SixXS::Sunset 2017-06-06

Adding IPv6 subnet to aiccu
[pl] Shadow Hawkins on Friday, 02 September 2011 21:21:00
Welcome I have a problem with adding IPv6 to the interface sixxs I'm using aiccu Adds an IP in the following way
ifconfig sixxs inet6 add 2001:6a0:30b::aa:19/48
Well, unfortunately I can not ping it. Maybe someone hint how to properly add IPv6 addresses? Yours
Adding IPv6 subnet to aiccu
[ch] Jeroen Massar SixXS Staff on Friday, 02 September 2011 22:36:20
The subnet belongs in chunks of /64 on an interface which gives connectivity to other hosts. See the faq for more details.
Adding IPv6 subnet to aiccu
[pl] Shadow Hawkins on Friday, 02 September 2011 23:25:45
I used the command
ifconfig sixxs inet6 add 2001:6a0:30b::102/64
Unfortunately still does not respond to an IP ping my computer
xyyyy@kxxxx:~$ ping6 2001:6a0:30b::102 -w 10 PING 2001:6a0:30b::102(2001:6a0:30b::102) 56 data bytes --- 2001:6a0:30b::102 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 9072ms
Adding IPv6 subnet to aiccu
[ch] Jeroen Massar SixXS Staff on Saturday, 03 September 2011 12:05:39
The "sixxs" interface most very likely is your tunnel interface, there is already a /64 from the tunnel on it. You need to configure a subnet on a different interface, eg eth0/eth1 etc, to give it connectivity to other hosts. That said, if you want anybody to lok at what the problem might be, you will want to provide all the proper details that are there, thus output of interfaces, routing tables etc. What are you actually trying to accomplish anyway, most people who want to configure a subnet simply use Router Advertisements or DHCPv6 and do not pick random IPv6 addresses.
Adding IPv6 subnet to aiccu
[pl] Shadow Hawkins on Saturday, 03 September 2011 19:19:50
I did this I added IP 2001:6 a0: 30b: faba:: 2 to eth0 I used the script
#! / Bin / sh # Switch on in the kernel forwarding echo 1> / proc/sys/net/ipv4/ip_forward echo 1> / proc/sys/net/ipv6/conf/all/forwarding # Cleaning old rules iptables-F iptables-X iptables-t nat-X iptables-t nat-F # Setting the policy actions iptables-P INPUT DROP iptables-P FORWARD DROP iptables-P OUTPUT ACCEPT # Permission nna Connecting to our outer ip after ssh iptables-A INPUT-i lo-j ACCEPT iptables-A FORWARD-o lo-j ACCEPT iptables-A INPUT-i eth0-j ACCEPT iptables-A FORWARD-o eth0-j ACCEPT iptables-A INPUT-i wlan0-j ACCEPT iptables-A FORWARD-o wlan0-j ACCEPT iptables-A INPUT-j ACCEPT-sixxs iptables-A FORWARD-o sixxs-j ACCEPT # Connections established with iptables-A INPUT-j ACCEPT-m state - state ESTABLISHED, RELATED iptables-A FORWARD-j ACCEPT-m state - state ESTABLISHED, RELATED iptables-A INPUT-j ACCEPT-m state - state ESTABLISHED, RELATED # Internet sharing on a local network iptables-t nat-A POSTROUTING-s 10.2.1.0/24-j MASQUERADE iptables-A FORWARD-s 10.2.1.0/24-j ACCEPT # Ip6tables-t nat-A POSTROUTING-s 2001:6 a0: 30b:: / 48-j MASQUERADE # Ip6tables-A FORWARD-s 2001:6 a0: 30b:: / 48-j ACCEPT ip6tables-X ip6tables-F ip6tables-P INPUT DROP ip6tables-P OUTPUT ACCEPT ip6tables-P FORWARD DROP # Ip6tables-A INPUT-i lo-j ACCEPT # Ip6tables-A OUTPUT-o lo-j ACCEPT ip6tables-A INPUT-m rt - rt-type 0-j DROP ip6tables-A INPUT-p tcp-m state - state ESTABLISHED, RELATED-j ACCEPT ip6tables-A INPUT-p ICMPv6-m state - state ESTABLISHED, RELATED-j ACCEPT ip6tables-A INPUT-p ICMPv6 - ICMPv6-type echo-request-j ACCEPT ip6tables-A INPUT-p ICMPv6 - ICMPv6-type echo-reply-j ACCEPT ip6tables-A INPUT-p ICMPv6 - ICMPv6-type router-advertisement-j ACCEPT ip6tables-A INPUT-p ICMPv6 - ICMPv6-type router-solicitation-j ACCEPT ip6tables-A INPUT-p ICMPv6 - ICMPv6-type neighbor-advertisement-j ACCEPT ip6tables-A INPUT-p ICMPv6 - ICMPv6-type neighbor-solicitation-j ACCEPT # Enabling SSH ip6tables-A INPUT-p tcp - dport 22-j ACCEPT ip6tables-A INPUT-p tcp - dport 80-j ACCEPT ip6tables-A FORWARD-i lo-j ACCEPT ip6tables-A FORWARD-o lo-j ACCEPT ip6tables-A FORWARD-i eth0-j ACCEPT ip6tables-A FORWARD-o eth0-j ACCEPT ip6tables-A FORWARD-i wlan0-j ACCEPT ip6tables-A FORWARD-o wlan0-j ACCEPT ip6tables-A FORWARD-i-j ACCEPT sixxs ip6tables-A FORWARD-o sixxs-j ACCEPT ip6tables-A FORWARD-m rt - rt-type 0-j DROP ip6tables-A FORWARD-m state - state ESTABLISHED, RELATED-j ACCEPT ip6tables-A FORWARD-p ICMPv6 - ICMPv6-type echo-request-j ACCEPT ip6tables-A FORWARD-p ICMPv6 - ICMPv6-type echo-reply-j ACCEPT ip6tables-I FORWARD-i wlan0-m mac - mac-source 74: f0: 6d: 77: ce: da-j ACCEPT ip6tables-I FORWARD-i eth0-m mac - mac-source 20: cf: 30:1 a: 0d: 69-j ACCEPT
then at the end I added
route-A inet6 add:: / 0 dev sixxs
Well, Windows gets an IP from the MAC, but I can not ping google when IPv6 gets an error because
C: \ Users \ Przemyslaw> ping ipv6.google.com Study ipv6.l.google.com [2a00: 1450:8007:: 63] with 32 bytes of data: The destination port is unreachable. The destination port is unreachable. The destination port is unreachable. The destination port is unreachable. Ping statistics for 2a00: 1450:8007:: 63: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C: \ Users \ Przemyslaw> ping sixxs.net Study sixxs.net [2001:838:2:1:: 30:67] with 32 bytes of data: The destination port is unreachable. The destination port is unreachable. The destination port is unreachable. The destination port is unreachable. Ping statistics for 2001:838:2:1:: 30:67: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C: \ Users \ Przemyslaw>
Well, still not working;)
Adding IPv6 subnet to aiccu
[ch] Jeroen Massar SixXS Staff on Sunday, 04 September 2011 08:22:42
You might want to consider looking at the running configuration, and of course first try to get everything working without adding firewalls to the complication. The 'destination port is unreachable' obviously indicates that there is a firewall blocking connections to those ports.
Adding IPv6 subnet to aiccu
[pl] Shadow Hawkins on Sunday, 04 September 2011 12:02:38
At the present day I have enough of this configuration, only what I had done it only computers on the LAN "see" after IPv6, unfortunately one can not connect to the network via IPv6. Even though IP addresses assigned to them can not ping from the outside. Well then, thanks for your help. Yours Przemyslaw
Adding IPv6 subnet to aiccu
[pl] Shadow Hawkins on Sunday, 04 September 2011 12:14:57
I used a firewall #!/bin/bash iptables -F iptables -X iptables -A INPUT -i wlan0 -j ACCEPT iptables -A FORWARD -o wlan0 -j ACCEPT #ip6tables -P INPUT DROP #ip6tables -P OUTPUT ACCEPT #ip6tables -P FORWARD DROP ### ipv6 # INPUT ip6tables -F INPUT ip6tables -P INPUT DROP ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A INPUT -i eth0 -j ACCEPT ip6tables -A INPUT -i wlan0 -j ACCEPT ip6tables -A INPUT -m rt --rt-type 0 -j DROP ip6tables -A INPUT -i sixxs --dest 2001:6a0:30b:ab::/64 -j DROP ip6tables -A INPUT -i sixxs --src 2001:6a0:30b::/48 -j DROP ip6tables -A INPUT -i sixxs -s fe80::/10 -j ACCEPT ip6tables -A INPUT -i sixxs -s ff00::/8 -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request --match limit --limit 30/minute -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type neighbour-advertisement -j ACCEPT ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type neighbour-solicitation -j ACCEPT ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset ip6tables -A INPUT -p tcp --dport 1080 -j REJECT --reject-with tcp-reset ip6tables -A INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset #uslugi udostepnione na routerze ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT #ip6tables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ip6tables -A INPUT -p tcp -i sixxs --dport 53 -j ACCEPT ip6tables -A INPUT -p tcp -i sixxs --dport 547 -j ACCEPT #////////////////////////////////////////////////////////////////////////////////////// #\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ # FORWARD ip6tables -F FORWARD ip6tables -P FORWARD DROP ip6tables -A FORWARD -m rt --rt-type 0 -j DROP ip6tables -A FORWARD -i sixxs --src 2001:6a0:30b::/48 -j DROP ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-request --match limit --limit 60/minute -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-reply -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A FORWARD -p tcp --dport 113 -j REJECT --reject-with tcp-reset ip6tables -A FORWARD -p tcp --dport 1080 -j REJECT --reject-with tcp-reset ip6tables -A FORWARD -p tcp --dport 22 -m state --state NEW -j ACCEPT #redulki puszczajace ruch z lan do sieci - blokada uslug w lan #ip6tables -A FORWARD -i sixxs -j ACCEPT #ip6tables -I FORWARD -i eth0 -m mac --mac-source 00:1D:7E:BD:1A:23 -j ACCEPT ip6tables -I FORWARD -i wlan0 -m mac --mac-source 74:f0:6d:77:ce:da -j ACCEPT and still does not work
Adding IPv6 subnet to aiccu
[pl] Shadow Hawkins on Sunday, 04 September 2011 12:16:26
How can you tell what I look for in google, or give a link to the FAQ?

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker