linux ipv6 routing n00b problem
Shadow Hawkins on Tuesday, 03 February 2009 12:43:06
fprintf(forum, "hello!\n"));
i got
ip 2001:15c0:65ff:204::2/64
subnet 2001:15c0:66e4::/48
pop simbx01
1 router/firewall (linux, gentoo)
several machines on the local network (mostly linux, gentoo)
aiccu is working on the firewall. i got the right ip, can ping6 and curl ipv6.google.com.
i configured radvd (i tried with dhcpv6 too, which i would prefer later) on the server and restarted the nic on my main workstation. and got an error because i entered
prefix 2001:15c0:66e4::/64
in radvd.conf.
according to this i changed the prefix length to 64.
now a valid ipv6 address is assigned to the workstation, 2001:15c0:66e4:0:2e0:81ff:feb0:83fa/64.
unfortunately i cannot ping6 my firewall, i think because of a missing wrong ipv6 route.
here is the output of route -A inet6 Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 5 lo
2001:15c0:66e4:0:2e0:81ff:feb0:83fa/128 :: Un 0 1 0 lo
2001:15c0:66e4::/64 :: UAe 256 0 115 eth0
fe80::250:56ff:fec0:1/128 :: Un 0 1 0 lo
fe80::250:56ff:fec0:8/128 :: Un 0 1 0 lo
fe80::2e0:81ff:feb0:83fa/128 :: Un 0 1 2 lo
fe80::/64 :: U 256 0 0 vmnet1
fe80::/64 :: U 256 0 0 vmnet8
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 vmnet1
ff00::/8 :: U 256 0 0 vmnet8
ff00::/8 :: U 256 0 0 eth0
::/0 fe80::200:d1ff:feed:dafa UGDAe 1024 0 10 eth0
::/0 :: !n -1 1 1 lo
unfortunately i am unable to add or remove ipv6 routes for some reason.
seaburg ~ # route -A inet6 del ::/0 eth0
SIOCDELRT: No such process
seaburg ~ # route -A inet6 del ::/0 dev eth0
SIOCDELRT: No such process
seaburg ~ # route -A inet6 del ::/0 gw fe80::200:d1ff:feed:dafa
SIOCDELRT: No such process
seaburg ~ # route -A inet6 add ::/0 gw 2001:15c0:65ff:204::2
SIOCADDRT: No route to host
seaburg ~ #
what am i doing wrong?
thanks in advance for the help.
linux ipv6 routing n00b problem
Jeroen Massar on Tuesday, 03 February 2009 13:20:21
First of all use the 'ip' command from the iproute package, that one is much more flexible than the old 'route' commands. Thus use eg 'ip -6 ro sho'.
The output looks sane though, you will need to most likely fix your 'firewall' now.
The commands you are trying don't make sense:
seaburg ~ # route -A inet6 del ::/0 eth0 SIOCDELRT: No such process seaburg ~ # route -A inet6 del ::/0 dev eth0 SIOCDELRT: No such process
The default is pointing to lo, because that is where it always points to.
seaburg ~ # route -A inet6 del ::/0 gw fe80::200:d1ff:feed:dafa SIOCDELRT: No such process
The other default points to a link-local, which is most likely the address of your firewall. This default is inserted by the RA that you configured.
seaburg ~ # route -A inet6 add ::/0 gw 2001:15c0:65ff:204::2 SIOCADDRT: No route to host
And lastly, no, you can't route to your tunnelendpoint, as that is on another interface and subnet and not directly connected to your workstation.
You should probably try a traceroute6 to see where packets end up.
Most likely though you will just have to execute a 'ip -6 addr add 2001:15c0:66e4::1/64 dev NIC' (where NIC is the interface you have the prefix on) on your firewall so that it gets an address out of the /64.
linux ipv6 routing n00b problem
Shadow Hawkins on Tuesday, 03 February 2009 13:59:29
thank you for your answer.
to what interface should i assign that ipv6 address? i do not get it yet.
i have:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:00:d1:ed:da:f9 brd ff:ff:ff:ff:ff:ff
inet 172.17.118.95/24 brd 172.17.118.255 scope global eth0
inet6 2001:15c0:66e4::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::200:d1ff:feed:daf9/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:00:d1:ed:da:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
inet6 fe80::200:d1ff:feed:dafa/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:00:d1:ed:da:fb brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:00:d1:ed:da:fc brd ff:ff:ff:ff:ff:ff
6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether aa:67:cb:b8:1d:a8 brd ff:ff:ff:ff:ff:ff
7: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100
link/void
8: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
9: ip6tnl0: <NOARP> mtu 1460 qdisc noop state DOWN
link/tunnel6 :: brd ::
10: wmaster0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ieee802.11 00:04:e2:80:ee:66 brd ff:ff:ff:ff:ff:ff
11: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:04:e2:80:ee:66 brd ff:ff:ff:ff:ff:ff
12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 83.65.26.208 peer 172.25.46.23/32 scope global ppp0
13: sixxs: <NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN
link/sit 0.0.0.0 brd 0.0.0.0
inet6 2001:15c0:65ff:204::2/64 scope global
valid_lft forever preferred_lft forever
inet6 ::83.65.26.208/96 scope global
valid_lft forever preferred_lft forever
inet6 ::192.168.0.1/96 scope global
valid_lft forever preferred_lft forever
inet6 ::172.17.118.95/96 scope global
valid_lft forever preferred_lft forever
inet6 ::127.0.0.1/96 scope host
valid_lft forever preferred_lft forever
linux ipv6 routing n00b problem
Shadow Hawkins on Tuesday, 03 February 2009 14:29:14
never mind. i figured it out.
i just assigned 2001:15c0:66e4::1/64 to the local network nic of the firewall.
now it works. 8D
thanks for the help!
Posting is only allowed when you are logged in. |