|
Problems routing proto 41 through DD-WRT to Gentoo box
![[de]](/s/countries/de.gif) Carmen Sandiego on Sunday, 08 August 2010 19:29:24
Hi,
I'm trying to setup a heartbeat-tunnel on a Gentoo Linux box which is behind a DSL-router running DD-WRT v24-sp2 std.
The DD-WRT is connected using IPv4 only and is forwarding some ports to the Gentoo box.
I've added the following lines as "Firewall Commands" in DD-WRT:
iptables -t nat -I PREROUTING 1 -p 41 -j DNAT --to 192.168.14.10
iptables -t filter -I FORWARD 1 -p 41 -d 192.168.14.10 -j ACCEPT
(192.168.14.10 is the Gentoo box, the DD-WRT is 192.168.14.1)
When running aiccu test on the Gentoo box, it works just up to...
(6/8) Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (xxx::1)
...which does not work.
Using tcpdump I see...
19:25:54.964373 IP 192.168.14.10 > 78.35.24.124: IP6 xxx::2 > xxx::1: ICMP6, echo request, seq 1, length 64
19:25:54.965053 IP 192.168.14.1 > 192.168.14.10: IP6 xxx::2 > xxx::1: ICMP6, echo request, seq 1, length 64
19:25:54.965125 IP 192.168.14.10 > 192.168.14.1: ICMP 192.168.14.10 protocol 41 port 0 unreachable, length 132
19:25:54.965476 IP 78.35.24.124 > 192.168.14.10: ICMP 78.35.24.124 protocol 41 port 0 unreachable, length 132
It seems to me that the proto 41-forwarding does not work...
And ideas how I can get to work?
Thanks a lot!
Regards,
Christina
Problems routing proto 41 through DD-WRT to Gentoo box
19:25:54.965125 IP 192.168.14.10 > 192.168.14.1: ICMP 192.168.14.10 protocol 41 port 0 unreachable, length 132
According to that the proto-41 tunnel is between 192.168.14.1 and 192.168.14.10. If 192.168.14.1 is your WRT box I can only assume that your NAT is not properly setup. Do also check that the 'local' and 'remote' portions of your tunnel are correct on the Gentoo box.
19:25:54.965476 IP 78.35.24.124 > 192.168.14.10: ICMP 78.35.24.124 protocol 41 port 0 unreachable, length 132
That indicates that you did not send a proper heartbeat packet to the PoP.
You could of course just terminate the tunnel onthe WRT box...
Problems routing proto 41 through DD-WRT to Gentoo box
Carmen Sandiego on Sunday, 08 August 2010 20:31:47
Hi,
Yes, 192.168.14.1 (WRT) should forward proto 41 to 192.168.14.10 (Linux box).
I agree that this forwarding seems to be broken... But how to fix it?
"aiccu test" runs e.g. "(5/8) Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:xxx::2)" correctly.
What information is neccessary to search for the solution?
The Linux box has no iptables rules (IPv4) set up.
Thanks a lot!
Christina
Problems routing proto 41 through DD-WRT to Gentoo box
Carmen Sandiego on Monday, 09 August 2010 18:35:44
Hi,
After asking Mrs. Google and looking through some more newsgroups I changed the firewall commands on the WRT-box to:
iptables -t nat -A PREROUTING -i ppp0 -p 41 -j DNAT --to 192.168.14.10
iptables -t filter -A FORWARD -i ppp0 -p 41 -d 192.168.14.10 -j ACCEPT
and all "ping" steps of "aiccu test" work...
(The difference seems to be the "-i ppp0" in both lines)
So my case seems to be closed now.
Thank you!
Regards,
Christina
|
![[ch]](/s/countries/ch.gif)
on Sunday, 08 August 2010 19:46:02
Posting is only allowed when you are