|
to mattvmotas
Re: IPv6 betaTx Matt fro your response. I did remove teredo on both a vista ultimate and a 7 machine but the problem remains. I have no NATIVE ipv6 connection... The person who could REALLY help me HAS SUCCESSFULLY flashed DD-WRT on his router and has native Ipv6 working on TSI dsl ... everything else is not going to help unless I can ascertain that the flashing on my router was worth it or not...
from IPv6 test site: "No IPv6 address detected [more info]
You appear to be able to browse the IPv4 Internet only. You will not be able to reach IPv6-only sites.
Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.
Thanks again
DCW |
|
mattvmotas Premium Member join:2010-09-04 Amherstburg, ON |
Yeah, mine is working with Cisco gear, so I'm not sure on the DD-WRT setup. I have WRT54G running DD-WRT but it is just for wireless AP so no radvd running. said by didcrywolf:Tx Matt fro your response. I did remove teredo on both a vista ultimate and a 7 machine but the problem remains. I have no NATIVE ipv6 connection... The person who could REALLY help me HAS SUCCESSFULLY flashed DD-WRT on his router and has native Ipv6 working on TSI dsl ... everything else is not going to help unless I can ascertain that the flashing on my router was worth it or not...
from IPv6 test site: "No IPv6 address detected [more info]
You appear to be able to browse the IPv4 Internet only. You will not be able to reach IPv6-only sites.
Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.
Thanks again
DCW |
|
isocat join:2012-06-03 Toronto, ON |
isocat
Member
2012-Jun-12 5:37 pm
Hello, I am having a bit of trouble getting my network working with IPv6, and I was wondering if someone can point me in the right direction.
I am running OpenWRT (Backfire 10.03) on a WRT54GL router.
I am able to ping6 ipv6.google.com from the router, but not from the host:
$ ping6 ipv6.google.com PING6(56=40+8+8 bytes) 2607:f2c0:a000:xxxx:xxxx:f2ff:fe02:xxxx --> 2001:4860:4008:802::1011 Request timeout for icmp_seq=0 Request timeout for icmp_seq=1 Request timeout for icmp_seq=2
My host gets an IPv6 address, and can ping6 the LL address of the LAN interface on the router.
I am unable to access any IPv6 pages from the host.
This does not seem to be firewall related as opening up the firewall (ip6tables -F) has no effect.
It seems that the router is not passing IPv6 traffic from the LAN to the WAN...?
Config (abridged):
root@DeltaNet:/etc/config# cat /proc/sys/net/ipv6/conf/all/forwarding 1
Network: config 'interface' 'lan' option 'type' 'bridge' option 'ifname' 'eth0.0' option 'proto' 'static' option 'ipaddr' '192.168.242.241' option 'netmask' '255.255.255.240' option 'ip6addr' '2607:f2c0:a000:xxxx::/64' option 'mtu' 1452
config 'interface' 'wan' option 'ifname' 'eth0.1' option 'proto' 'pppoe' option 'password' 'xxx' option 'username' 'xxx@hsiservice.net' option 'mtu' 1452 option 'ipv6' '1' option 'ip6addr' '2607:f2c0:f00f:xxxx::/56'
Radvd: config interface option interface 'lan' option AdvSendAdvert 1 option AdvManagedFlag 0 option AdvOtherConfigFlag 0 list client '' option ignore 0 option AdvLinkMTU 1452
config prefix option interface 'lan' option prefix '2607:f2c0:a000:xxxx::/64' option AdvOnLink 1 option AdvAutonomous 1 option AdvRouterAddr 0 option ignore 0
Running a traceroute to ipv6.google.com from the host returns this:
$ traceroute6 ipv6.google.com traceroute6 to ipv6.l.google.com (2001:4860:4008:802::1011) from 2607:f2c0:a000:xxxx:xxxx:f2ff:fe02:xxxx, 64 hops max, 12 byte packets 1 2607:f2c0:a000:xxxx:: 0.711 ms !N 0.695 ms !N 0.448 ms !N
And running a traceroute to ipv6.google.com from the router returns this (is this because it isn't traceroute6? And if so, does anyone know how to perform an IPv6 traceroute from OpenWRT?:
traceroute to ipv6.google.com (2001:4860:4008:802::1011), 30 hops max, 38 byte packets 1traceroute: sendto: Invalid argument
And finally, the routing table on the router looks like this:
root@DeltaNet:/etc/config# ip -6 route 2607:f2c0:a000:xxxx::/64 dev br-lan metric 256 mtu 1452 advmss 1392 2607:f2c0:f00f:xxxx::/56 dev pppoe-wan metric 256 mtu 1452 advmss 1392 fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1392 fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1392 fe80::/64 dev eth0.1 metric 256 mtu 1452 advmss 1392 fe80::/64 dev br-lan metric 256 mtu 1452 advmss 1392 fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440 fe80::/64 dev pppoe-wan metric 256 mtu 1452 advmss 1392 fe80::/10 dev pppoe-wan metric 1 mtu 1452 advmss 1392 fe80::/10 dev pppoe-wan metric 256 mtu 1452 advmss 1392 ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1392 ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1392 ff00::/8 dev eth0.1 metric 256 mtu 1452 advmss 1392 ff00::/8 dev br-lan metric 256 mtu 1452 advmss 1392 ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440 ff00::/8 dev pppoe-wan metric 256 mtu 1452 advmss 1392 default via fe80::90:1a00:4243:14a8 dev pppoe-wan metric 1 mtu 1452 advmss 1392 unreachable default dev lo proto none metric -1 error -128 advmss 1392
I'm not exactly a guru when it comes to networking, especially in regards to IPv6, but feel like my problems have something to do with the default route...?
Anyway, sorry for the long post. Just wanted to be thorough. Anyone have any suggestions? |
|
|
What's the default policy on your firewall? (ip6tables -L) |
|
isocat join:2012-06-03 Toronto, ON |
isocat
Member
2012-Jun-12 6:40 pm
Output of ip6tables -L follows:
root@DeltaNet:/etc/config# ip6tables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all anywhere anywhere syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN input_rule all anywhere anywhere input all anywhere anywhere
Chain FORWARD (policy DROP) target prot opt source destination forwarding_rule all anywhere anywhere forward all anywhere anywhere reject all anywhere anywhere ACCEPT icmp anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all anywhere anywhere output_rule all anywhere anywhere output all anywhere anywhere
Chain forward (1 references) target prot opt source destination zone_lan_forward all anywhere anywhere zone_wan_forward all anywhere anywhere
Chain forwarding_lan (1 references) target prot opt source destination
Chain forwarding_rule (1 references) target prot opt source destination
Chain forwarding_wan (1 references) target prot opt source destination
Chain input (1 references) target prot opt source destination zone_lan all anywhere anywhere zone_wan all anywhere anywhere
Chain input_lan (1 references) target prot opt source destination
Chain input_rule (1 references) target prot opt source destination
Chain input_wan (1 references) target prot opt source destination
Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all anywhere anywhere zone_wan_ACCEPT all anywhere anywhere
Chain output_rule (1 references) target prot opt source destination
Chain reject (5 references) target prot opt source destination REJECT tcp anywhere anywhere reject-with tcp-reset REJECT all anywhere anywhere reject-with icmp6-port-unreachable
Chain syn_flood (1 references) target prot opt source destination RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all anywhere anywhere
Chain zone_lan (1 references) target prot opt source destination ACCEPT all anywhere anywhere input_lan all anywhere anywhere zone_lan_ACCEPT all anywhere anywhere
Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all anywhere anywhere ACCEPT all anywhere anywhere
Chain zone_lan_DROP (0 references) target prot opt source destination DROP all anywhere anywhere DROP all anywhere anywhere
Chain zone_lan_REJECT (1 references) target prot opt source destination reject all anywhere anywhere reject all anywhere anywhere
Chain zone_lan_forward (1 references) target prot opt source destination zone_wan_ACCEPT all anywhere anywhere forwarding_lan all anywhere anywhere zone_lan_REJECT all anywhere anywhere
Chain zone_wan (1 references) target prot opt source destination ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere input_wan all anywhere anywhere zone_wan_REJECT all anywhere anywhere
Chain zone_wan_ACCEPT (2 references) target prot opt source destination ACCEPT all anywhere anywhere ACCEPT all anywhere anywhere
Chain zone_wan_DROP (0 references) target prot opt source destination DROP all anywhere anywhere DROP all anywhere anywhere
Chain zone_wan_REJECT (2 references) target prot opt source destination reject all anywhere anywhere reject all anywhere anywhere
Chain zone_wan_forward (1 references) target prot opt source destination ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 forwarding_wan all anywhere anywhere zone_wan_REJECT all anywhere anywhere root@DeltaNet:/etc/config#
|
|
|
said by isocat:Chain FORWARD (policy DROP) Your firewall is dropping by default anything that would need to be forwarded from one interface to another. Try this: ip6tables -P FORWARD ACCEPT |
|
isocat join:2012-06-03 Toronto, ON |
isocat
Member
2012-Jun-12 7:39 pm
Thanks for your reply! I have tried your suggestion, but unfortunately there was no change.
Something I forgot to include in the original post was that when I restart my firewall, I get some errors:
root@DeltaNet:/etc/config# /etc/init.d/firewall restart Loading defaults ip6tables: No chain/target/match by that name. ip6tables: No chain/target/match by that name. ip6tables: No chain/target/match by that name. ip6tables: No chain/target/match by that name. ip6tables: No chain/target/match by that name. ip6tables: No chain/target/match by that name. Loading synflood protection Adding custom chains Loading zones Loading forwardings Loading redirects Loading rules Loading includes Loading interfaces ip6tables: No chain/target/match by that name. root@DeltaNet:/etc/config#
|
|
rpnc join:2011-06-08 Markham, ON |
to isocat
isocat,
I am using OpenWRT successfully. However, I'm running version 10.03.1. Version 10.03.1 uses a new integrated IPv4/IPv6 firewall. I was able to add the iputils-traceroute6 package in 10.03.1 to get traceroute6.
I have kept a record of how I configured OpenWRT. I did a lot with the GUI but some had to be done with config files.
In GUI (better with Firefox): - System > Administration > Router Password Password: xxxxxxxx Confirmation: xxxxxxxx - System > Administration > SSH Access Interface: lan Save & Apply.
- Network > Interfaces > WAN > General Setup Protocol: PPPoE PAP/CHAP username: xxxxx@hsiservice.net PAP/CHAP password: xxxxxxxx Save & Apply.
From PuTTY: opkg update opkg install kmod-ipv6 radvd ip kmod-ip6tables ip6tables wide-dhcpv6-server ntpclient iputils-traceroute6 reboot
- Network > DHCP and DNS > Static Leases > Add Hostname: CanonPrinter MAC-Address: xx:xx:xx:xx:xx:xx IPv4-Address: 192.168.1.xx Save & Apply.
- Network > Wifi > radio0 > Device Configuration > General Setup Enable - Network > Wifi > radio0 > Interface Configuration > General Setup ESSID: xxxxxx - Network > Wifi > Interface Configuration > Wireless Security Encryption: WPA2-PSK Key: xxxxxxxx Save & Apply.
- Network > Firewall > Zones wan/Input: drop wan/Forward: drop Save & Apply.
- Network > Interfaces > WAN > Advanced Settings Enable IPv6 negotiation on the PPP link: yes Save & Apply.
- Network > Interfaces > LAN > General Setup IPv6 address: 2607:f2c0:f0xx:xxxx::1/56 - Network > Interfaces > LAN > Advanced Setup Override MTU: 1492 Save & Apply.
From PuTTY: vi /etc/config/network - under config 'interface' 'wan', add option 'ip6addr' '2607:f2c0:a0xx:xxxx::1/64'
vi /etc/sysctl.conf - remove comment # from net.ipv6.conf.all.forwarding=1 reboot
- System > Startup > Initscripts enable radvd
Note: get MTU by pinging an IPv6 computer on the internet with -l size and finding the max size (1444) and add - 40 bytes for the IPv6 header - 4 bytes for the ICMPv6 header - 4 bytes for the ICMPv6 echo request header From PuTTY: vi /etc/config/radvd - under config interface option AdvLinkMTU 1492 option AdvOtherConfigFlag 1 option ignore 0 - under config prefix (note that prefix is /64 not /56) list prefix '2607:f2c0:f0xx:xxxx::/64' option AdvValidLifetime 14400 option AdvPreferredLifetime 14400 option ignore 0
vi /etc/config/dhcp6s - change to option 'enabled' '1'
vi /etc/dhcp6s.conf (new file) option domain-name-servers 2607:f2c0:f0xx:xxxx::1;
vi /etc/hosts fe80::xxxx:xxxx:xxxx:xxxx xxxxxxx fe80::xxxx:xxxx:xxxx:xxxx xxxxxxx fe80::xxxx:xxxx:xxxx:xxxx xxxxxxx fe80::xxxx:xxxx:xxxx:xxxx xxxxxxx fe80::xxxx:xxxx:xxxx:xxxx xxxxxxx fe80::xxxx:xxxx:xxxx:xxxx xxxxxxx
reboot
- System > Backup / Flash Firmware Download backup: Generate archive Done.
Here are some of the resulting configuration files: root@OpenWrt:/etc/config# cat /etc/config/network
config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0'
config 'interface' 'lan' option 'ifname' 'eth0' option 'type' 'bridge' option 'proto' 'static' option 'ipaddr' '192.168.1.1' option 'netmask' '255.255.255.0' option 'ip6addr' '2607:f2c0:f0xx:xxxx::1/56' option 'mtu' '1492'
config 'interface' 'wan' option 'ifname' 'eth1' option '_orig_ifname' 'eth1' option '_orig_bridge' 'false' option 'proto' 'pppoe' option 'password' 'xxxxx' option 'ipv6' '1' option 'ip6addr' '2607:f2c0:a0xx:xxxx::1/64' option 'username' 'xxxxx@hsiservice.net'
config 'switch' option 'name' 'rtl8366s' option 'reset' '1' option 'enable_vlan' '1'
config 'switch_vlan' option 'device' 'rtl8366s' option 'vlan' '1' option 'ports' '0 1 2 3 5'
root@OpenWrt:/etc/config# cat /etc/config/radvd config interface option interface 'lan' option AdvSendAdvert 1 option AdvManagedFlag 0 option AdvLinkMTU 1492 option AdvOtherConfigFlag 1 list client '' option ignore 0
config prefix option interface 'lan' # If not specified, a non-link-local prefix of the interface is used list prefix '2607:f2c0:f0xx:xxxx::/64' option AdvOnLink 1 option AdvAutonomous 1 option AdvRouterAddr 0 option AdvValidLifetime 14400 option AdvPreferredLifetime 14400 option ignore 0
config route option interface 'lan' list prefix '' option ignore 1
config rdnss option interface 'lan' # If not specified, the link-local address of the interface is used list addr '' option ignore 1
config dnssl option interface 'lan' list suffix '' option ignore 1
root@OpenWrt:/etc# cat /etc/dhcp6s.conf option domain-name-servers 2607:f2c0:f0xx:xxxx::1; |
|
|
isocat join:2012-06-03 Toronto, ON |
isocat
Member
2012-Jun-12 9:37 pm
Thanks very much, rpnc! :) I also have 10.03.1 (r29592). Are you using bcrm-2.4 or brcm47xx? For some reason I am unable to add traceroute6: root@DeltaNet:/etc# opkg update Downloading »downloads.openwrt.org/ba ··· kages.gz. Inflating »downloads.openwrt.org/ba ··· kages.gz. Updated list of available packages in /var/opkg-lists/packages. root@DeltaNet:/etc# opkg install iputils-traceroute6 Unknown package 'iputils-traceroute6'. Collected errors: * opkg_install_cmd: Cannot install package iputils-traceroute6.
Thanks very kindly for your detailed post, I will go through it and see if I can figure out where I went wrong. |
|
rpnc join:2011-06-08 Markham, ON |
rpnc
Member
2012-Jun-12 10:17 pm
I have openwrt-ar71xx-dir-825-b1-squashfs-*.bin running on a D-Link DIR-825. My list of packages are at: » downloads.openwrt.org/ba ··· ackages/Yours are at: » downloads.openwrt.org/ba ··· ackages/In my packages, I see iputils-traceroute6_20101006-1_ar71xx.ipk but I don't see it in yours. Yours has tcptraceroute6_1.0.1-1_brcm-2.4.ipk but I can't get tcptraceroute6 to work - apparently due to bug #8153. |
|