx:xxxx:xxxx:xxxx:9251:5bff:feb4:ab6a/64"
mac_br0="92:51:5b:b4:ab:6a"
config_qtap0="null"
tuntap_qtap0="tap"
tunctl_qtap0="-u alain"
mac_qtap0="02:5a:4b:3c:2d:1e"
modules="wpa_supplicant"
wpa_supplicant_eth0="-Dwext"
config_wlan0=( "dhcp" ) |
| Code: | # ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::862b:2bff:fe99:f465 prefixlen 64 scopeid 0x20<link>
inet6 xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465 prefixlen 64 scopeid 0x0<global>
inet6 xxxx:xxxx:xxxx:xxxx::10 prefixlen 64 scopeid 0x0<global>
ether 84:2b:2b:99:f4:65 txqueuelen 1000 (Ethernet)
RX packets 2183 bytes 1326364 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2218 bytes 308806 (301.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Boucle locale)
RX packets 4011 bytes 255667 (249.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4011 bytes 255667 (249.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
When I switch-off ip6tables, ping6 fe80::862b:2bff:fe99:f465%eth0 works, but not ping6 xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465%eth0
My ISP is well configured onto ipv6.
What do I miss ? |
|
| Back to top |
|
|
lalebarde
Guru
Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne
|
| Posted: Fri Mar 29, 2013 5:09 pm Post subject: |
|
|
I can see in dmesg that : | Quote: | | IPv6 over IPv4 tunneling driver |
which may be my problem. How can I desactivate it to use my ISP ipv6 support ? |
|
| Back to top |
|
|
lalebarde
Guru
Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne
|
| Posted: Sat Mar 30, 2013 2:17 pm Post subject: |
|
|
That was due to CONFIG_IPV6_SIT in the kernel. Here is my new setting : | Code: | # egrep -i "ipv6|ip6" .config
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
# CONFIG_IPV6_ROUTER_PREF is not set
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
# CONFIG_IPV6_MIP6 is not set
# CONFIG_IPV6_SIT is not set
# CONFIG_IPV6_TUNNEL is not set
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IPV6_MROUTE is not set
# IPv6: Netfilter Configuration
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
# CONFIG_IP6_NF_QUEUE is not set
CONFIG_IP6_NF_IPTABLES=y
# CONFIG_IP6_NF_MATCH_AH is not set
# CONFIG_IP6_NF_MATCH_EUI64 is not set
# CONFIG_IP6_NF_MATCH_FRAG is not set
CONFIG_IP6_NF_MATCH_OPTS=m
# CONFIG_IP6_NF_MATCH_HL is not set
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
# CONFIG_IP6_NF_MATCH_MH is not set
# CONFIG_IP6_NF_MATCH_RT is not set
# CONFIG_IP6_NF_TARGET_HL is not set
CONFIG_IP6_NF_TARGET_LOG=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y
# CONFIG_IP6_NF_RAW is not set
# CONFIG_IP6_NF_SECURITY is not set |
External ipv6 test servers like http://ipv6-test.com/ or http://test-ipv6.com/ still see me as only ipv4. I contacted my ISP. They confirmed me my box version is compatible with ipv6 and configured so, but they are still in beta for ipv6 and then they do not provide support for it.
When I switch off the ipchain, I can ping6 ipv6 local address, but not global ones : | Code: | # ping6 xxxx:xxxx:xxxx:xxxx:862b:2bff:fe99:f465%eth0
unknown host
# ping6 fe80::862b:2bff:fe99:f465%eth0
PING fe80::862b:2bff:fe99:f465%eth0(fe80::862b:2bff:fe99:f465) 56 data bytes
64 bytes from fe80::862b:2bff:fe99:f465: icmp_seq=1 ttl=64 time=0.029 ms
64 bytes from fe80::862b:2bff:fe99:f465: icmp_seq=2 ttl=64 time=0.048 ms
^C
--- fe80::862b:2bff:fe99:f465%eth0 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.029/0.038/0.048/0.011 ms |
With ipchain, ping6 do not answer. How could I authorise local ping6 while still blocking ping from the web ? I tried the following, but without success : | Code: | | ip6tables -I INPUT 1 -p icmp -s xxxx:xxxx:xxxx:xxxx::/64 -j ACCEPT |
|
|
| Back to top |
|
|
lalebarde
Guru
Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne
|
| Posted: Sun Mar 31, 2013 9:35 am Post subject: |
|
|
I called again my ISP and they confirmed me my box is well configured with ipv6. The point is that browsers and other software may by default use ipv4. So, they are not a good diagnostic source. I checked my Firefox and Opera settings, they both authorise ipv6. I installed a Firefox pluggin named Sixornot which tells me if a web site works with ipv6 or ipv4. Here I can see that I can connect to them with ipv6.
My problem is that I am still a network newbbie and have sticked to ping. Here is a traceroute result from http://www.traceroute.org/
| Code: | 1 wblindix.v6.sdv.fr 2001:810:0:2::ff 4.821 ms
2 border-gateway1.v6.sdv.fr 2001:810:0:10::226 0.932 ms
3 border-gateway2.v6.sdv.fr 2001:810:0:10::227 1.622 ms
4 2001:1b48:2:103::16d 2001:1b48:2:103::16d 0.885 ms
5 2001:1b48:2:3::5a 2001:1b48:2:3::5a 8.097 ms
6 2001:1b48:2:3::56 2001:1b48:2:3::56 8.073 ms
7 th2-crs16-1-Te1-8-0-7.routers.proxad.net 2001:1b48:2:1::6 8.568 ms
8 bzn-crs16-1-be2000.intf.routers.proxad.net 2a01:e00:1:6::1 8.536 ms
9 zzzz:yyyy:yyyy:yyyy::2 zzzz:yyyy:yyyy:yyyy::2 8.275 ms
10 zzzz:xxxx:xxxx:xxxx::1 zzzz:xxxx:xxxx:xxxx::1 45.895 ms |
It reaches my modem (zzzz:xxxx:xxxx:xxxx::1), but not my PC (zzzz:xxxx:xxxx:xxxx::9).
Still, if someone can enlight me on the way to authorise local ping6 & icmp in ip6tables..... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
