SixXS::Sunset 2017-06-06

Loss.
[gb] Shadow Hawkins on Wednesday, 18 October 2006 10:25:29
hello, ive just set up a ipv6 tunnel from a linksys router and all looks fine i had a few problems with nat but thats all fixed now and my tunnel looks stable. the problem is why on the website am i showing over 50% loss sometimes its near 70% loss. when i try to ping the pop via ipv6 i get 14~20ms and 0% loss why from the pop to me is it reporting loss ? am i being very sill and forgetting something ? hope you can help
Loss.
[de] Shadow Hawkins on Wednesday, 18 October 2006 11:14:07
I have the same problem. Last Alive 2006-10-18 11:08:40 Last Dead 2006-10-17 20:08:52 State Heartbeat (automatically enabled on the fly) Text is showing, that i'm alive, but the graphics are showing 75% loss and peaks about my ping. Sometimes 0ms 100% loss, sometimes 40ms and 75% loss. Is there something not working?
Loss.
[gb] Shadow Hawkins on Wednesday, 18 October 2006 16:01:00
ah, i have allowed icmp into my router and added them to my QOS setup so they get priority. this seems to have helped a lot still getting around 50-80ms ping times from pop to me but from me to pop is only 14~20ms.. oh well thats just crazy .. might look into it more another time.
Loss.
[nl] Carmen Sandiego on Wednesday, 18 October 2006 19:15:14
What happens when you ping6 something for a couple of hours? If this is the same as I'm experiencing, the ping traffic will reduce the measured packet loss to 0% or thereabouts.
Loss.
[de] Shadow Hawkins on Thursday, 19 October 2006 14:31:39
hmm ok i run in a screen seesion now a ping6 to www.ipv6.org and oh wonder, the graphs of sixxs are correct now....
Loss.
[ch] Jeroen Massar SixXS Staff on Thursday, 19 October 2006 18:09:24
You could also have read the FAQ which describes exactly this problem. No state in your NAT/conntracking thing, no packets coming in anymore.
Loss.
[nl] Carmen Sandiego on Thursday, 19 October 2006 18:51:53
In my case, that FAQ doesn't apply. The FAQ describes how to set up a Linux or BSD router, while I have a hardware router (Linksys WRT54G). The tunnel endpoint is set up as the DMZ host, which would disable any connection tracking.
Loss.
[ch] Jeroen Massar SixXS Staff on Thursday, 19 October 2006 19:05:47
A Linksys WRTG54G runs Linux (or newer ones VxWorks), both though have the problem of keeping state. Note that it is not a router but a NAT box. Solution: configure that NAT box or remove it from your network setup. The second option is mostly not done. The first option is easy though, upgrading it to dd-wrt or openwrt will allow you to fix this as then you have access to the Linux running inside it. Another solution that will work: using AYIYA, as that has a builtin heartbeat mechanism that causes the state to be updated and thus kept.
The tunnel endpoint is set up as the DMZ host, which would disable any connection tracking.
It should but it doesn't. When the box is acting as a NAT it will track *everything* unless specifically told not to do that. And of course above all the best solution: Upgrade the linksys to dd-wrt or openwrt and terminate the IPv6 tunnel on the router (now it becomes a router as it will route IPv6, for IPv4 it is still only a silly NAT box)
Loss.
[de] Shadow Hawkins on Monday, 06 November 2006 13:59:00
i'm very sorry, but i still have problems... :( my firewall rules are looking like this (openwrt box):
WAN=$(nvram get wan_ifname) LAN=$(nvram get lan_ifname) ## CLEAR TABLES for T in filter nat; do iptables -t $T -F iptables -t $T -X done iptables -N input_rule iptables -N output_rule iptables -N forwarding_rule iptables -t nat -N prerouting_rule iptables -t nat -N postrouting_rule ### INPUT ### (connections with the router as destination) # base case iptables -P INPUT DROP iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP iptables -A INPUT -p 41 -i $WAN -j ACCEPT # # insert accept rule or to jump to new accept-check table here # iptables -A INPUT -j input_rule # allow iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces iptables -A INPUT -p icmp -j ACCEPT # allow ICMP iptables -A INPUT -p gre -j ACCEPT # allow GRE # reject (what to do with anything not allowed earlier) iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable ### OUTPUT ### (connections with the router as source) # base case iptables -P OUTPUT DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # # insert accept rule or to jump to new accept-check table here # iptables -A OUTPUT -j output_rule # allow iptables -A OUTPUT -j ACCEPT #allow everything out # reject (what to do with anything not allowed earlier) iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable ### FORWARDING ### (connections routed through the router) # base case iptables -P FORWARD DROP iptables -A FORWARD -m state --state INVALID -j DROP iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # # insert accept rule or to jump to new accept-check table here # iptables -A FORWARD -j forwarding_rule # allow iptables -A FORWARD -i br0 -o br0 -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT # reject (what to do with anything not allowed earlier) # uses the default -P DROP ### MASQ iptables -t nat -A PREROUTING -j prerouting_rule iptables -t nat -A POSTROUTING -j postrouting_rule iptables -t nat -A POSTROUTING --protocol \! 41 -o $WAN -j MASQUERADE

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker