|
Problem setting up Routing on Ubuntu
![[de]](/s/countries/de.gif) Shadow Hawkins on Friday, 06 December 2013 23:47:30
Hello,
I tried to walk through your how-to to setup a ubuntu server as a ipv6 router, but i guess I'm doing something wrong.
The aiccu tunnel is working on the linux box, i can ping ipv6 adresses.
in /etc/sysctl.conf i enabled the net.ipv6.conf.all.forwarding
so the radvd.conf or /etc/ufw/before6.rules seem to be the problem.
my radvd.conf is
interface eth0 {
AdvSendAdvert on ;
# Advertise at least every 30 seconds
MaxRtrAdvInterval 30;
# in order to force non RFC 6106 compliant clients to get a dns address
AdvOtherConfigFlag on ;
prefix 2001:4dd0:ff00:95c5::/64 {
AdvOnLink on;
AdvAutonomous on;
};
RDNSS 2001:14b8:0:3401:0:0:0:6 2001:1418:10:2:0:0:0:2 {
};
};
i read in the forums that the prefix should be the subnet of my tunnel. is that right?
for the RNDNS i used two ipv6 adresses from nscache.eu.sixxs.net
my ifconfig shows this
eth0 Link encap:Ethernet Hardware Adresse bc:5f:f4:c8:d5:d0
inet Adresse:192.168.178.110 Bcast:192.168.178.255 Maske:255.255.255.0
inet6-Adresse: fe80::be5f:f4ff:fec8:d5d0/64 Gltigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:381611 errors:0 dropped:0 overruns:0 frame:0
TX packets:140008 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlnge:1000
RX-Bytes:544055032 (544.0 MB) TX-Bytes:55612179 (55.6 MB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gltigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlnge:0
RX-Bytes:1220 (1.2 KB) TX-Bytes:1220 (1.2 KB)
sixxs Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6-Adresse: 2001:4dd0:ff00:15c5::2/64 Gltigkeitsbereich:Global
inet6-Adresse: fe80::4cd0:ff00:15c5:2/64 Gltigkeitsbereich:Verbindung
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1280 Metrik:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:990 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlnge:500
RX-Bytes:35900 (35.9 KB) TX-Bytes:107204 (107.2 KB)
i guess maybe there's missing a link global for eth0? i'm not sure which one to pick?
and the entries in the /etc/ufw/before6.rules are
-A ufw6-before-forward -i eth0 -s 2001:4dd0:ff00:95c5::/64 -o sixxs -m state --NEW -j ACCEPT
-A ufw6-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
I also tried fe80::/64, but both don't seem to work.
Sorry if some of my questions seem a bit stupid, but i'm rather new to linux routing and ipv6 in general
Thanks in advance!
Problem setting up Routing on Ubuntu
i read in the forums that the prefix should be the subnet of my tunnel. is that right?
Depends on what you mean.
It should be the subnet that is routed over the tunnel. These are under the 'subnet' header in your user home. (2001:4dd0:ff00:95c5::/64 is thus correct in your case).
See also FAQ: Using Subnets
i guess maybe there's missing a link global for eth0? i'm not sure which one to pick?
That is correct. The moment you enable forwarding the Linux kernel does not accept router advertisements (though there is a sysctl flag to change that). Hence you will need to configure an address in /etc/network/interfaces. Typically people tend to pick the <prefix>::1 address as the 'router address'.
and the entries in the /etc/ufw/before6.rules are -A ufw6-before-forward -i eth0 -s 2001:4dd0:ff00:95c5::/64 -o sixxs -m state --NEW -j ACCEPT -A ufw6-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
Unless you are going to drop traffic you can avoid connection tracking altogether.
I also tried fe80::/64, but both don't seem to work.
For what did you try that? What are you trying to do?
Problem setting up Routing on Ubuntu
Shadow Hawkins on Saturday, 07 December 2013 20:21:30
Jeroen Massar wrote:
> i guess maybe there's missing a link global for eth0? i'm not sure which one to pick?
That is correct. The moment you enable forwarding the Linux kernel does not accept router advertisements (though there is a sysctl flag to change that). Hence you will need to configure an address in /etc/network/interfaces. Typically people tend to pick the <prefix>::1 address as the 'router address'.
That did the trick! I think it wouldn't be bad to include that in the wiki?
> and the entries in the /etc/ufw/before6.rules are
I took the settings from the howto. I am not completly sure what it does... i thought it would be neccessary.
for now i would rather block all incoming ipv6 connections by default, but i'm not sure how to achieve that.
would the command -A ufw6-before-forward -i eth0 -s 2001:4dd0:ff00:95c5::/64 -o sixxs -m state --NEW -j ACCEPT -A ufw6-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
Unless you are going to drop traffic you can avoid connection tracking altogether.
ufw default deny be sufficient (even for ipv6 connections?)
Problem setting up Routing on Ubuntu
I took the settings from the howto. I am not completly sure what it does...
There is no magic firewall rule that works for everybody. You'll need to read up and understand before setting one up.
i thought it would be neccessary. for now i would rather block all incoming ipv6 connections by default, but i'm not sure how to achieve that. would the command ufw default deny be sufficient (even for ipv6 connections?)
In the case I use firewalls (which is rare, as I tend to just not have stuff listening that should not listen) I use, on Linux, native iptables/ip6tables, thus no idea what the ufw equivalent is.
Problem setting up Routing on Ubuntu
![[gb]](/s/countries/gb.gif) Shadow Hawkins on Tuesday, 31 December 2013 17:27:43
Stefan Beukmann wrote:
Jeroen Massar wrote:
Same problem, with same solution, on Debian Jessie.
I second the suggestion to add a note to this effect on wiki page.
> i guess maybe there's missing a link global for eth0? i'm not sure which one to pick?
That is correct. The moment you enable forwarding the Linux kernel does not accept router advertisements (though there is a sysctl flag to change that). Hence you will need to configure an address in /etc/network/interfaces. Typically people tend to pick the <prefix>::1 address as the 'router address'.
That did the trick! I think it wouldn't be bad to include that in the wiki?
|
![[ch]](/s/countries/ch.gif)
on Saturday, 07 December 2013 01:22:34
Posting is only allowed when you are