how-to block ads
|
|
Share Topic
 |
 |
|
|
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| reply to GmDude66
Re: Recieving /128 Address (OpenWRT)said by GmDude66:Have not found any results. Thinking about switching back to DD-WRT :P
Sorry that I took so long to get back to you, but my notebook was in use by someone else, and that is the only reasonably convenient box I have to access my Netgear guest router.
Once I had it connected, I found that there was no clearly defined config for ICMP6 except for the ip6table rules.
Just for grins, I did an "ip6tables -F" command in the router which cleared the ipv6 firewall rules. That effectively killed LAN to WAN IPv6 traffic in that router. I then did the traceroute below from the notebook:
C:\>tracert6 ipv6.speedtest.comcast.net
Tracing route to ipv6.speedtest.g.comcast.net [2001:558:1010:5:68:87:73:52]
from 2601:5:c80:85:3c63:a145:83e4:bb93 over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 2601:5:c80:85:a221:b7ff:fe9c:602
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * ^C
As you can see, I was no longer able to do a traceroute to an IPv6 server on the Internet, but my Netgear router still responded to the traceroute ICMP6 echo request on its LAN. Since your router did not respond to the ICMP6 echo request, that would seem to indicate that your problem is not necessarily related to a lack of ICMP6 rules. However, you could do a "ip6tables -L" command in your router to see what rules (if any) are present. Here is what I saw after I flushed the ip6tables in my router:
root@WNR1000v2:/# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If you don't have any ip6tables rules in your router, that would definitely be a problem, but that may or may not be the only problem. FWIW, here are the ip6tables that are normally in my router:
root@WNR1000v2:/# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP ipv6-icmp anywhere ::1/128 [8 bytes of unknown target data]
DROP ipv6-icmp anywhere ::1/128 [8 bytes of unknown target data]
IPv6-CONE all anywhere anywhere [8 bytes of unknown target data]
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all !2601:5:c80:85::/64 anywhere [8 bytes of unknown target data]
DROP tcp ::1/128 ::2/128 UNKNOWN match `tcp' [8 bytes of unknown target data]
ACCEPT udp ::3/128 ::4/128 UNKNOWN match `udp' [8 bytes of unknown target data]
DROP ipv6-icmp ::5/128 ::6/128 ipv6-icmp echo-reply UNKNOWN match `limit' [8 bytes of
ACCEPT ipv6-icmp ::5/128 ::6/128 ipv6-icmp echo-reply [8 bytes of unknown target data]
DROP all ::7/128 anywhere [8 bytes of unknown target data]
IPv6-CONE all anywhere anywhere [8 bytes of unknown target data]
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If you would like to see any specific config or script file on my router, let me know and I will try to find it and post it. I say "try" because even though the router does run on OpenWrt, it is still a Netgear specific version of OpenWrt, and they seem to be doing some rather obfuscated things. Most of the config files that I see are created on the fly by script files on bootup, so I don't see the usual generic config files that are present in public OpenWrt distributions.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. | |
Reviews:
·Comcast
| I am thinking this is a firewall issue.
Can you please look over this config?
root@OpenWrt:~# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
input_rule all anywhere anywhere
input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
forwarding_rule all anywhere anywhere
forward all anywhere anywhere
reject all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
output_rule all anywhere anywhere
output all anywhere anywhere
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all anywhere anywhere
zone_wan_forward all anywhere anywhere
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all anywhere anywhere
zone_wan all anywhere anywhere
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all anywhere anywhere
zone_wan_ACCEPT all anywhere anywhere
Chain output_rule (1 references)
target prot opt source destination
Chain reject (5 references)
target prot opt source destination
REJECT tcp anywhere anywhere reject-with tcp-reset
REJECT all anywhere anywhere reject-with icmp6-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all anywhere anywhere
Chain zone_lan (1 references)
target prot opt source destination
input_lan all anywhere anywhere
zone_lan_ACCEPT all anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all anywhere anywhere
DROP all anywhere anywhere
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all anywhere anywhere
reject all anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all anywhere anywhere
forwarding_lan all anywhere anywhere
zone_lan_REJECT all anywhere anywhere
Chain zone_wan (1 references)
target prot opt source destination
ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement limit: avg 1000/sec burst 5
input_wan all anywhere anywhere
zone_wan_REJECT all anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere
Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all anywhere anywhere
DROP all anywhere anywhere
Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all anywhere anywhere
reject all anywhere anywhere
Chain zone_wan_forward (1 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5
forwarding_wan all anywhere anywhere
zone_wan_REJECT all anywhere anywhere
| |
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| If there is anything in the ip6tables information that you posted that would keep your router from processing LAN to WAN IPv6 traffic, I don't see it; but perhaps someone with a keener eye (and more IPv6 experience)* will look at it and let you know definitively.
*When I was actively providing network support before my retirement last year, I did not get involved with native IPv6 support because none of the ISPs I worked with offered it (and I did not even have any clients who needed/used IPv6 tunnels). I have therefore only been involved with my own IPv6 connections, and I have had to learn what I know about IPv6 the hard way.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. | | |
|
|
