static tunnel - I can't ping POP ipv6
Shadow Hawkins on Tuesday, 12 December 2006 17:18:44
Hello,
I have one tunnel (with subnet) at home.
I would like to setup another tunnel at work (in different location). I requested a new tunnel to new IP, tunnel was enabled, but I can't ping POP over IPv6 (tunnel was enabled over 36 hours ago); I can ping POP over IPv4.
At home (exactly the same script, with IPs changed) tunnel is working correctly.
At work - it don't.
Can anyone tell me any suggestions?
tcpdump output for sixxs interface:
21:25:29.004422 IP6 cl-177.mbx-01.si.sixxs.net > gw-177.mbx-01.si.sixxs.net: ICMP6, echo request, seq 1, length 64
21:25:30.004348 IP6 cl-177.mbx-01.si.sixxs.net > gw-177.mbx-01.si.sixxs.net: ICMP6, echo request, seq 2, length 64
21:25:31.004279 IP6 cl-177.mbx-01.si.sixxs.net > gw-177.mbx-01.si.sixxs.net: ICMP6, echo request, seq 3, length 64
21:25:32.004204 IP6 cl-177.mbx-01.si.sixxs.net > gw-177.mbx-01.si.sixxs.net: ICMP6, echo request, seq 4, length 64
Startup script:
TUNLIF="sixxs"
MYIPv4="193.178.XXX" // hidden
XSIPv4="212.18.63.73"
MYIPv6="2001:15c0:65ff:b0::2/64"
iptunnel add $TUNLIF mode sit local $MYIPv4 remote $XSIPv4 ttl 64
ifconfig $TUNLIF up
route -A inet6 add 2000::/3 dev $TUNLIF
ifconfig $TUNLIF add $MYIPv6
routing:
# route -A inet6 | grep sixxs
2001:15c0:65ff:b0::/64 :: U 256 11 0 sixxs
2000::/3 :: U 1 0 0 sixxs
fe80::/64 :: U 256 0 0 sixxs
ff00::/8 :: U 256 0 0 sixxs
PS: I do not block ICMP packets, kernel is exactly the same on both machines with the same kernel version (2.6.18).
static tunnel - I can't ping POP ipv6
Jeroen Massar on Tuesday, 12 December 2006 17:50:42
But the big question is does the network between you and the PoP maybe block them. Inbound or outbound of course.
static tunnel - I can't ping POP ipv6
Shadow Hawkins on Wednesday, 13 December 2006 23:04:44
Oh god... You are right! Outbound connection (proto41) was blocked, but icmp packets were passed.
If anyone will have simillar problems, you should pass throw firewall (iptables) ipv6 protocol (NOT ipv6 throw ip6tables!).
Once more - thanks a lot :)
Posting is only allowed when you are logged in. |