dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
57
share rss forum feed


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless
reply to GmDude66

Re: Recieving /128 Address (OpenWRT)

Actually, Comcast normally assigns a /128 IPv6 address to a router's WAN interface, and a /64 (or perhaps a /60 depending on your router's capability) to the router's LAN using DHCP6-PD. Your problem is probably with your DHCP6-PD implementation. However, you did not post any config settings that tell us how you are doing your IPv6 connection.

For starters, show us the results of an "ifconfig" command and a "ps" command so that we can see how each interface is currently configured, and so that we can see what modules are running.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

GmDude66

join:2007-09-09
York, PA
Reviews:
·Comcast



NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless

1 edit
It looks to me as if it should be working OK.

On your WAN you have 2001:558:6031:17:xxxx:xxxx:xxxx:xxxx/128
On your LAN you have 2601:1:b80:4e:126f:xxxx:xxxx:xxxx/64

Here are the similar results from my Netgear WNR1000v2-VC which runs Netgears' implementation of OpenWRT:





The WNR1000v2-VC does have a /64 on its WAN instead of a /128, but it really should be a /128 (there is a bug in the firmware).

Does an IPv6 compatible PC connected to the router's LAN not get a IPv4 and IPv6 addresses assigned?

Here is the ipconfig and netsh information (and a couple of IPv6 and IPv4 ping tests) from the notebook that is currently using my Netgear WNR1000v2-VC router:





--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

GmDude66

join:2007-09-09
York, PA
Reviews:
·Comcast
Hmm my Mac was assigned both ipv6 and ipv4 addresses. Still cannot ping on 6.




NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless

1 edit
said by GmDude66:

Hmm my Mac was assigned both ipv6 and ipv4 addresses. Still cannot ping on 6.

Interesting, it looks as if it should be working.

Can you ping6 your router's LAN IPv6 address [2601:1:b80:4e:126f:3fff:fe02:c1ca]?

Does a traceroute6 to a known public IPv6 host like ipv6.speedtest.comcast.net reach your router's LAN interface and stop there? Does it even reach your router's LAN interface?

I know these seem like dumb questions, but I am just trying to see where the blockage occurs. Since you say you can get internet IPv6 connectivity from inside your router, and since the router and your MacBook both have IPv6 address assignments, I am thinking that this may be a firewall problem. The question would be is it the MacBook's firewall or the router's firewall.

I ran into a similar scenario when I first enabled the IPv6 firewall in my D-Link DIR655. The router and attached devices had IPv6 addresses, and I could do IPv6 pings to the internet from inside the router, but IPv6 connectivity from attached devices stopped at the DIR655's LAN interface. The problem in my case was that the IPv6 firewall in the DIR655 did not have a default allow outbound rule (unlike any router's firewall I have ever seen). As soon as I created a default allow outbound rule in its IPv6 firewall, I had IPv6 connectivity.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:3
Reviews:
·Comcast
said by NetFixer:

The problem in my case was that the IPv6 firewall in the DIR655 did not have a default allow outbound rule (unlike any router's firewall I have ever seen).

m0n0wall also does not have a default "allow outbound to any" rule for IPv6 internal interfaces.

GmDude66

join:2007-09-09
York, PA
Reviews:
·Comcast

1 edit
reply to NetFixer
I cannot ping6 from any computer connected to LAN.

I can ping6 anything directly from router.

I disabled the firewall on Mac and on the router (Allow Any From Any To Any).

I ran a traceroute6:

I noticed on the routes page something funky:

There is no ipv6 gateway listed for anything.

GmDude66

join:2007-09-09
York, PA
Also, just found this in my kernel log:
[93708.410000] icmpv6_send: no reply to icmp error


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless
said by GmDude66:

Also, just found this in my kernel log:
[93708.410000] icmpv6_send: no reply to icmp error

The icmpv6 config in your router is where I was just about to suggest that you look; that is why I had requested the IPv6 traceroutes and pings, so that I could see if your router responded on its LAN interface. The fact that your MacBook does not get a reply from your router's LAN when doing a traceroute6 to an Internet location says that something is wonky in your router's icmpv6 config.

Here is a traceroute I just did to ipv6.speedtest.comcast.net after temporarily disabling IPv6 routing in my D-Link DIR655 by disabling its default allow LAN to WAN IPv6 firewall rule. Following that traceroute is a ping to the router's IPv6 LAN address:





Even with the internal IPv6 routing blocked inside the router, I can still get an ICMP echo response on its LAN interface. Right at this moment it is not convenient for me to connect to my Netgear router to check its icmpv6 config and post some things for you to look for, but later this evening I should be able to do that (if you have not already found the problem in your config before then).

--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

GmDude66

join:2007-09-09
York, PA
Yes, please post your configuration. In the meantime, I am searching!

GmDude66

join:2007-09-09
York, PA
Have not found any results. Thinking about switching back to DD-WRT :P


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless
said by GmDude66:

Have not found any results. Thinking about switching back to DD-WRT :P

Sorry that I took so long to get back to you, but my notebook was in use by someone else, and that is the only reasonably convenient box I have to access my Netgear guest router.

Once I had it connected, I found that there was no clearly defined config for ICMP6 except for the ip6table rules.

Just for grins, I did an "ip6tables -F" command in the router which cleared the ipv6 firewall rules. That effectively killed LAN to WAN IPv6 traffic in that router. I then did the traceroute below from the notebook:





As you can see, I was no longer able to do a traceroute to an IPv6 server on the Internet, but my Netgear router still responded to the traceroute ICMP6 echo request on its LAN. Since your router did not respond to the ICMP6 echo request, that would seem to indicate that your problem is not necessarily related to a lack of ICMP6 rules. However, you could do a "ip6tables -L" command in your router to see what rules (if any) are present. Here is what I saw after I flushed the ip6tables in my router:





If you don't have any ip6tables rules in your router, that would definitely be a problem, but that may or may not be the only problem. FWIW, here are the ip6tables that are normally in my router:





If you would like to see any specific config or script file on my router, let me know and I will try to find it and post it. I say "try" because even though the router does run on OpenWrt, it is still a Netgear specific version of OpenWrt, and they seem to be doing some rather obfuscated things. Most of the config files that I see are created on the fly by script files on bootup, so I don't see the usual generic config files that are present in public OpenWrt distributions.

--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

GmDude66

join:2007-09-09
York, PA
Reviews:
·Comcast
I am thinking this is a firewall issue.

Can you please look over this config?



NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless
If there is anything in the ip6tables information that you posted that would keep your router from processing LAN to WAN IPv6 traffic, I don't see it; but perhaps someone with a keener eye (and more IPv6 experience)* will look at it and let you know definitively.

*When I was actively providing network support before my retirement last year, I did not get involved with native IPv6 support because none of the ISPs I worked with offered it (and I did not even have any clients who needed/used IPv6 tunnels). I have therefore only been involved with my own IPv6 connections, and I have had to learn what I know about IPv6 the hard way.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.