Can ping ipv6, but can't access http
Shadow Hawkins on Tuesday, 14 July 2009 05:03:39
I'm having trouble accessing ipv6 websites via an Aiccu tunnel.
I have a CentOS 5.2 box setup with aiccu and radvd on it. My Windows XP box gets a couple of ipv6 ips and I can ping things like ipv6.google.com and www.sixxs.net but when I try to browse to them it fails to make a connection.
I've tried in firefox and IE, but nothing works. No settings have been changed from the default.
Can anyone help me troubleshoot this?
Thanks
Can ping ipv6, but can't access http
Shadow Hawkins on Tuesday, 14 July 2009 14:22:10
Just to confirm...you say you do have a public IPv6 address assigned to the interface? Can you post the output of "ipconfig"?
Can ping ipv6, but can't access http
Jeroen Massar on Tuesday, 14 July 2009 14:30:23 I'm having trouble accessing ipv6 websites via an Aiccu tunnel.
What is an "Aiccu tunnel"? We have proto-41, proto-41/heartbeat and AYIYA.
Which one is it?
My Windows XP box gets a couple of ipv6 ips and I can ping things like ipv6.google.com and www.sixxs.net
What is the source and destination address? Outputs of things you have tried are really well appreciated if you want others to help you out.
Can anyone help me troubleshoot this?
See the "Reporting Problems / Checklist / Troubleshooting" section on the contact page.
Are you running some kind of Firewall or "Anti-Virus" software on your computer?
Most likely those are the culprit.
Can ping ipv6, but can't access http
Shadow Hawkins on Wednesday, 15 July 2009 00:59:56
Sorry, I meant ayiya tunnel.
This is from my ipconfig
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 2001:4428:211:0:e8c6:e028:7d1b:59ce
IP Address. . . . . . . . . . . . : 2001:4428:211:0:224:e8ff:fe13:a24d
IP Address. . . . . . . . . . . . : fe80::224:e8ff:fe13:a24d%4
Default Gateway . . . . . . . . . : 10.1.1.254
fe80::213:72ff:fefd:1d5e%4
I'm not running any firewall and using ESET Nod32 4.0.
I've tried browsing ipv6 sites from lynx on my server, which seem to work. So it seems the problem is my XP box.
I'm not sure what you mean by source and destination address, so here's my tunnel information:
IPv6 Prefix 2001:4428:200:17::1/64
PoP IPv6 2001:4428:200:17::1
Your IPv6 2001:4428:200:17::2
Can ping ipv6, but can't access http
Jeroen Massar on Wednesday, 15 July 2009 10:06:43 I'm not running any firewall and using ESET Nod32 4.0.
Your problem is NOD32, which most likely hooks somewhere inside your browser or even in Winsock and then nicely rejects everything which it does not know, eg IPv6.
Try disabling it, then try to use your browser.
If that does not work, uninstall the silly thing and then try using your browser.
Most likely the latter is the way to fix this.
Most likely end-result: Complain to your vendor for being silly in not supporting IPv6.
Can ping ipv6, but can't access http
Shadow Hawkins on Wednesday, 15 July 2009 14:27:49
FWIW, I'm also using NOD32 4.0 for an AV product (albeit in a corporate setting) and I don't have any problems. I do not remember seeing any explicit settings in the config, but when I used Panda, I had to turn off the web filtering part of it so it work work (same thing Jeroen mentioned about it blocking what it doesn't know about)
Can ping ipv6, but can't access http
Shadow Hawkins on Tuesday, 21 July 2009 06:03:49
I've tried turning NOD32 off and tried using a computer that has never had it installed and it had the same result.
Is there something that needs to be done at the linux side to route tcp/ip? It seems weird that ICMP would get through.
Can ping ipv6, but can't access http
Shadow Hawkins on Tuesday, 21 July 2009 10:29:45
If you can ping but not browse it sounds like a firewall rule either on your Windows box or your CentOS tunnel box. Try "ip6tables -L" on the tunnel box and check the results, especially the FORWARD chain.
Can ping ipv6, but can't access http
Shadow Hawkins on Wednesday, 22 July 2009 00:16:32
# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
ACCEPT esp anywhere anywhere
ACCEPT ah anywhere anywhere
ACCEPT udp anywhere ff02::fb/128 udp dpt:mdns
ACCEPT udp anywhere anywhere udp dpt:ipp
ACCEPT tcp anywhere anywhere tcp dpt:ipp
ACCEPT udp anywhere anywhere udp dpts:filenet-tms:61000
ACCEPT tcp anywhere anywhere tcp dpts:filenet-tms:61000 flags:!SYN,RST,ACK/SYN
ACCEPT tcp anywhere anywhere tcp dpt:ssh
REJECT all anywhere anywhere reject-with icmp6-adm-prohibited
Can you see any problems there? I've been reading the forums and see that some people have trouble with CentOS 5.2, but I'm not using the 5.3 kernal ( 2.6.18-128.1.10.el5) which should fix any problems. I also added a 2000::/3 route, which is meant to fix the problems in earlier kernels.
This is my routing table:
# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:4428:200:17::/64 * U 256 2 0 sixxs
2001:4428:211::/64 * U 256 0 0 eth0
2000::/3 gw-24.wlg-01.nz.sixxs.net UG 1024 52 0 sixxs
fe80::/64 * U 256 0 0 eth0
fe80::/64 * U 256 0 0 eth1
fe80::/64 * U 256 0 0 sixxs
*/0 gw-24.wlg-01.nz.sixxs.net UG 1024 226 0 sixxs
localhost6.localdomain6/128 * U 0 32112 1 lo
2001:4428:200:17::/128 * U 0 0 2 lo
cl-24.wlg-01.nz.sixxs.net/128 * U 0 7587 1 lo
2001:4428:211::/128 * U 0 0 2 lo
2001:4428:211::1/128 * U 0 26 1 lo
fe80::/128 * U 0 0 2 lo
fe80::/128 * U 0 0 2 lo
fe80::/128 * U 0 0 2 lo
fe80::213:72ff:fefd:1d5e/128 * U 0 1029 1 lo
fe80::213:72ff:fefd:1d5f/128 * U 0 0 1 lo
fe80::4428:200:17:2/128 * U 0 0 1 lo
ff00::/8 * U 256 0 0 eth0
ff00::/8 * U 256 0 0 eth1
ff00::/8 * U 256 0 0 sixxs
Can ping ipv6, but can't access http
Shadow Hawkins on Thursday, 23 July 2009 07:11:32
Running wireshark on my Windows XP box I get a "Code: 1 (Administratively prohibited)" ICMP packet after it tries to access TCP.
I've searched for this on Google, but am yet to find anything definitive.
Can ping ipv6, but can't access http
Shadow Hawkins on Thursday, 23 July 2009 07:28:58
A "ip6tables -F" sorted it out
Thanks everyone for the help.
Can ping ipv6, but can't access http
Shadow Hawkins on Thursday, 23 July 2009 19:36:20
ip6tables -F got rid of all your ipv6 firewall rules, and depending on your setup the rules might return at next restart. So you might want to check into the firewall setup. ip6tables is the direct way, but there may or may not be a frontend for it running like Shorewall, for example.
As far as the rules you had, the INPUT and FORWARD chains jump to the RH-Firewall-1-INPUT chain which specifically allows icmpv6 (ACCEPT ipv6-icmp anywhere anywhere) but rejects traffic that doesn't match the other rules with (REJECT all anywhere anywhere reject-with icmp6-adm-prohibited). However I'm confused because the rule at the top of that chain "ACCEPT all anywhere anywhere" should let everything through and make the rest of the chain meaningless.
Can ping ipv6, but can't access http
Shadow Hawkins on Tuesday, 18 August 2009 22:46:38
I have the same problem, but i don't understand what you mean with tunnel box. Where can I find it?
Posting is only allowed when you are logged in. |