SixXS::Sunset 2017-06-06

linux ipv6 routing n00b problem
[at] Shadow Hawkins on Tuesday, 03 February 2009 12:43:06
fprintf(forum, "hello!\n")); i got ip 2001:15c0:65ff:204::2/64 subnet 2001:15c0:66e4::/48 pop simbx01 1 router/firewall (linux, gentoo) several machines on the local network (mostly linux, gentoo) aiccu is working on the firewall. i got the right ip, can ping6 and curl ipv6.google.com. i configured radvd (i tried with dhcpv6 too, which i would prefer later) on the server and restarted the nic on my main workstation. and got an error because i entered prefix 2001:15c0:66e4::/64 in radvd.conf. according to this i changed the prefix length to 64. now a valid ipv6 address is assigned to the workstation, 2001:15c0:66e4:0:2e0:81ff:feb0:83fa/64. unfortunately i cannot ping6 my firewall, i think because of a missing wrong ipv6 route. here is the output of route -A inet6
Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If ::1/128 :: Un 0 1 5 lo 2001:15c0:66e4:0:2e0:81ff:feb0:83fa/128 :: Un 0 1 0 lo 2001:15c0:66e4::/64 :: UAe 256 0 115 eth0 fe80::250:56ff:fec0:1/128 :: Un 0 1 0 lo fe80::250:56ff:fec0:8/128 :: Un 0 1 0 lo fe80::2e0:81ff:feb0:83fa/128 :: Un 0 1 2 lo fe80::/64 :: U 256 0 0 vmnet1 fe80::/64 :: U 256 0 0 vmnet8 fe80::/64 :: U 256 0 0 eth0 ff00::/8 :: U 256 0 0 vmnet1 ff00::/8 :: U 256 0 0 vmnet8 ff00::/8 :: U 256 0 0 eth0 ::/0 fe80::200:d1ff:feed:dafa UGDAe 1024 0 10 eth0 ::/0 :: !n -1 1 1 lo
unfortunately i am unable to add or remove ipv6 routes for some reason.
seaburg ~ # route -A inet6 del ::/0 eth0 SIOCDELRT: No such process seaburg ~ # route -A inet6 del ::/0 dev eth0 SIOCDELRT: No such process seaburg ~ # route -A inet6 del ::/0 gw fe80::200:d1ff:feed:dafa SIOCDELRT: No such process seaburg ~ # route -A inet6 add ::/0 gw 2001:15c0:65ff:204::2 SIOCADDRT: No route to host seaburg ~ #
what am i doing wrong? thanks in advance for the help.
linux ipv6 routing n00b problem
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 February 2009 13:20:21
First of all use the 'ip' command from the iproute package, that one is much more flexible than the old 'route' commands. Thus use eg 'ip -6 ro sho'. The output looks sane though, you will need to most likely fix your 'firewall' now. The commands you are trying don't make sense:
seaburg ~ # route -A inet6 del ::/0 eth0
SIOCDELRT: No such process
seaburg ~ # route -A inet6 del ::/0 dev eth0
SIOCDELRT: No such process
The default is pointing to lo, because that is where it always points to.
seaburg ~ # route -A inet6 del ::/0 gw fe80::200:d1ff:feed:dafa
SIOCDELRT: No such process
The other default points to a link-local, which is most likely the address of your firewall. This default is inserted by the RA that you configured.
seaburg ~ # route -A inet6 add ::/0 gw 2001:15c0:65ff:204::2
SIOCADDRT: No route to host
And lastly, no, you can't route to your tunnelendpoint, as that is on another interface and subnet and not directly connected to your workstation. You should probably try a traceroute6 to see where packets end up. Most likely though you will just have to execute a 'ip -6 addr add 2001:15c0:66e4::1/64 dev NIC' (where NIC is the interface you have the prefix on) on your firewall so that it gets an address out of the /64.
linux ipv6 routing n00b problem
[at] Shadow Hawkins on Tuesday, 03 February 2009 13:59:29
thank you for your answer. to what interface should i assign that ipv6 address? i do not get it yet. i have:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:00:d1:ed:da:f9 brd ff:ff:ff:ff:ff:ff inet 172.17.118.95/24 brd 172.17.118.255 scope global eth0 inet6 2001:15c0:66e4::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::200:d1ff:feed:daf9/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:00:d1:ed:da:fa brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1 inet6 fe80::200:d1ff:feed:dafa/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:00:d1:ed:da:fb brd ff:ff:ff:ff:ff:ff 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:00:d1:ed:da:fc brd ff:ff:ff:ff:ff:ff 6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN link/ether aa:67:cb:b8:1d:a8 brd ff:ff:ff:ff:ff:ff 7: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100 link/void 8: sit0: <NOARP> mtu 1480 qdisc noop state DOWN link/sit 0.0.0.0 brd 0.0.0.0 9: ip6tnl0: <NOARP> mtu 1460 qdisc noop state DOWN link/tunnel6 :: brd :: 10: wmaster0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ieee802.11 00:04:e2:80:ee:66 brd ff:ff:ff:ff:ff:ff 11: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:04:e2:80:ee:66 brd ff:ff:ff:ff:ff:ff 12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3 link/ppp inet 83.65.26.208 peer 172.25.46.23/32 scope global ppp0 13: sixxs: <NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN link/sit 0.0.0.0 brd 0.0.0.0 inet6 2001:15c0:65ff:204::2/64 scope global valid_lft forever preferred_lft forever inet6 ::83.65.26.208/96 scope global valid_lft forever preferred_lft forever inet6 ::192.168.0.1/96 scope global valid_lft forever preferred_lft forever inet6 ::172.17.118.95/96 scope global valid_lft forever preferred_lft forever inet6 ::127.0.0.1/96 scope host valid_lft forever preferred_lft forever
linux ipv6 routing n00b problem
[at] Shadow Hawkins on Tuesday, 03 February 2009 14:29:14
never mind. i figured it out. i just assigned 2001:15c0:66e4::1/64 to the local network nic of the firewall. now it works. 8D thanks for the help!

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker