Using AICCU/Linux - Can't ping6 POP (or anything else on the internet)
Shadow Hawkins on Sunday, 19 October 2008 01:15:39
First a statement: I've gotten freenet6 up & running before; I realize that SixXS is not the same thing, but I am able to use freenet6 (if that helps with any firewall rules, etc.)
My tunnel is setup to use heartbeat.
The machine using aiccu is also the host that acts as the NAT machine; however I'm not sure which side of the NAT the IPv6-in-IPv4 "device" created by AICCU is on.
Wireshark shows only outbound packets from the aiccu interface.
Here's what I'm seeing:
# aiccu autotest
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (66.134.182.32)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 66.134.182.32 (66.134.182.32) 56(84) bytes of data.
64 bytes from 66.134.182.32: icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from 66.134.182.32: icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from 66.134.182.32: icmp_seq=3 ttl=64 time=0.056 ms
--- 66.134.182.32 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.044/0.054/0.064/0.011 ms
######
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (209.197.4.66)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 209.197.4.66 (209.197.4.66) 56(84) bytes of data.
64 bytes from 209.197.4.66: icmp_seq=1 ttl=51 time=88.0 ms
64 bytes from 209.197.4.66: icmp_seq=2 ttl=51 time=88.3 ms
64 bytes from 209.197.4.66: icmp_seq=3 ttl=51 time=88.1 ms
--- 209.197.4.66 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 88.007/88.150/88.310/0.364 ms
######
####### [3/8] Traceroute to the PoP (209.197.4.66) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 209.197.4.66 (209.197.4.66), 30 hops max, 60 byte packets
1 h-66-134-182-1.dnvtco56.dynamic.covad.net (66.134.182.1) 38.114 ms 41.248 ms 46.618 ms
2 192.168.37.101 (192.168.37.101) 49.545 ms 52.476 ms 55.405 ms
3 ge-6-21.car1.Denver1.Level3.net (63.211.250.49) 58.829 ms 61.523 ms 64.952 ms
4 ae-31-53.ebr1.Denver1.Level3.net (4.68.107.94) 69.357 ms 70.824 ms 87.586 ms
5 ae-2.ebr2.Dallas1.Level3.net (4.69.132.106) 103.305 ms 103.753 ms 104.088 ms
6 ae-72-72.csw2.Dallas1.Level3.net (4.69.136.142) 114.318 ms ae-82-82.csw3.Dallas1.Level3.net (4.69.136.146) 79.204 ms ae-92-92.csw4.Dallas1.Level3.net (4.69.136.150) 70.259 ms
7 ae-61-61.ebr1.Dallas1.Level3.net (4.69.136.121) 66.335 ms 55.107 ms ae-81-81.ebr1.Dallas1.Level3.net (4.69.136.129) 57.000 ms
8 ae-8-8.car1.Phoenix1.Level3.net (4.69.133.29) 80.145 ms 83.564 ms 85.990 ms
9 ae-11-11.car2.Phoenix1.Level3.net (4.69.133.34) 89.667 ms 93.930 ms 96.780 ms
10 HIGHWINDS-N.car2.Phoenix1.Level3.net (4.79.164.30) 109.574 ms 109.777 ms 110.248 ms
11 2-1.r1.la.hwng.net (69.16.191.37) 120.345 ms 123.019 ms 126.205 ms
12 209.197.4.66 (209.197.4.66) 129.873 ms 133.301 ms 135.906 ms
######
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.036 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.034 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.030/0.033/0.036/0.005 ms
######
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:1938:82:3::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2001:1938:82:3::2(2001:1938:82:3::2) 56 data bytes
64 bytes from 2001:1938:82:3::2: icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from 2001:1938:82:3::2: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 2001:1938:82:3::2: icmp_seq=3 ttl=64 time=0.055 ms
--- 2001:1938:82:3::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.034/0.047/0.055/0.012 ms
######
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:1938:82:3::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
PING 2001:1938:82:3::1(2001:1938:82:3::1) 56 data bytes
--- 2001:1938:82:3::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2011ms
######
###### [7/8] Traceroute6 to the central SixXS machine (noc.sixxs.net)
### This confirms that you can reach the central machine of SixXS
### If that one is reachable you should be able to reach most IPv6 destinations
### Also check http://www.sixxs.net/ipv6calc/ which should show an IPv6 connection
### If your browser supports IPv6 and uses it of course.
traceroute to noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) from 2001:1938:82:3::2, 30 hops max, 24 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
######
###### [8/8] Traceroute6 to (www.kame.net)
### This confirms that you can reach a Japanese IPv6 destination
### If that one is reachable you should be able to reach most IPv6 destinations
### You should also check http://www.kame.net which should display
### a animated kame (turtle), of course only when your browser supports and uses IPv6
traceroute to www.kame.net (2001:200:0:8002:203:47ff:fea5:3085) from 2001:1938:82:3::2, 30 hops max, 24 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
######
###### ACCU Quick Connectivity Test (done)
I have a number of devices:
eth0 (connects do the DSL modem), link-local IPv6 address
eth1 (connects to the 'home' network), link-local IPv6 address
ppp0 (PPPoE connection from ISP) (no IPv6 address)
lo
sixxs (IPv6-in-IPv4) (global IPv6 address)
My routing table:
# route -n --inet6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:5c0:98b3::/48 :: !n 1 0 0 lo
2001:1938:82:3::/64 :: Un 256 0 6 sixxs
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: Un 256 0 0 sixxs
::/0 2001:1938:82:3::1 UG 1024 0 37 sixxs
::/0 :: !n -1 1 479 lo
::1/128 :: Un 0 1 43 lo
2001:1938:82:3::/128 :: Un 0 1 0 lo
2001:1938:82:3::2/128 :: Un 0 1 7 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::4286:b620/128 :: Un 0 1 0 lo
fe80::c0a8:1/128 :: Un 0 1 0 lo
fe80::c0a8:101/128 :: Un 0 1 0 lo
fe80::204:75ff:feac:c16f/128 :: Un 0 1 0 lo
fe80::21d:7dff:fee9:b70/128 :: Un 0 1 53 lo
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 sixxs
::/0 :: !n -1 1 479 lo
And finally, my IP6tables:
# ip6tables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere
ipv6input all anywhere anywhere
ipv6input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ipv6input all anywhere anywhere
ipv6input all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain ipv6dump (0 references)
target prot opt source destination
Chain ipv6input (4 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp anywhere anywhere state NEW tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN
REJECT all anywhere anywhere reject-with icmp6-adm-prohibited
ACCEPT all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp anywhere anywhere state NEW tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN
REJECT all anywhere anywhere reject-with icmp6-adm-prohibited
Using AICCU/Linux - Can't ping6 POP (or anything else on the internet)
Shadow Hawkins on Tuesday, 18 November 2008 10:53:44
Hello Troy,
I realise that this is a bit of an old posting, has it ever been resolved?
If not, can you post your /etc/aiccu.conf (without the password, of course) and the output of "ifconfig sixxs" ?
It looks as if your tunnel is just not active.
Regards,
Frank
Posting is only allowed when you are logged in. |