gogoNET

IPv6 & Networking the Internet of Things

Salve a tutti,

non so più dove sbattere la testa, ho seguito la guida di openwrt per utilizzare gw6c che ho trovato a questo indirizzo: http://wiki.openwrt.org/doc/howto/ipv6#tsp.tunneling

Sul router nessun problema, il ping funziona, gli indirizzi vengono risolti, tutto ok.

Sui PC che ho a casa invece non funziona il ping, infatti se provo a pingare ipv6.google.com ottengo:

$ ping6 -c 2 ipv6.google.com
PING ipv6.google.com(mil01s17-in-x14.1e100.net) 56 data bytes
From 2001:5c0:150f:9000::1 icmp_seq=1 Destination unreachable: Port unreachable
From 2001:5c0:150f:9000::1 icmp_seq=2 Destination unreachable: Port unreachable

--- ipv6.google.com ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 4886ms

e il traceroute è:

$ traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2a00:1450:4002:802::1012) from 2001:5c0:150f:9000:ca0a:a9ff:fe40:fe49, 30 hops max, 24 byte packets
1 2001:5c0:150f:9000::1 (2001:5c0:150f:9000::1) 0.374 ms 0.323 ms 0.411 ms
2 2001:5c0:150f:9000::1 (2001:5c0:150f:9000::1) 0.4 ms 0.364 ms 0.299 ms

non so davvero che pesci pigliare, nessuno ha un'idea?

Grazie

Visualizzazioni: 504

Risposte a questa discussione

Ciao Francesco,

anche io uso OpenWrt (OpenWrt Backfire 10.03.1) anche se tramite il serevr TSP interno di Fastweb, ho seguito la stessa guida e funziona perfettamente.


Vedo che il tuo endpoint pubblico del tunnel (vezzo.broker.freenet6.net [2001:5c0:1400:b::a141]) è raggiungibile via ICMPv6 (e anche via SSH - mettici una bella password ;-) )  ma non i nodi all'interno, il che fa pensare a problemi di routing o firewall (più probabile).

Anche l'output dei tuoi traceroute6 indicano quel genere di problema.

Hai fatto qualche modifica a quegli aspetti ?


Ciao, Claudio

Io non ho modificato nulla, il mmio ip6tables recita:

# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
input_rule all anywhere anywhere
input all anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all anywhere anywhere
forward all anywhere anywhere
reject all anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
output_rule all anywhere anywhere
output all anywhere anywhere

Chain forward (1 references)
target prot opt source destination
zone_lan_forward all anywhere anywhere
zone_wan_forward all anywhere anywhere

Chain forwarding_lan (1 references)
target prot opt source destination

Chain forwarding_rule (1 references)
target prot opt source destination

Chain forwarding_wan (1 references)
target prot opt source destination

Chain input (1 references)
target prot opt source destination
zone_lan all anywhere anywhere
zone_wan all anywhere anywhere

Chain input_lan (1 references)
target prot opt source destination

Chain input_rule (1 references)
target prot opt source destination

Chain input_wan (1 references)
target prot opt source destination

Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all anywhere anywhere
zone_wan_ACCEPT all anywhere anywhere

Chain output_rule (1 references)
target prot opt source destination

Chain reject (5 references)
target prot opt source destination
REJECT tcp anywhere anywhere reject-with tcp-reset
REJECT all anywhere anywhere reject-with icmp6-port-unreachable

Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all anywhere anywhere

Chain zone_lan (1 references)
target prot opt source destination
input_lan all anywhere anywhere
zone_lan_ACCEPT all anywhere anywhere

Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere

Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all anywhere anywhere
DROP all anywhere anywhere

Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all anywhere anywhere
reject all anywhere anywhere

Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all anywhere anywhere
forwarding_lan all anywhere anywhere
zone_lan_REJECT all anywhere anywhere

Chain zone_wan (1 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5
ACCEPT udp anywhere anywhere udp dpt:mdns
ACCEPT tcp anywhere anywhere tcp dpt:8080
input_wan all anywhere anywhere
zone_wan_REJECT all anywhere anywhere

Chain zone_wan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere

Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all anywhere anywhere
DROP all anywhere anywhere

Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all anywhere anywhere
reject all anywhere anywhere

Chain zone_wan_forward (1 references)
target prot opt source destination
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5
forwarding_wan all anywhere anywhere
zone_wan_REJECT all anywhere anywhere

Ed è il default, se può interessare questo è la configurazione del firewall:

# cat /etc/config/firewall
config defaults
   option syn_flood 1
   option input ACCEPT
   option output ACCEPT
   option forward REJECT

config zone
   option name lan
   option network 'lan'
   option input ACCEPT
   option output ACCEPT
   option forward REJECT

config zone
   option name wan
   option network 'wan'
   option input REJECT
   option output ACCEPT
   option forward REJECT
   option masq 1
   option mtu_fix 1

config forwarding
   option src lan
   option dest wan

config rule
   option src wan
   option proto udp
   option dest_port 68
   option target ACCEPT
   option family ipv4

config rule
   option src wan
   option proto icmp
   option icmp_type echo-request
   option family ipv4
   option target ACCEPT

config rule
   option src wan
   option proto icmp
   list icmp_type echo-request
   list icmp_type destination-unreachable
   list icmp_type packet-too-big
   list icmp_type time-exceeded
   list icmp_type bad-header
   list icmp_type unknown-header-type
   list icmp_type router-solicitation
   list icmp_type neighbour-solicitation
   option limit 1000/sec
   option family ipv6
   option target ACCEPT

config rule
   option src wan
   option dest *
   option proto icmp
   list icmp_type echo-request
   list icmp_type destination-unreachable
   list icmp_type packet-too-big
   list icmp_type time-exceeded
   list icmp_type bad-header
   list icmp_type unknown-header-type
   option limit 1000/sec
   option family ipv6
   option target ACCEPT

Questo è quanto modifiche di altro tipo non ne sono state fatte se non abilitare il forwarding di ipv6

net.ipv6.conf.all.forwarding=1

RSS

Training

IoT & IPv6 Networking Conference

Product Information

Fill out my online form.

© 2014   Created by gogo6.

Badges  |  Report an Issue  |  Terms of Service