|
Recieving /128 Address (OpenWRT)Hello, any reason my router is receiving a /128 address? I can ping perfectly fine from the router. Everything else is a no-go. I have a Buffalo WZR-HP-300GH2 running OpenWRT Attitude Adjustment. root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option accept_ra '1'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0t 1 3 4 5'
config switch_vlan
option device 'eth0'
option vlan '2'
option ports '0t 2'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood1
option inputACCEPT
option outputACCEPT
option forwardREJECT
# Uncomment this line to disable ipv6 rules
#option disable_ipv61
config zone
option namelan
option network'lan'
option inputACCEPT
option outputACCEPT
option forwardREJECT
config zone
option namewan
option network'wan'
option inputREJECT
option outputACCEPT
option forwardREJECT
option masq1
option mtu_fix1
config forwarding
option srclan
option destwan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option nameAllow-DHCP-Renew
option srcwan
option protoudp
option dest_port68
option targetACCEPT
option familyipv4
# Allow IPv4 ping
config rule
option nameAllow-Ping
option srcwan
option protoicmp
option icmp_typeecho-request
option familyipv4
option targetACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option nameAllow-DHCPv6
option srcwan
option protoudp
option src_ipfe80::/10
option src_port547
option dest_ipfe80::/10
option dest_port546
option familyipv6
option targetACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option nameAllow-ICMPv6-Input
option srcwan
option protoicmp
list icmp_typeecho-request
list icmp_typeecho-reply
list icmp_typedestination-unreachable
list icmp_typepacket-too-big
list icmp_typetime-exceeded
list icmp_typebad-header
list icmp_typeunknown-header-type
list icmp_typerouter-solicitation
list icmp_typeneighbour-solicitation
list icmp_typerouter-advertisement
list icmp_typeneighbour-advertisement
option limit1000/sec
option familyipv6
option targetACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option nameAllow-ICMPv6-Forward
option srcwan
option dest*
option protoicmp
list icmp_typeecho-request
list icmp_typeecho-reply
list icmp_typedestination-unreachable
list icmp_typepacket-too-big
list icmp_typetime-exceeded
list icmp_typebad-header
list icmp_typeunknown-header-type
option limit1000/sec
option familyipv6
option targetACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
root@OpenWrt:~# cat /etc/config/radvd
config interface
option interface'lan'
option AdvSendAdvert1
option AdvManagedFlag0
option AdvOtherConfigFlag 0
list client''
option ignore0
config prefix
option interface'lan'
# If not specified, a non-link-local prefix of the interface is used
list prefix''
option AdvOnLink1
option AdvAutonomous1
option AdvRouterAddr1
option ignore0
config route
option interface'lan'
list prefix''
option ignore0
config rdnss
option interface'lan'
# If not specified, the link-local address of the interface is used
list addr''
option ignore0
config dnssl
option interface'lan'
list suffix''
option ignore1
Thank you in advance for the help! |
|
tshirt Premium Member join:2004-07-11 Snohomish, WA |
tshirt
Premium Member
2013-Jan-20 4:52 pm
what modem do you have? |
|
|
|
I have an SB6120 with 4/3 Bonding |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
to GmDude66
Actually, Comcast normally assigns a /128 IPv6 address to a router's WAN interface, and a /64 (or perhaps a /60 depending on your router's capability) to the router's LAN using DHCP6-PD. Your problem is probably with your DHCP6-PD implementation. However, you did not post any config settings that tell us how you are doing your IPv6 connection.
For starters, show us the results of an "ifconfig" command and a "ps" command so that we can see how each interface is currently configured, and so that we can see what modules are running. |
|
|
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 10:6F:3F:02:C1:CA
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2601:1:b80:4e:126f:xxxx:xxxx:xxxx/64 Scope:Global
inet6 addr: fe80::126f:3fff:fe02:c1ca/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78895 errors:0 dropped:0 overruns:0 frame:0
TX packets:83868 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12161524 (11.5 MiB) TX bytes:73301550 (69.9 MiB)
eth0 Link encap:Ethernet HWaddr 10:6F:3F:02:C1:CA
inet6 addr: fe80::126f:xxxx:xxxx:xxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:274691 errors:0 dropped:10 overruns:0 frame:0
TX packets:84564 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:86672260 (82.6 MiB) TX bytes:14455055 (13.7 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 10:6F:3F:02:C1:CA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3549 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1074767 (1.0 MiB)
eth0.2 Link encap:Ethernet HWaddr 10:6F:3F:02:C1:CA
inet addr:98.237.xxx.xxx Bcast:98.237.xxx.xxx Mask:255.255.252.0
inet6 addr: fe80::126f:xxxx:xxxx:xxxx/64 Scope:Link
inet6 addr: 2001:558:6031:17:xxxx:xxxx:xxxx:xxxx/128 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:274662 errors:0 dropped:0 overruns:0 frame:0
TX packets:81007 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:81725969 (77.9 MiB) TX bytes:13041376 (12.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
inet6 addr: 2601:1:b80:4e:200:ff:fe00:0/64 Scope:Global
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1648 (1.6 KiB) TX bytes:1648 (1.6 KiB)
wlan0 Link encap:Ethernet HWaddr 10:6F:3F:02:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:86980 errors:0 dropped:0 overruns:0 frame:0
TX packets:92123 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:14619439 (13.9 MiB) TX bytes:76024312 (72.5 MiB)
root@OpenWrt:~# ps
PID USER VSZ STAT COMMAND
1 root 1504 S init
2 root 0 SW [kthreadd]
3 root 0 SW [ksoftirqd/0]
4 root 0 SW [kworker/0:0]
5 root 0 SW [kworker/u:0]
6 root 0 SW< [khelper]
7 root 0 SW [kworker/u:1]
63 root 0 SW [sync_supers]
65 root 0 SW [bdi-default]
67 root 0 SW< [kblockd]
98 root 0 SW [kswapd0]
146 root 0 SW [fsnotify_mark]
176 root 0 SW< [ath79-spi]
190 root 0 SW [mtdblock0]
197 root 0 SW [mtdblock1]
226 root 0 SW [mtdblock2]
231 root 0 SW [mtdblock3]
236 root 0 SW [mtdblock4]
241 root 0 SW [mtdblock5]
246 root 0 SW [mtdblock6]
251 root 0 SW [mtdblock7]
256 root 0 SW [mtdblock8]
261 root 0 SW [mtdblock9]
463 root 0 SWN [jffs2_gcd_mtd7]
481 root 1504 S init
519 root 0 SW< [cfg80211]
527 root 0 SW [khubd]
611 root 1508 S /sbin/syslogd -l 8 -C16
613 root 1492 S /sbin/klogd
615 root 860 S /sbin/hotplug2 --override --persistent --set-rules-f
621 root 868 S /sbin/ubusd
625 root 1524 S /sbin/netifd
673 root 1508 S udhcpc -p /var/run/udhcpc-eth0.2.pid -s /lib/netifd/
867 root 1500 S /sbin/watchdog -t 5 /dev/watchdog
962 root 1428 S hostapd -P /var/run/wifi-phy0.pid -B /var/run/hostap
1044 root 932 S /usr/sbin/dhcp6c -c /var/etc/dhcp6c.conf eth0.2
1273 root 940 S /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
1275 root 940 S /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
1344 root 932 S /usr/sbin/miniupnpd -f /var/etc/miniupnpd.conf
1512 root 1152 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22
1547 root 1152 S /usr/sbin/uhttpd -f -h /www -r OpenWrt -x /cgi-bin -
1577 nobody 960 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf
1591 root 1500 S /usr/sbin/ntpd -n -p 0.openwrt.pool.ntp.org -p 1.ope
1596 root 0 SW [kworker/0:2]
4624 root 1220 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22
4625 root 1504 S -ash
4630 root 0 SW [kworker/0:1]
4632 root 1496 R ps
|
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
1 edit |
NetFixer
Premium Member
2013-Jan-20 9:30 pm
It looks to me as if it should be working OK. On your WAN you have 2001:558:6031:17:xxxx:xxxx:xxxx:xxxx/128 On your LAN you have 2601:1:b80:4e:126f:xxxx:xxxx:xxxx/64 Here are the similar results from my Netgear WNR1000v2-VC which runs Netgears' implementation of OpenWRT:
BusyBox v1.4.2 (2012-04-17 12:26:16 EDT) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (7.09) -----------------------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
---------------------------------------------------
root@WNR1000v2:/# ifconfig
ath0 Link encap:Ethernet HWaddr A0:21:B7:9C:06:02
inet6 addr: fe80::a221:b7ff:fe9c:602/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:129598 errors:0 dropped:0 overruns:0 frame:0
TX packets:145453 errors:0 dropped:5643 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51624197 (49.2 MiB) TX bytes:149549679 (142.6 MiB)
br0 Link encap:Ethernet HWaddr A0:21:B7:9C:06:02
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: 2601:5:c80:56:a221:b7ff:fe9c:602/64 Scope:Global
inet6 addr: fe80::a221:b7ff:fe9c:602/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:129602 errors:0 dropped:0 overruns:0 frame:0
TX packets:150140 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49809849 (47.5 MiB) TX bytes:150169209 (143.2 MiB)
eth0 Link encap:Ethernet HWaddr A0:21:B7:9C:06:03
inet addr:67.177.173.18 Bcast:255.255.255.255 Mask:255.255.252.0
inet6 addr: fe80::a221:b7ff:fe9c:603/64 Scope:Link
inet6 addr: 2001:558:6016:19:2434:808:f8f1:f5b3/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10364834 errors:0 dropped:0 overruns:0 frame:0
TX packets:118415 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:902017481 (860.2 MiB) TX bytes:56475172 (53.8 MiB)
eth1 Link encap:Ethernet HWaddr A0:21:B7:9C:06:02
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1207325 errors:0 dropped:0 overruns:0 frame:0
TX packets:1207325 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:56615788 (53.9 MiB) TX bytes:56615788 (53.9 MiB)
wifi0 Link encap:Ethernet HWaddr A0:21:B7:9C:06:02
inet6 addr: fe80::a221:b7ff:fe9c:602/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:22 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:48 Memory:b0000000-b0010000
root@WNR1000v2:/# ps
PID Uid VmSize Stat Command
1 root 364 S init
2 root SWN [ksoftirqd/0]
3 root SW< [events/0]
4 root SW< [khelper]
5 root SW< [kthread]
8 root SW< [kblockd/0]
36 root SW [pdflush]
37 root SW [pdflush]
39 root SW< [aio/0]
38 root SW [kswapd0]
50 root SW [mtdblockd]
140 root 264 S klogd
144 root 296 S datalib
237 root 108 S /usr/sbin/potval
338 root 296 S udhcpd /tmp/udhcpd.conf
342 root 228 S /usr/sbin/net-scan
355 root 128 S /usr/sbin/hnapd
386 root 424 S /usr/sbin/dnsmasq -r /tmp/resolv.conf --wan-interface
470 root 240 S udhcpc -b -i eth0 -h ap2 -r 192.168.9.10 -N 192.168.9
504 root 332 S /usr/sbin/ez-ipupdate -c /tmp/ez-ipupd.conf -b /tmp/e
1714 root 632 S hostapd /var/run/topology.conf
1723 root 208 S /usr/bin/wlanlog
1744 root 352 S syslogd -m 0 -T GMT+6GMT,M3.2.0/2:00,M11.1.0/2:00 -c
1760 root 304 S /usr/sbin/ntpclient
1765 root 360 S crond -c /tmp/etc/crontabs -T GMT+6GMT,M3.2.0/2:00,M1
1783 root 880 S uhttpd -e /usr/sbin/detwan
1786 root 140 S inetd
1791 root 216 S /usr/bin/detcable 2
1793 root 424 S /bin/sh /sbin/button_detecte
1828 root 280 S lld2d br0
1853 root 296 S /sbin/traffic_meter
1861 root 208 S init
15576 root 480 S /sbin/deamonv6 eth0
15829 root 364 S /usr/sbin/radvd -C /tmp/radvd.conf
15834 root 408 S /usr/sbin/dhcp6s -3 -c /tmp/dhcp6s.conf -i br0
15841 root 652 S /usr/sbin/ripngd -d -f /etc/ripngd.conf
15852 root 596 S /usr/sbin/zebra -dk -f /etc/zebra.conf
31049 root 260 S /usr/sbin/utelnetd -d -i br0
20205 root 460 S /bin/ash --login
20262 root 288 S /bin/sleep 1
20263 root 380 R ps
The WNR1000v2-VC does have a /64 on its WAN instead of a /128, but it really should be a /128 (there is a bug in the firmware). Does an IPv6 compatible PC connected to the router's LAN not get a IPv4 and IPv6 addresses assigned? Here is the ipconfig and netsh information (and a couple of IPv6 and IPv4 ping tests) from the notebook that is currently using my Netgear WNR1000v2-VC router:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Wireless Network Connection 8:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.10.18
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 2601:5:c80:56:9c32:127f:a63e:188e
IP Address. . . . . . . . . . . . : 2601:5:c80:56:21a:73ff:fe67:2cdc
IP Address. . . . . . . . . . . . : fe80::21a:73ff:fe67:2cdc%8
Default Gateway . . . . . . . . . : 192.168.10.1
fe80::a221:b7ff:fe9c:602%8
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.10.18%2
Default Gateway . . . . . . . . . :
C:\>netsh int ipv6 show addr
Querying active state...
Interface 8: Wireless Network Connection 8
Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Temporary Preferred 23h59m56s 19h57m40s 2601:5:c80:56:9c32:127f:a63e:188e
Public Preferred 23h59m56s 23h59m56s 2601:5:c80:56:21a:73ff:fe67:2cdc
Link Preferred infinite infinite fe80::21a:73ff:fe67:2cdc
Interface 5: Teredo Tunneling Pseudo-Interface
Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Preferred infinite infinite fe80::ffff:ffff:fffd
Interface 2: Automatic Tunneling Pseudo-Interface
Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Preferred infinite infinite fe80::5efe:192.168.10.18
Interface 1: Loopback Pseudo-Interface
Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Loopback Preferred infinite infinite ::1
Link Preferred infinite infinite fe80::1
C:\>ping www.comcast.net
Pinging a1526.dscg.akamai.net [2001:559:0:501::48f6:2d1b] with 32 bytes of data:
Reply from 2001:559:0:501::48f6:2d1b: time=31ms
Reply from 2001:559:0:501::48f6:2d1b: time=32ms
Reply from 2001:559:0:501::48f6:2d1b: time=31ms
Reply from 2001:559:0:501::48f6:2d1b: time=31ms
Ping statistics for 2001:559:0:501::48f6:2d1b:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
C:\>ping -4 www.comcast.net
Pinging a1526.dscg.akamai.net [23.62.111.185] with 32 bytes of data:
Reply from 23.62.111.185: bytes=32 time=19ms TTL=58
Reply from 23.62.111.185: bytes=32 time=20ms TTL=58
Reply from 23.62.111.185: bytes=32 time=18ms TTL=58
Reply from 23.62.111.185: bytes=32 time=19ms TTL=58
Ping statistics for 23.62.111.185:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 20ms, Average = 19ms
|
|
|
Hmm my Mac was assigned both ipv6 and ipv4 addresses. Still cannot ping on 6. dereks-macbook:~ derek$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:23:32:d1:22:1e
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:23:6c:81:2c:25
inet6 fe80::223:6cff:fe81:2c25%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.189 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2601:1:b80:4e:223:6cff:fe81:2c25 prefixlen 64 autoconf
inet6 2601:1:b80:4e:9861:914f:fd8f:2e5c prefixlen 64 autoconf temporary
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:23:6c:81:2c:25
media: autoselect
status: inactive
dereks-macbook:~ derek$ ping www.comcast.net
PING a1526.dscg.akamai.net (184.51.126.43): 56 data bytes
64 bytes from 184.51.126.43: icmp_seq=0 ttl=55 time=26.557 ms
64 bytes from 184.51.126.43: icmp_seq=1 ttl=55 time=27.885 ms
64 bytes from 184.51.126.43: icmp_seq=2 ttl=55 time=28.937 ms
64 bytes from 184.51.126.43: icmp_seq=3 ttl=55 time=31.577 ms
^C
--- a1526.dscg.akamai.net ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 26.557/28.739/31.577/1.843 ms
dereks-macbook:~ derek$ ping6 www.comcast.net
PING6(56=40+8+8 bytes) 2601:1:b80:4e:9861:914f:fd8f:2e5c --> 2001:559:0:5c::1743:3e40
^C
--- a1526.dscg.akamai.net ping6 statistics ---
141 packets transmitted, 0 packets received, 100.0% packet loss
dereks-macbook:~ derek$ ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2601:1:b80:4e:9861:914f:fd8f:2e5c --> 2607:f8b0:400c:c01::67
^C
--- ipv6.l.google.com ping6 statistics ---
23 packets transmitted, 0 packets received, 100.0% packet loss
|
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
1 edit |
NetFixer
Premium Member
2013-Jan-20 11:15 pm
said by GmDude66:Hmm my Mac was assigned both ipv6 and ipv4 addresses. Still cannot ping on 6. Interesting, it looks as if it should be working. Can you ping6 your router's LAN IPv6 address [2601:1:b80:4e:126f:3fff:fe02:c1ca]? Does a traceroute6 to a known public IPv6 host like ipv6.speedtest.comcast.net reach your router's LAN interface and stop there? Does it even reach your router's LAN interface? I know these seem like dumb questions, but I am just trying to see where the blockage occurs. Since you say you can get internet IPv6 connectivity from inside your router, and since the router and your MacBook both have IPv6 address assignments, I am thinking that this may be a firewall problem. The question would be is it the MacBook's firewall or the router's firewall. I ran into a similar scenario when I first enabled the IPv6 firewall in my D-Link DIR655. The router and attached devices had IPv6 addresses, and I could do IPv6 pings to the internet from inside the router, but IPv6 connectivity from attached devices stopped at the DIR655's LAN interface. The problem in my case was that the IPv6 firewall in the DIR655 did not have a default allow outbound rule (unlike any router's firewall I have ever seen). As soon as I created a default allow outbound rule in its IPv6 firewall, I had IPv6 connectivity. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
said by NetFixer:The problem in my case was that the IPv6 firewall in the DIR655 did not have a default allow outbound rule (unlike any router's firewall I have ever seen). m0n0wall also does not have a default "allow outbound to any" rule for IPv6 internal interfaces. |
|
1 edit |
to NetFixer
I cannot ping6 from any computer connected to LAN. I can ping6 anything directly from router. I disabled the firewall on Mac and on the router (Allow Any From Any To Any). I ran a traceroute6: dereks-macbook:~ derek$ traceroute6 ipv6.speedtest.comcast.net
traceroute6 to ipv6.speedtest.g.comcast.net (2001:558:1010:5:68:87:73:52) from 2601:1:b80:53:449c:1b65:79a8:3890, 64 hops max, 12 byte packets
1 * * *
2 * * *
^C
dereks-macbook:~ derek$
I noticed on the routes page something funky: Active IPv4-Routes
Network
Target
IPv4-Gateway
Metric
wan
0.0.0.0/0
98.237.12.1
0
wan
98.237.12.0/22
0.0.0.0
0
lan
192.168.1.0/24
0.0.0.0
0
Active IPv6-Routes
Network
Target
IPv6-Gateway
Metric
wan
2001:558:6031:17:7C6F:C57F:8412:9424
0:0:0:0:0:0:0:0/0
00000100
wan
2001:558:FEED:0:0:0:0:1
0:0:0:0:0:0:0:0/0
00000000
wan
2001:558:FEED:0:0:0:0:2
0:0:0:0:0:0:0:0/0
00000000
loopback
2601:1:B80:4E:0:0:0:0/64
0:0:0:0:0:0:0:0/0
00000100
loopback
2601:1:B80:53:449C:1B65:79A8:3890
0:0:0:0:0:0:0:0/0
00000000
loopback
2601:1:B80:53:0:0:0:0/64
0:0:0:0:0:0:0:0/0
00000100
lan
2601:1:B80:53:0:0:0:0/64
0:0:0:0:0:0:0:0/0
00000100
wan
2607:F8B0:4006:800:0:0:0:1000
0:0:0:0:0:0:0:0/0
00000000
wan
2607:F8B0:4006:803:0:0:0:1005
0:0:0:0:0:0:0:0/0
00000000
wan
0:0:0:0:0:0:0:0/0
0:0:0:0:0:0:0:0/0
00000400
loopback
0:0:0:0:0:0:0:0/0
0:0:0:0:0:0:0:0/0
FFFFFFFF
There is no ipv6 gateway listed for anything. |
|
GmDude66 |
Also, just found this in my kernel log: [93708.410000] icmpv6_send: no reply to icmp error |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2013-Jan-21 8:06 pm
said by GmDude66:Also, just found this in my kernel log: [93708.410000] icmpv6_send: no reply to icmp error The icmpv6 config in your router is where I was just about to suggest that you look; that is why I had requested the IPv6 traceroutes and pings, so that I could see if your router responded on its LAN interface. The fact that your MacBook does not get a reply from your router's LAN when doing a traceroute6 to an Internet location says that something is wonky in your router's icmpv6 config. Here is a traceroute I just did to ipv6.speedtest.comcast.net after temporarily disabling IPv6 routing in my D-Link DIR655 by disabling its default allow LAN to WAN IPv6 firewall rule. Following that traceroute is a ping to the router's IPv6 LAN address:
C:\>tracert ipv6.speedtest.comcast.net
Tracing route to ipv6.speedtest.g.comcast.net [2001:558:1010:5:68:87:73:52]
over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * ^C
C:\>ping 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff
Pinging 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff with 32 bytes of data:
Reply from 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff: time<1ms
Reply from 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff: time<1ms
Reply from 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff: time<1ms
Reply from 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff: time<1ms
Ping statistics for 2601:5:c80:90:1e7e:e5ff:fe4c:e6ff:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Even with the internal IPv6 routing blocked inside the router, I can still get an ICMP echo response on its LAN interface. Right at this moment it is not convenient for me to connect to my Netgear router to check its icmpv6 config and post some things for you to look for, but later this evening I should be able to do that (if you have not already found the problem in your config before then). |
|
|
Yes, please post your configuration. In the meantime, I am searching! |
|
GmDude66 |
Have not found any results. Thinking about switching back to DD-WRT :P |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2013-Jan-23 2:25 am
said by GmDude66:Have not found any results. Thinking about switching back to DD-WRT :P Sorry that I took so long to get back to you, but my notebook was in use by someone else, and that is the only reasonably convenient box I have to access my Netgear guest router. Once I had it connected, I found that there was no clearly defined config for ICMP6 except for the ip6table rules. Just for grins, I did an "ip6tables -F" command in the router which cleared the ipv6 firewall rules. That effectively killed LAN to WAN IPv6 traffic in that router. I then did the traceroute below from the notebook:
C:\>tracert6 ipv6.speedtest.comcast.net
Tracing route to ipv6.speedtest.g.comcast.net [2001:558:1010:5:68:87:73:52]
from 2601:5:c80:85:3c63:a145:83e4:bb93 over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 2601:5:c80:85:a221:b7ff:fe9c:602
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * ^C
As you can see, I was no longer able to do a traceroute to an IPv6 server on the Internet, but my Netgear router still responded to the traceroute ICMP6 echo request on its LAN. Since your router did not respond to the ICMP6 echo request, that would seem to indicate that your problem is not necessarily related to a lack of ICMP6 rules. However, you could do a "ip6tables -L" command in your router to see what rules (if any) are present. Here is what I saw after I flushed the ip6tables in my router:
root@WNR1000v2:/# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If you don't have any ip6tables rules in your router, that would definitely be a problem, but that may or may not be the only problem. FWIW, here are the ip6tables that are normally in my router:
root@WNR1000v2:/# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP ipv6-icmp anywhere ::1/128 [8 bytes of unknown target data]
DROP ipv6-icmp anywhere ::1/128 [8 bytes of unknown target data]
IPv6-CONE all anywhere anywhere [8 bytes of unknown target data]
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all !2601:5:c80:85::/64 anywhere [8 bytes of unknown target data]
DROP tcp ::1/128 ::2/128 UNKNOWN match `tcp' [8 bytes of unknown target data]
ACCEPT udp ::3/128 ::4/128 UNKNOWN match `udp' [8 bytes of unknown target data]
DROP ipv6-icmp ::5/128 ::6/128 ipv6-icmp echo-reply UNKNOWN match `limit' [8 bytes of
ACCEPT ipv6-icmp ::5/128 ::6/128 ipv6-icmp echo-reply [8 bytes of unknown target data]
DROP all ::7/128 anywhere [8 bytes of unknown target data]
IPv6-CONE all anywhere anywhere [8 bytes of unknown target data]
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If you would like to see any specific config or script file on my router, let me know and I will try to find it and post it. I say "try" because even though the router does run on OpenWrt, it is still a Netgear specific version of OpenWrt, and they seem to be doing some rather obfuscated things. Most of the config files that I see are created on the fly by script files on bootup, so I don't see the usual generic config files that are present in public OpenWrt distributions. |
|
|
I am thinking this is a firewall issue. Can you please look over this config? root@OpenWrt:~# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
input_rule all anywhere anywhere
input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
forwarding_rule all anywhere anywhere
forward all anywhere anywhere
reject all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
output_rule all anywhere anywhere
output all anywhere anywhere
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all anywhere anywhere
zone_wan_forward all anywhere anywhere
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all anywhere anywhere
zone_wan all anywhere anywhere
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all anywhere anywhere
zone_wan_ACCEPT all anywhere anywhere
Chain output_rule (1 references)
target prot opt source destination
Chain reject (5 references)
target prot opt source destination
REJECT tcp anywhere anywhere reject-with tcp-reset
REJECT all anywhere anywhere reject-with icmp6-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all anywhere anywhere
Chain zone_lan (1 references)
target prot opt source destination
input_lan all anywhere anywhere
zone_lan_ACCEPT all anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all anywhere anywhere
DROP all anywhere anywhere
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all anywhere anywhere
reject all anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all anywhere anywhere
forwarding_lan all anywhere anywhere
zone_lan_REJECT all anywhere anywhere
Chain zone_wan (1 references)
target prot opt source destination
ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement limit: avg 1000/sec burst 5
input_wan all anywhere anywhere
zone_wan_REJECT all anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere
Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all anywhere anywhere
DROP all anywhere anywhere
Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all anywhere anywhere
reject all anywhere anywhere
Chain zone_wan_forward (1 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5
forwarding_wan all anywhere anywhere
zone_wan_REJECT all anywhere anywhere
|
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2013-Jan-24 9:44 am
If there is anything in the ip6tables information that you posted that would keep your router from processing LAN to WAN IPv6 traffic, I don't see it; but perhaps someone with a keener eye (and more IPv6 experience)* will look at it and let you know definitively.
*When I was actively providing network support before my retirement last year, I did not get involved with native IPv6 support because none of the ISPs I worked with offered it (and I did not even have any clients who needed/used IPv6 tunnels). I have therefore only been involved with my own IPv6 connections, and I have had to learn what I know about IPv6 the hard way. |
|
NetDog Premium Member join:2002-03-04 Hollywood, FL |
to GmDude66
I really hate to say this but can you try and disable ip6tables for a little bit to see if you get all the traffic working? |
|