Slackware 10 router doesn't route from LAN to internet
Shadow Hawkins on Saturday, 19 March 2005 20:03:23
Hi!
I have a Slackware 10 router ("paratrooper") with a SixXS tunnel set up.
The IPv6 connection works fine:
root@paratrooper:~# traceroute6 noc.sixxs.net
traceroute to noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) from 2001:6f8:900:8c::2, 30 hops max, 16 byte packets
1 gw-141.ham-01.de.sixxs.net (2001:6f8:900:8c::1) 84.831 ms 82.261 ms 81.902 ms
----cut----
13 noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) 103.126 ms 101.286 ms 162.232 ms
root@paratrooper:~#
root@paratrooper:~# ping -c3 noc.sixxs.net
PING noc.sixxs.net (213.197.29.32) 56(84) bytes of data.
64 bytes from noc.sixxs.net (213.197.29.32): icmp_seq=1 ttl=58 time=107 ms
64 bytes from noc.sixxs.net (213.197.29.32): icmp_seq=2 ttl=58 time=103 ms
64 bytes from noc.sixxs.net (213.197.29.32): icmp_seq=3 ttl=58 time=123 ms
--- noc.sixxs.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 103.671/111.738/123.558/8.541 ms
root@paratrooper:~#
But the host ("camouflage") on my subnet can't get IPv6 access to outside my LAN:
camouflage ~ # traceroute6 noc.sixxs.net
traceroute to noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) from 2001:6f8:987:0:20c:f1ff:fea3:8c59, 30 hops max, 16 byte packets
1 paratrooper (2001:6f8:987::1) 0.317 ms !N 0.233 ms !N 0.161 ms !N
camouflage ~ #
camouflage ~ # ping6 -c3 noc.sixxs.net
PING noc.sixxs.net(noc.sixxs.net) 56 data bytes
From paratrooper icmp_seq=1 Destination unreachable: No route
From paratrooper icmp_seq=2 Destination unreachable: No route
From paratrooper icmp_seq=3 Destination unreachable: No route
--- noc.sixxs.net ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2000ms
camouflage ~ #
The router has radvd running and IPv6 forwarding is enabled for all interfaces [eth0:LAN and sixxs:SixXS-tunnel].
The subnet-host has accept_ra set to 1.
The routes are configured this way:
root@paratrooper:~# ip -6 ro sh
2001:6f8:900:8c::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220
2001:6f8:987::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1220
fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1220
fe80::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1220
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220
default via 2001:6f8:900:8c::1 dev sixxs metric 1024 mtu 1280 advmss 1220
unreachable default dev lo proto none metric -1 error -101 advmss 1220
root@paratrooper:~#
camouflage ~ # ip -6 ro sh
2001:6f8:987::/64 dev eth0 proto kernel metric 256 mtu 1280 advmss 1220 metric10 64
2001:6f8:987::/64 dev eth0 metric 1024 mtu 1280 advmss 1220 metric10 64
fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1220 metric10 64
fe80::/64 dev eth0 metric 256 mtu 1280 advmss 1220 metric10 64
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1220 metric10 1
ff00::/8 dev eth0 metric 256 mtu 1280 advmss 1220 metric10 1
default via fe80::2e0:7dff:fedd:aa2 dev eth0 proto kernel metric 1024 expires 883sec mtu 1280 advmss 1220 metric10 64
unreachable default dev lo proto none metric -1 error -101 metric10 255
camouflage ~ #
I searched the forum already, but none of the posts fit exactly my problems.
Can anyone help me?
TIA,
Florian
Slackware 10 router doesn't route from LAN to internet
Jeroen Massar on Sunday, 20 March 2005 14:27:32
8<-------------
camouflage ~ # traceroute6 noc.sixxs.net
traceroute to noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) from 2001:6f8:987:0:20c:f1ff:fea3:8c59, 30 hops max, 16 byte packets
1 paratrooper (2001:6f8:987::1) 0.317 ms !N 0.233 ms !N 0.161 ms !N
------------->8
man traceroute -> !N = destination network not reachable.
Thus check that forwarding is enabled (though if you run radvd forwarding should already be enabled) and that routing tables are correct.
Also check your firewalling tables...
8<-------------
camouflage ~ # ip -6 ro sh
2001:6f8:987::/64 dev eth0 proto kernel metric 256 mtu 1280 advmss 1220 metric10 64
2001:6f8:987::/64 dev eth0 metric 1024 mtu 1280 advmss 1220 metric10 64
------------>8
This is weird, you have the same configured twice, one automatically and one statically.
Btw which kernel is this? You might want to try adding a 'ip -6 ro add 2000::/3 via 2001:6f8:900:8c::1 dev sixxs" on paratrooper (the router), some, older, kernels make troubles with 'default' routes.
Also check that you can reach 2001:6f8:987:0:20c:f1ff:fea3:8c59 from paratrouper.
tracerouting from noc.sixxs.net gives the following in the end:
12 deham01.sixxs.net (2001:6f8:800:1003::2) 19.659 ms 19.419 ms 19.518 ms
13 cl-141.ham-01.de.sixxs.net (2001:6f8:900:8c::2) 108.255 ms 106.066 ms 105.797 ms
14 cl-141.ham-01.de.sixxs.net (2001:6f8:900:8c::2) 3100.2 ms !H 3100.02 ms !H 3272.62 ms !H
Aka your router does not know where to send the traffic to...
Slackware 10 router doesn't route from LAN to internet [SOLVED]
Shadow Hawkins on Sunday, 20 March 2005 18:27:09
Thanks for the quick respone, Jeroen.
I tried to fix the problem for two hours now changing the routes...
Meanwhile a traceroute from "camouflage" showed ::1 !H'd as only hop...
2001:6f8:987:0:20c:f1ff:fea3:8c59 is reachable without problems. By the way, what address is this, since it's not explicitly specified by a "ip -6 addr add" command?
The solution was the 2000::/3 via 2001:6f8:900:8c::1 route on the tunnel interface. The routing's now working flawlessly.
My (router's) kernel is the standard Slackware 10.0 kernel 2.4.26.
Slackware 10 router doesn't route from LAN to internet [SOLVED]
Jeroen Massar on Sunday, 20 March 2005 18:57:06 2001:6f8:987:0:20c:f1ff:fea3:8c59 is reachable without problems. By the way, what address is this, since it's not explicitly specified by a "ip -6 addr add" command?
That is an autoconfigured address. You have a radvd running which announces 2001:6f8:987::/64, all the hosts on that network pick it up and add their EUI-64 address to it, automatically configuring the interface.
2.4.x branch indeed doesn't use the real 'default', at least some do, some don't.
Posting is only allowed when you are logged in. |