Adding IPv6 subnet to aiccu
Shadow Hawkins on Friday, 02 September 2011 21:21:00
Welcome
I have a problem with adding IPv6 to the interface sixxs
I'm using aiccu
Adds an IP in the following way
ifconfig sixxs inet6 add 2001:6a0:30b::aa:19/48
Well, unfortunately I can not ping it. Maybe someone hint how to properly add IPv6 addresses?
Yours
Adding IPv6 subnet to aiccu
Jeroen Massar on Friday, 02 September 2011 22:36:20
The subnet belongs in chunks of /64 on an interface which gives connectivity to other hosts.
See the faq for more details.
Adding IPv6 subnet to aiccu
Shadow Hawkins on Friday, 02 September 2011 23:25:45
I used the command
ifconfig sixxs inet6 add 2001:6a0:30b::102/64
Unfortunately still does not respond to an IP ping my computer
xyyyy@kxxxx:~$ ping6 2001:6a0:30b::102 -w 10
PING 2001:6a0:30b::102(2001:6a0:30b::102) 56 data bytes
--- 2001:6a0:30b::102 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9072ms
Adding IPv6 subnet to aiccu
Jeroen Massar on Saturday, 03 September 2011 12:05:39
The "sixxs" interface most very likely is your tunnel interface, there is already a /64 from the tunnel on it. You need to configure a subnet on a different interface, eg eth0/eth1 etc, to give it connectivity to other hosts.
That said, if you want anybody to lok at what the problem might be, you will want to provide all the proper details that are there, thus output of interfaces, routing tables etc.
What are you actually trying to accomplish anyway, most people who want to configure a subnet simply use Router Advertisements or DHCPv6 and do not pick random IPv6 addresses.
Adding IPv6 subnet to aiccu
Shadow Hawkins on Saturday, 03 September 2011 19:19:50
I did this
I added IP 2001:6 a0: 30b: faba:: 2 to eth0
I used the script
#! / Bin / sh
# Switch on in the kernel forwarding
echo 1> / proc/sys/net/ipv4/ip_forward
echo 1> / proc/sys/net/ipv6/conf/all/forwarding
# Cleaning old rules
iptables-F
iptables-X
iptables-t nat-X
iptables-t nat-F
# Setting the policy actions
iptables-P INPUT DROP
iptables-P FORWARD DROP
iptables-P OUTPUT ACCEPT
# Permission nna Connecting to our outer ip after ssh
iptables-A INPUT-i lo-j ACCEPT
iptables-A FORWARD-o lo-j ACCEPT
iptables-A INPUT-i eth0-j ACCEPT
iptables-A FORWARD-o eth0-j ACCEPT
iptables-A INPUT-i wlan0-j ACCEPT
iptables-A FORWARD-o wlan0-j ACCEPT
iptables-A INPUT-j ACCEPT-sixxs
iptables-A FORWARD-o sixxs-j ACCEPT
# Connections established with
iptables-A INPUT-j ACCEPT-m state - state ESTABLISHED, RELATED
iptables-A FORWARD-j ACCEPT-m state - state ESTABLISHED, RELATED
iptables-A INPUT-j ACCEPT-m state - state ESTABLISHED, RELATED
# Internet sharing on a local network
iptables-t nat-A POSTROUTING-s 10.2.1.0/24-j MASQUERADE
iptables-A FORWARD-s 10.2.1.0/24-j ACCEPT
# Ip6tables-t nat-A POSTROUTING-s 2001:6 a0: 30b:: / 48-j MASQUERADE
# Ip6tables-A FORWARD-s 2001:6 a0: 30b:: / 48-j ACCEPT
ip6tables-X
ip6tables-F
ip6tables-P INPUT DROP
ip6tables-P OUTPUT ACCEPT
ip6tables-P FORWARD DROP
# Ip6tables-A INPUT-i lo-j ACCEPT
# Ip6tables-A OUTPUT-o lo-j ACCEPT
ip6tables-A INPUT-m rt - rt-type 0-j DROP
ip6tables-A INPUT-p tcp-m state - state ESTABLISHED, RELATED-j ACCEPT
ip6tables-A INPUT-p ICMPv6-m state - state ESTABLISHED, RELATED-j ACCEPT
ip6tables-A INPUT-p ICMPv6 - ICMPv6-type echo-request-j ACCEPT
ip6tables-A INPUT-p ICMPv6 - ICMPv6-type echo-reply-j ACCEPT
ip6tables-A INPUT-p ICMPv6 - ICMPv6-type router-advertisement-j ACCEPT
ip6tables-A INPUT-p ICMPv6 - ICMPv6-type router-solicitation-j ACCEPT
ip6tables-A INPUT-p ICMPv6 - ICMPv6-type neighbor-advertisement-j ACCEPT
ip6tables-A INPUT-p ICMPv6 - ICMPv6-type neighbor-solicitation-j ACCEPT
# Enabling SSH
ip6tables-A INPUT-p tcp - dport 22-j ACCEPT
ip6tables-A INPUT-p tcp - dport 80-j ACCEPT
ip6tables-A FORWARD-i lo-j ACCEPT
ip6tables-A FORWARD-o lo-j ACCEPT
ip6tables-A FORWARD-i eth0-j ACCEPT
ip6tables-A FORWARD-o eth0-j ACCEPT
ip6tables-A FORWARD-i wlan0-j ACCEPT
ip6tables-A FORWARD-o wlan0-j ACCEPT
ip6tables-A FORWARD-i-j ACCEPT sixxs
ip6tables-A FORWARD-o sixxs-j ACCEPT
ip6tables-A FORWARD-m rt - rt-type 0-j DROP
ip6tables-A FORWARD-m state - state ESTABLISHED, RELATED-j ACCEPT
ip6tables-A FORWARD-p ICMPv6 - ICMPv6-type echo-request-j ACCEPT
ip6tables-A FORWARD-p ICMPv6 - ICMPv6-type echo-reply-j ACCEPT
ip6tables-I FORWARD-i wlan0-m mac - mac-source 74: f0: 6d: 77: ce: da-j ACCEPT
ip6tables-I FORWARD-i eth0-m mac - mac-source 20: cf: 30:1 a: 0d: 69-j ACCEPT
then at the end I added
route-A inet6 add:: / 0 dev sixxs
Well, Windows gets an IP from the MAC, but I can not ping google when IPv6 gets an error because
C: \ Users \ Przemyslaw> ping ipv6.google.com
Study ipv6.l.google.com [2a00: 1450:8007:: 63] with 32 bytes of data:
The destination port is unreachable.
The destination port is unreachable.
The destination port is unreachable.
The destination port is unreachable.
Ping statistics for 2a00: 1450:8007:: 63:
Packets: Sent = 4, Received = 0, Lost = 4
(100% loss),
C: \ Users \ Przemyslaw> ping sixxs.net
Study sixxs.net [2001:838:2:1:: 30:67] with 32 bytes of data:
The destination port is unreachable.
The destination port is unreachable.
The destination port is unreachable.
The destination port is unreachable.
Ping statistics for 2001:838:2:1:: 30:67:
Packets: Sent = 4, Received = 0, Lost = 4
(100% loss),
C: \ Users \ Przemyslaw>
Well, still not working;)
Adding IPv6 subnet to aiccu
Jeroen Massar on Sunday, 04 September 2011 08:22:42
You might want to consider looking at the running configuration, and of course first try to get everything working without adding firewalls to the complication.
The 'destination port is unreachable' obviously indicates that there is a firewall blocking connections to those ports.
Adding IPv6 subnet to aiccu
Shadow Hawkins on Sunday, 04 September 2011 12:02:38
At the present day I have enough of this configuration, only what I had done it only computers on the LAN "see" after IPv6, unfortunately one can not connect to the network via IPv6. Even though IP addresses assigned to them can not ping from the outside. Well then, thanks for your help.
Yours Przemyslaw
Adding IPv6 subnet to aiccu
Shadow Hawkins on Sunday, 04 September 2011 12:14:57
I used a firewall
#!/bin/bash
iptables -F
iptables -X
iptables -A INPUT -i wlan0 -j ACCEPT
iptables -A FORWARD -o wlan0 -j ACCEPT
#ip6tables -P INPUT DROP
#ip6tables -P OUTPUT ACCEPT
#ip6tables -P FORWARD DROP
### ipv6
# INPUT
ip6tables -F INPUT
ip6tables -P INPUT DROP
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i eth0 -j ACCEPT
ip6tables -A INPUT -i wlan0 -j ACCEPT
ip6tables -A INPUT -m rt --rt-type 0 -j DROP
ip6tables -A INPUT -i sixxs --dest 2001:6a0:30b:ab::/64 -j DROP
ip6tables -A INPUT -i sixxs --src 2001:6a0:30b::/48 -j DROP
ip6tables -A INPUT -i sixxs -s fe80::/10 -j ACCEPT
ip6tables -A INPUT -i sixxs -s ff00::/8 -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request --match limit --limit 30/minute -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type neighbour-advertisement -j ACCEPT
ip6tables -A INPUT -i wlan0 -p icmpv6 --icmpv6-type neighbour-solicitation -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
ip6tables -A INPUT -p tcp --dport 1080 -j REJECT --reject-with tcp-reset
ip6tables -A INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset
#uslugi udostepnione na routerze
ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
#ip6tables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
ip6tables -A INPUT -p tcp -i sixxs --dport 53 -j ACCEPT
ip6tables -A INPUT -p tcp -i sixxs --dport 547 -j ACCEPT
#//////////////////////////////////////////////////////////////////////////////////////
#\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
# FORWARD
ip6tables -F FORWARD
ip6tables -P FORWARD DROP
ip6tables -A FORWARD -m rt --rt-type 0 -j DROP
ip6tables -A FORWARD -i sixxs --src 2001:6a0:30b::/48 -j DROP
ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-request --match limit --limit 60/minute -j ACCEPT
ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
ip6tables -A FORWARD -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
ip6tables -A FORWARD -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
ip6tables -A FORWARD -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -p tcp --dport 113 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -p tcp --dport 1080 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -p tcp --dport 22 -m state --state NEW -j ACCEPT
#redulki puszczajace ruch z lan do sieci - blokada uslug w lan
#ip6tables -A FORWARD -i sixxs -j ACCEPT
#ip6tables -I FORWARD -i eth0 -m mac --mac-source 00:1D:7E:BD:1A:23 -j ACCEPT
ip6tables -I FORWARD -i wlan0 -m mac --mac-source 74:f0:6d:77:ce:da -j ACCEPT
and still does not work
Adding IPv6 subnet to aiccu
Shadow Hawkins on Sunday, 04 September 2011 12:16:26
How can you tell what I look for in google, or give a link to the FAQ?
Posting is only allowed when you are logged in. |