|
Can't ping tunnel or outside from LAN
![[ar]](/s/countries/ar.gif) Shadow Hawkins on Sunday, 23 September 2012 15:09:06
Hi,
My name is Pablo Trincavelli, user PTS6-SIXXS and I'm using a Linksys WRT54g router with OpenWRT Backfire 10.03.1.and have two WIndows 7 PCs and an iPad on my network. Also this is the information for my tunnel:
Tunnel Id : T97878
PoP Name : brudi01 (br.ctbc [AS16735])
TIC Server : tic.sixxs.net (which is the default in AICCU)
Your Location : Rosario, ar
SixXS IPv6 : 2001:1291:200:336::1/64
Your IPv6 : 2001:1291:200:336::2/64
SixXS IPv4 : 201.48.254.14
Tunnel Type : Dynamic (ayiya)
I've already read a lot of posts, blogs, forums, wiki, etc. to find a solution, but Im unable to find a solution.
My problem is that I've managed to get everything working and I can ping and resolve names without problem from my router, but from the PCs from the internal LAN I can just ping the IPv6 address of my router (2001:1291:200:336::2) and nothing else, I cannot ping even the tunnel address (2001:1291:200:336::1) although the PCs do get the ipv6 address and nslookup can resolve names (but this is probably because they use the router for that)
This is my /etc/config/aiucc conf:
config aiccu
option username 'PTS6-SIXXS'
option password 'xxxxxxxxx'
option protocol 'tic'
option server 'tic.sixxs.net'
option interface 'sixxs.0'
option tunnel_id 'T97878'
option requiretls '0'
option defaultroute '1'
option nat '1'
option heartbeat '1'
This is my /etc/config/radvd conf:
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
list client ''
option ignore 0
config prefix
option interface 'lan'
# If not specified, a non-link-local prefix of the interface is used
list prefix ''
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 1
option ignore 0
config route
option interface 'lan'
list prefix ''
option ignore 0
config rdnss
option interface 'lan'
# If not specified, the link-local address of the interface is used
list addr ''
option ignore 0
config dnssl
option interface 'lan'
list suffix ''
option ignore 1
This is my /etc/config/network conf:
config 'switch' 'eth0'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'ifname' 'eth0.0'
option 'netmask' '255.255.255.0'
option 'ipaddr' '192.168.2.2'
option 'keepalive' '15'
option 'defaultroute' '1'
option 'proto' 'static'
option 'type' 'bridge'
option 'ip6addr' '2001:1291:200:336::2/64'
option 'dns' '192.168.2.2'
config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'proto' 'pppoe'
option 'gateway' '192.168.2.2'
option 'username' 'xxxxxxxxxxx'
option 'password' 'xxxxxxxxxxx'
option 'mtu' '1492'
option 'ppp_redial' 'persist'
option 'type' 'bridge'
option 'peerdns' '0'
option 'dns' '208.67.222.222 208.67.220.220'
option 'keepalive' '15 5'
config 'switch_vlan' 'eth0_0'
option 'device' 'eth0'
option 'vlan' '0'
option 'ports' '1 2 3 4 5'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 5'
config 'interface' 'wan6'
option 'proto' 'static'
option 'ifname' 'sixxs.0'
option 'auto' '1'
option 'ip6addr' '2001:1291:200:336:0:0:0:2'
option 'send_rs' '0'
This is my /etc/config/firewall conf:
config 'defaults'
option 'drop_invalid' '1'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
option 'mtu_fix' '1'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
option 'mtu_fix' '1'
config 'include'
option 'path' '/etc/firewall.user'
config 'zone'
option 'name' 'wan6'
option 'output' 'ACCEPT'
option 'network' 'wan6'
option 'family' 'ipv6'
option 'input' 'DROP'
option 'forward' 'DROP'
config 'forwarding'
option 'dest' 'wan6'
option 'src' 'lan'
config 'rule'
option 'name' 'RHO'
option 'family' 'ipv6'
option 'target' 'DROP'
option 'extra' '-m rt --rt-type 0'
option 'proto' 'all'
option 'src' 'wan6'
config 'rule'
option 'name' 'RHO2'
option 'family' 'ipv6'
option 'target' 'DROP'
option 'extra' '-m rt --rt-type 0'
option 'proto' 'all'
option 'src' 'wan6'
option 'dest' 'lan'
config 'rule'
option 'target' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
#option 'name' 'Allow-Ping ipv6'
option 'family' 'ipv6'
option 'proto' 'icmp'
option 'src' 'wan6'
option 'limit' '2000/sec'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
list 'icmp_type' 'router-solicitation'
list 'icmp_type' 'neighbour-solicitation'
list 'icmp_type' 'echo-reply'
This is my ifconfig output:
br-lan Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: 2001:1291:200:336::2/64 Scope:Global
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43915 errors:0 dropped:0 overruns:0 frame:0
TX packets:44738 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5888506 (5.6 MiB) TX bytes:20254984 (19.3 MiB)
br-wan Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
RX packets:30702 errors:0 dropped:0 overruns:0 frame:0
TX packets:30419 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14418818 (13.7 MiB) TX bytes:5163280 (4.9 MiB)
eth0 Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30702 errors:0 dropped:0 overruns:0 frame:0
TX packets:33605 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15094262 (14.3 MiB) TX bytes:5910937 (5.6 MiB)
Interrupt:5
eth0.0 Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3169 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:426738 (416.7 KiB)
eth0.1 Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30702 errors:0 dropped:0 overruns:0 frame:0
TX packets:30425 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14541626 (13.8 MiB) TX bytes:5285468 (5.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:658 errors:0 dropped:0 overruns:0 frame:0
TX packets:658 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49237 (48.0 KiB) TX bytes:49237 (48.0 KiB)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:190.137.248.136 P-t-P:200.3.60.24 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:28713 errors:0 dropped:0 overruns:0 frame:0
TX packets:28426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:14096392 (13.4 MiB) TX bytes:4476928 (4.2 MiB)
sixxs.0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:1291:200:336::2/64 Scope:Global
inet6 addr: fe80::1091:200:336:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:89 errors:0 dropped:0 overruns:0 frame:0
TX packets:306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:67468 (65.8 KiB) TX bytes:84048 (82.0 KiB)
wl0 Link encap:Ethernet HWaddr 00:13:10:86:61:DA
inet6 addr: fe80::213:10ff:fe86:61da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43858 errors:0 dropped:0 overruns:0 frame:864895
TX packets:47318 errors:33 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6496734 (6.1 MiB) TX bytes:21003156 (20.0 MiB)
Interrupt:4 Base address:0x1000
This is my routing:
root@blue:~# ip -6 ro
2001:1291:200:336::/64 dev br-lan metric 256 mtu 1500 advmss 1440
2001:1291:200:336::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1432
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1432
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1432
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1432
fe80::/64 dev br-wan metric 256 mtu 1492 advmss 1432
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1432
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1432
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1432
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1432
ff00::/8 dev br-wan metric 256 mtu 1492 advmss 1432
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs.0 metric 256 mtu 1280 advmss 1220
default via 2001:1291:200:336::1 dev sixxs.0 metric 1024 mtu 1280 advmss 1220
This are a couple of pings from my router:
root@blue:~# ping ipv6.google.com
PING ipv6.google.com (2800:3f0:4002:800::1011): 56 data bytes
64 bytes from 2800:3f0:4002:800::1011: seq=0 ttl=54 time=308.929 ms
64 bytes from 2800:3f0:4002:800::1011: seq=1 ttl=54 time=307.896 ms
64 bytes from 2800:3f0:4002:800::1011: seq=2 ttl=54 time=303.380 ms
64 bytes from 2800:3f0:4002:800::1011: seq=3 ttl=54 time=316.289 ms
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 303.380/309.123/316.289 ms
root@blue:~#
(Pinging the tunnel end works)
root@blue:~# ping 2001:1291:200:336::1
PING 2001:1291:200:336::1 (2001:1291:200:336::1): 56 data bytes
64 bytes from 2001:1291:200:336::1: seq=0 ttl=64 time=256.574 ms
64 bytes from 2001:1291:200:336::1: seq=1 ttl=64 time=255.986 ms
64 bytes from 2001:1291:200:336::1: seq=2 ttl=64 time=255.574 ms
64 bytes from 2001:1291:200:336::1: seq=3 ttl=64 time=259.567 ms
--- 2001:1291:200:336::1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 255.574/256.925/259.567 ms
root@blue:~#
And now from one of my Windows 7 machines (happens the same on both of them):
Pinging the router works ok
C:\Users\pablo.trincavelli>ping 2001:1291:200:336::2
Pinging 2001:1291:200:336::2 with 32 bytes of data:
Reply from 2001:1291:200:336::2: time=5ms
Reply from 2001:1291:200:336::2: time=2ms
Reply from 2001:1291:200:336::2: time=2ms
Reply from 2001:1291:200:336::2: time=15ms
Ping statistics for 2001:1291:200:336::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 15ms, Average = 6ms
Pinging my router works ok:
C:\Users\pablo.trincavelli>ping 2001:1291:200:336::2
Pinging 2001:1291:200:336::2 with 32 bytes of data:
Reply from 2001:1291:200:336::2: time=5ms
Reply from 2001:1291:200:336::2: time=2ms
Reply from 2001:1291:200:336::2: time=2ms
Reply from 2001:1291:200:336::2: time=2ms
Ping statistics for 2001:1291:200:336::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 5ms, Average = 2ms
BUT Pinging the tunnel end or other ipv6 host does not work, but please see the different error in each case:
C:\Users\pablo.trincavelli>ping 2001:1291:200:336::1
Pinging 2001:1291:200:336::1 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Ping statistics for 2001:1291:200:336::1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\pablo.trincavelli>ping ipv6.google.com
Pinging ipv6.l.google.com [2800:3f0:4002:800::1013] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2800:3f0:4002:800::1013:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
This is my routing from my PC:
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 281 ::/0 fe80::213:10ff:fe86:61d8
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:81:f9b:3f57:fdec/128
On-link
13 33 2001:1291:200:336::/64 On-link
13 281 2001:1291:200:336:6040:35d0:8bc7:1827/128
On-link
13 281 2001:1291:200:336:c97a:7e56:1e71:a67/128
On-link
13 281 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::81:f9b:3f57:fdec/128
On-link
13 281 fe80::6040:35d0:8bc7:1827/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Hope you can help me.
Thanks,
Pablo
Can't ping tunnel or outside from LAN
2001:1291:200:336::/64 dev br-lan metric 256 mtu 1500 advmss 1440 2001:1291:200:336::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
Can't ping tunnel or outside from LAN
Shadow Hawkins on Sunday, 23 September 2012 16:38:20
This is my new ipv6 routing table....
2001:1291:200:336::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
2001:1291:200:8336::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1432
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1432
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1432
fe80::/64 dev br-wan metric 256 mtu 1492 advmss 1432
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1432
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1432
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1432
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1432
ff00::/8 dev br-wan metric 256 mtu 1492 advmss 1432
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1432
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs.0 metric 256 mtu 1280 advmss 1220
default via 2001:1291:200:336::1 dev sixxs.0 metric 1024 mtu 1280 advmss 1220
And this is how my br-lan interface is now...
br-lan Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: 2001:1291:200:8336::2/64 Scope:Global
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5023 errors:0 dropped:0 overruns:0 frame:0
TX packets:3830 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:401852 (392.4 KiB) TX bytes:834051 (814.5 KiB)
Please tell me if this is right, but something on this or on other place is wrong, because I still cannot ping the tunnel (2001:1291:200:336::1) from the lan and also something very weird happened, I've lost DNS resolution on IPv4 and IPv6, althought IPv4 conectivity still works, my DNS resolution does not.
Everything works fine on the router, including DNS resolution. I've had to revert all changes to a backup of the conf files and I get back DNS resolution working.
Can't ping tunnel or outside from LAN
Please tell me if this is right,
Looking much better.
but something on this or on other place is wrong, because I still cannot ping the tunnel (2001:1291:200:336::1) from the lan
Is IPv6 forwarding enabled?
and also something very weird happened, I've lost DNS resolution on IPv4 and IPv6, althought IPv4 conectivity still works, my DNS resolution does not.
You'll need to check what your DNS settings are for that and check that your NAT is still functioning.
Can't ping tunnel or outside from LAN
Shadow Hawkins on Sunday, 23 September 2012 16:55:42
Yes ipv6 forwarding is enabled, this is in my /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1
and I've checked it's working:
root@blue:~# cat /proc/sys/net/ipv6/conf/all/forwarding
1
But I'm kind of lost with the DNS settings, as it was resolving ok for both ipv4 and ipv6 with the previous configuration :-(
Can you please tell me what I must specifically check?
Thanks for your help!
Can't ping tunnel or outside from LAN
But I'm kind of lost with the DNS settings, as it was resolving ok for both ipv4 and ipv6 with the previous configuration :-( Can you please tell me what I must specifically check?
Depending on the host, on Linux/OpenWRT check cat /etc/resolv.conf , on Windows check the output of either ipconfig /all or nslookup
Can't ping tunnel or outside from LAN
Shadow Hawkins on Sunday, 23 September 2012 18:40:40
Ok, something related to this is definitely wrong, I'm a user of OpenDNS and with the "ipv4 dns working config" the /etc/resolv.conf on the router is:
root@blue:/# cat /etc/resolv.conf
search localdomain
nameserver 127.0.0.1
but when I swich configs to the "non working ipv4 dns" this is what I get:
root@blue:/# cat /etc/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
Don't know why the or what is making this change.
I've manually edited it and with the "ipv4 working config" my router can resolve names with either of this configurations:
root@blue:/# cat /etc/resolv.conf
search localdomain
nameserver 127.0.0.1
#nameserver 208.67.222.222
#nameserver 208.67.220.220
or
root@blue:/# cat /etc/resolv.conf
#search localdomain
#nameserver 127.0.0.1
nameserver 208.67.222.222
nameserver 208.67.220.220
these are the results....
root@blue:/# nslookup google.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.
Name: google.com
Address 1: 2800:3f0:4002:801::1007
Address 2: 173.194.42.38 eze03s06-in-f6.1e100.net
Address 3: 173.194.42.34 eze03s06-in-f2.1e100.net
Address 4: 173.194.42.40 eze03s06-in-f8.1e100.net
Address 5: 173.194.42.46 eze03s06-in-f14.1e100.net
Address 6: 173.194.42.32 eze03s06-in-f0.1e100.net
Address 7: 173.194.42.39 eze03s06-in-f7.1e100.net
Address 8: 173.194.42.41 eze03s06-in-f9.1e100.net
Address 9: 173.194.42.35 eze03s06-in-f3.1e100.net
Address 10: 173.194.42.33 eze03s06-in-f1.1e100.net
Address 11: 173.194.42.36 eze03s06-in-f4.1e100.net
Address 12: 173.194.42.37 eze03s06-in-f5.1e100.net
root@blue:/# nslookup google.com
Server: 208.67.222.222
Address 1: 208.67.222.222 resolver1.opendns.com
Name: google.com
Address 1: 2800:3f0:4002:801::1007
Address 2: 173.194.42.40 eze03s06-in-f8.1e100.net
Address 3: 173.194.42.46 eze03s06-in-f14.1e100.net
Address 4: 173.194.42.32 eze03s06-in-f0.1e100.net
Address 5: 173.194.42.39 eze03s06-in-f7.1e100.net
Address 6: 173.194.42.41 eze03s06-in-f9.1e100.net
Address 7: 173.194.42.35 eze03s06-in-f3.1e100.net
Address 8: 173.194.42.33 eze03s06-in-f1.1e100.net
Address 9: 173.194.42.36 eze03s06-in-f4.1e100.net
Address 10: 173.194.42.37 eze03s06-in-f5.1e100.net
Address 11: 173.194.42.38 eze03s06-in-f6.1e100.net
Address 12: 173.194.42.34 eze03s06-in-f2.1e100.net
But when I switch to the "non working ipv4 dns config" my router only works with the OpenDNS namservers config, swiching manually to the local (I'm using dnsmasq) does not work.
And neither of them work for the clients on the LAN.
Following are the outputs of what you mentioned.
When ipv4 dns works...
Configuracin IP de Windows
Nombre de host. . . . . . . . . : daniela-PC
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : hbrido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Lista de bsqueda de sufijos DNS: localdomain
Adaptador de LAN inal mbrica Conexin de red inal mbrica 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Direccin fsica. . . . . . . . . . . . . : D6-82-FE-3C-86-A6
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Adaptador de Ethernet Conexin de red Bluetooth 3:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #3
Direccin fsica. . . . . . . . . . . . . : 00-26-B6-D8-54-93
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Adaptador de LAN inal mbrica Conexin de red inal mbrica:
Sufijo DNS especfico para la conexin. . : localdomain
Descripcin . . . . . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Direccin fsica. . . . . . . . . . . . . : B4-82-FE-3C-86-A6
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Direccin IPv6 . . . . . . . . . . : 2001:1291:200:336:89a2:c227:adc0:d801(Preferido)
Direccin IPv6 temporal. . . . . . : 2001:1291:200:336:8af:a834:d1d0:7a24(Preferido)
Vnculo: direccin IPv6 local. . . : fe80::89a2:c227:adc0:d801%15(Preferido)
Direccin IPv4. . . . . . . . . . . . . . : 192.168.2.18(Preferido)
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Concesin obtenida. . . . . . . . . . . . : domingo, 23 de septiembre de 2012 03:53:48 a.m.
La concesin expira . . . . . . . . . . . : domingo, 23 de septiembre de 2012 07:33:41 p.m.
Puerta de enlace predeterminada . . . . . : fe80::213:10ff:fe86:61d8%15
192.168.2.2
Servidor DHCP . . . . . . . . . . . . . . : 192.168.2.2
Servidores DNS. . . . . . . . . . . . . . : 192.168.2.2
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado
Adaptador de Ethernet Conexin de rea local:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . : localdomain
Descripcin . . . . . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Direccin fsica. . . . . . . . . . . . . : 00-24-54-26-B9-C4
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Adaptador de tnel isatap.localdomain:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . : localdomain
Descripcin . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Adaptador de tnel isatap.{AF59EA93-4A65-4B9A-891D-28AC78DA16F2}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #2
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Adaptador de tnel isatap.{84744620-6663-4206-A75F-AAFD64210F69}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #3
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Adaptador de tnel Teredo Tunneling Pseudo-Interface:
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Direccin IPv6 . . . . . . . . . . : 2001:0:9d38:6ab8:30a3:31b4:4176:777(Preferido)
Vnculo: direccin IPv6 local. . . : fe80::30a3:31b4:4176:777%18(Preferido)
Puerta de enlace predeterminada . . . . . :
NetBIOS sobre TCP/IP. . . . . . . . . . . : deshabilitado
C:\nslookup google.com
Servidor: blue.localdomain
Address: 192.168.2.2
Respuesta no autoritativa:
Nombre: google.com
Addresses: 2800:3f0:4002:801::1006
173.194.42.37
173.194.42.35
173.194.42.39
173.194.42.32
173.194.42.36
173.194.42.41
173.194.42.33
173.194.42.40
173.194.42.38
173.194.42.46
173.194.42.34
An when ipv4 dns dont't work....
Configuracin IP de Windows
Nombre de host. . . . . . . . . : daniela-PC
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : hbrido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Lista de bsqueda de sufijos DNS: localdomain
Adaptador de LAN inal mbrica Conexin de red inal mbrica 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Direccin fsica. . . . . . . . . . . . . : D6-82-FE-3C-86-A6
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Adaptador de Ethernet Conexin de red Bluetooth 3:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #3
Direccin fsica. . . . . . . . . . . . . : 00-26-B6-D8-54-93
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Adaptador de LAN inal mbrica Conexin de red inal mbrica:
Sufijo DNS especfico para la conexin. . : localdomain
Descripcin . . . . . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Direccin fsica. . . . . . . . . . . . . : B4-82-FE-3C-86-A6
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Direccin IPv6 . . . . . . . . . . : 2001:1291:200:8336:89a2:c227:adc0:d801(Preferido)
Direccin IPv6 temporal. . . . . . : 2001:1291:200:8336:802b:fb0b:f2d1:d87f(Preferido)
Vnculo: direccin IPv6 local. . . : fe80::89a2:c227:adc0:d801%15(Preferido)
Direccin IPv4. . . . . . . . . . . . . . : 192.168.2.18(Preferido)
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Concesin obtenida. . . . . . . . . . . . : domingo, 23 de septiembre de 2012 03:53:48 a.m.
La concesin expira . . . . . . . . . . . : domingo, 23 de septiembre de 2012 07:33:42 p.m.
Puerta de enlace predeterminada . . . . . : fe80::213:10ff:fe86:61d8%15
192.168.2.2
Servidor DHCP . . . . . . . . . . . . . . : 192.168.2.2
Servidores DNS. . . . . . . . . . . . . . : 192.168.2.2
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado
Adaptador de Ethernet Conexin de rea local:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . : localdomain
Descripcin . . . . . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Direccin fsica. . . . . . . . . . . . . : 00-24-54-26-B9-C4
DHCP habilitado . . . . . . . . . . . . . : s
Configuracin autom tica habilitada . . . : s
Adaptador de tnel isatap.localdomain:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . : localdomain
Descripcin . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Adaptador de tnel isatap.{AF59EA93-4A65-4B9A-891D-28AC78DA16F2}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #2
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Adaptador de tnel isatap.{84744620-6663-4206-A75F-AAFD64210F69}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #3
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
Adaptador de tnel Teredo Tunneling Pseudo-Interface:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuracin autom tica habilitada . . . : s
C:\nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Servidor: UnKnown
Address: 192.168.2.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Can't ping tunnel or outside from LAN
Seems your dnsmasq is being misconfigured. OpenWRT tends to make files in /tmp or /var/tmp for configuration, you'll need to inspect those and set them correctly.
Note that if resolving on 127.0.0.1 (where dnsmasq listens) on your router does not work then you don't have to try further on other computers as those ask that dns server. As such fix that first.
Can't ping tunnel or outside from LAN
Shadow Hawkins on Tuesday, 25 September 2012 00:24:08
Ok, found something interesting...
Seems that with the ipv6 config dnsmasq doesn't wanted to start and it had to be with dhcp available in wan6 interface. I disabled it and name reslution is now working fine. It was using an ipv6 range address, but as radvd is taking care of that, I disabled it for wan6 and everything dns related seems working ok. Is this right?
Well, but now again I'm stucked with a similar problem as when I started. Everything works ok from the router, pinging the tunnel and another ipv6 enabled site on the internet works ok. But, on the LAN, I cannot even ping my router, the tunnel, or other ipv6 site.
(just to be sure I pinged probably a wrong address, but at least some of this must have worked)
C:\>ping -6 2001:1291:200:336::2
Pinging 2001:1291:200:336::2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2001:1291:200:336::2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping -6 2001:1291:200:8336::2
Pinging 2001:1291:200:8336::2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2001:1291:200:8336::2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping -6 2001:1291:200:8336::1
Pinging 2001:1291:200:8336::1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2001:1291:200:8336::1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping -6 2001:1291:200:336::1
Pinging 2001:1291:200:336::1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2001:1291:200:336::1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping -6 ipv6.google.com
Pinging ipv6.l.google.com [2800:3f0:4002:800::1012] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2800:3f0:4002:800::1012:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
So, something must still be needed to be fixed.... any ideas?
Thanks,
Pablo
Can't ping tunnel or outside from LAN
Ping is a good first step to check if something works or not, but what you actually want to look at is the values in 'ifconfig' or 'ipconfig /all' on Windows, and the routing tables ('ip -6 ro show" and "netstat -rn' on Windows)
Can't ping tunnel or outside from LAN
Shadow Hawkins on Tuesday, 25 September 2012 13:03:52
Ok, although I will try to investigate a bit further, here are the routing tables and configuration for you to check, as you will probaly find it easier than me.
This is from my router (I think this is ok)
root@blue:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: 2001:1291:200:8336::2/64 Scope:Global
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19251 errors:0 dropped:0 overruns:0 frame:0
TX packets:16314 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2612393 (2.4 MiB) TX bytes:6283334 (5.9 MiB)
br-wan Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
RX packets:29342 errors:0 dropped:0 overruns:0 frame:0
TX packets:29673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7424506 (7.0 MiB) TX bytes:3968755 (3.7 MiB)
eth0 Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29342 errors:0 dropped:0 overruns:0 frame:0
TX packets:33302 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8070030 (7.6 MiB) TX bytes:5080366 (4.8 MiB)
Interrupt:5
eth0.0 Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:629332 (614.5 KiB)
eth0.1 Link encap:Ethernet HWaddr 00:13:10:86:61:D8
inet6 addr: fe80::213:10ff:fe86:61d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29342 errors:0 dropped:0 overruns:0 frame:0
TX packets:29679 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7541874 (7.1 MiB) TX bytes:4087959 (3.8 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:649 errors:0 dropped:0 overruns:0 frame:0
TX packets:649 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:48435 (47.2 KiB) TX bytes:48435 (47.2 KiB)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:190.138.157.136 P-t-P:200.3.60.24 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:20807 errors:0 dropped:0 overruns:0 frame:0
TX packets:21127 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:6863498 (6.5 MiB) TX bytes:3243773 (3.0 MiB)
sixxs.0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:1291:200:336::2/64 Scope:Global
inet6 addr: fe80::1091:200:336:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:3033 errors:0 dropped:0 overruns:0 frame:0
TX packets:1562 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:836904 (817.2 KiB) TX bytes:716932 (700.1 KiB)
wl0 Link encap:Ethernet HWaddr 00:13:10:86:61:DA
inet6 addr: fe80::213:10ff:fe86:61da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19220 errors:0 dropped:0 overruns:0 frame:4762407
TX packets:18719 errors:41 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2878238 (2.7 MiB) TX bytes:6910910 (6.5 MiB)
Interrupt:4 Base address:0x1000
root@blue:~# ip -6 route show
2001:1291:200:336::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
2001:1291:200:8336::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1432
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1432
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1432
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1432
fe80::/64 dev br-wan metric 256 mtu 1492 advmss 1432
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev sixxs.0 metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1432
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1432
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1432
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1432
ff00::/8 dev br-wan metric 256 mtu 1492 advmss 1432
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs.0 metric 256 mtu 1280 advmss 1220
default via 2001:1291:200:336::1 dev sixxs.0 metric 1024 mtu 1280 advmss 1220
And here are the ones from Windows (I'm not sure about them)
C:\>netstat -rn
===========================================================================
Interface List
20...00 ff 70 67 35 04 ......Juniper Network Connect Virtual Adapter
13...90 4c e5 85 82 c4 ......Dell Wireless 1397 WLAN Mini-Card
12...a4 ba db 95 cd ac ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.2 192.168.2.14 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.14 281
192.168.2.14 255.255.255.255 On-link 192.168.2.14 281
192.168.2.255 255.255.255.255 On-link 192.168.2.14 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.14 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.14 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 281 ::/0 fe80::213:10ff:fe86:61d8
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:9d38:6ab8:1808:241:4119:a4f6/128
On-link
13 33 2001:1291:200:8336::/64 On-link
13 281 2001:1291:200:8336:6040:35d0:8bc7:1827/128
On-link
13 281 2001:1291:200:8336:b95a:1a6b:c4b5:c0eb/128
On-link
13 281 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::1808:241:4119:a4f6/128
On-link
13 281 fe80::6040:35d0:8bc7:1827/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\>
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : glb5441
Primary Dns Suffix . . . . . . . : globant.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : globant.com
localdomain
Ethernet adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-70-67-35-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 90-4C-E5-85-82-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:1291:200:8336:6040:35d0:8bc7:1827(Pr
eferred)
Temporary IPv6 Address. . . . . . : 2001:1291:200:8336:b95a:1a6b:c4b5:c0eb(Pr
eferred)
Link-local IPv6 Address . . . . . : fe80::6040:35d0:8bc7:1827%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.14(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : martes, 25 de septiembre de 2012 09:53:17
a.m.
Lease Expires . . . . . . . . . . : martes, 25 de septiembre de 2012 03:53:17
p.m.
Default Gateway . . . . . . . . . : fe80::213:10ff:fe86:61d8%13
192.168.2.2
DHCP Server . . . . . . . . . . . : 192.168.2.2
DNS Servers . . . . . . . . . . . : 192.168.2.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : A4-BA-DB-95-CD-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{28D53A10-C8C5-48B9-9517-D7FD89D84272}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1808:241:4119:a4f6(Prefe
rred)
Link-local IPv6 Address . . . . . : fe80::1808:241:4119:a4f6%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{075AE87C-5A57-41A0-B68E-1D19500398FF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I think I may be missing som configuration required on Windows, is there something I should have done?
Thank you very much!!
Pablo
Can't ping tunnel or outside from LAN
This is from my router (I think this is ok)
I agree with that.
On the Windows box you have Teredo enabled (2001:0::/32 addresses) but that should not be a big problem.
What does a tracert6 (or is it 'tracert' nowadays?) from the Windows host towards for instance www.ipv6.sixxs.net look like?
Can't ping tunnel or outside from LAN
Shadow Hawkins on Tuesday, 25 September 2012 13:35:38
Here's the tracert from my Windows box
C:\>tracert www.ipv6.sixxs.net
Tracing route to ipv6.nginx.sixxs.net [2001:1af8:4050::2]
over a maximum of 30 hops:
1 2 ms 58 ms 3 ms 2001:1291:200:8336::2
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
C:\>
And just in case, here's from my router (shoudn't this be working?, and also everything is on ipv4, why?)
root@blue:~# traceroute www.ipv6.sixxs.net
traceroute to www.ipv6.sixxs.net (67.215.65.132), 30 hops max, 38 byte packets
1 host24.200-3-60.telecom.net.ar (200.3.60.24) 29.149 ms 28.670 ms 29.177 ms
2 host233.200-117-79.telecom.net.ar (200.117.79.233) 41.548 ms 41.368 ms 39.773 ms
3 host193.190-225-254.telecom.net.ar (190.225.254.193) 49.465 ms 44.652 ms 47.882 ms
4 host94.186-153-152.telecom.net.ar (186.153.152.94) 41.402 ms 44.116 ms 47.986 ms
5 195.22.220.109 (195.22.220.109) 35.922 ms 35.910 ms 36.086 ms
6 te-7-4.car2.Miami1.Level3.net (63.209.150.165) 161.723 ms * 173.938 ms
7 ae-14-51.car4.Miami1.Level3.net (4.69.138.69) 185.857 ms ae-24-52.car4.Miami1.Level3.net (4.69.138.101) 165.448 ms 153.913 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Can't ping tunnel or outside from LAN
1 2 ms 58 ms 3 ms 2001:1291:200:8336::2 2 * * * Request timed out.
You should check if forwarding is working.
root@blue:~# traceroute www.ipv6.sixxs.net traceroute to www.ipv6.sixxs.net (67.215.65.132), 30 hops max, 38 byte packets
That is not one of our hosts, heck, www.ipv6.sixxs.net does not have an IPv4 address.
132.65.215.67.in-addr.arpa domain name pointer hit-nxdomain.opendns.com.
You have fallen into the trap called OpenDNS, you will need to either disable their nonsense search option or better yet not use them at all.
Can't ping tunnel or outside from LAN
Shadow Hawkins on Tuesday, 25 September 2012 20:30:13
Ok, got rid of OpenDNS and now from the router traceroute don't work!!!!. I know it has nothing to do with this, but it's happening....
root@blue:~# traceroute www.ipv6.sixxs.net
traceroute to www.ipv6.sixxs.net (2001:838:2:1:2a0:24ff:feab:3b53), 30 hops max, 38 byte packets
1traceroute: sendto: Invalid argument
and in Windows netsh don't work when I try to enable forwarding....
Can't ping tunnel or outside from LAN
1traceroute: sendto: Invalid argument
Check your firewall rules if they even allow IPv6, eg:
ip6tables -v --list -n
and in Windows netsh don't work when I try to enable forwarding....
As the Windows host is not forwarding any packets you do not need to enable forwarding.
Can't ping tunnel or outside from LAN
Shadow Hawkins on Wednesday, 26 September 2012 13:35:51
This is what I have, I think it's ok...
Table: Filter
Chain INPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BACCEPTall--lo*::/0::/0-
200.00 Bsyn_floodtcp--**::/0::/0tcp flags:0x17/0x02
32081868.21 KBinput_ruleall--**::/0::/0-
42079868.09 KBinputall--**::/0::/0-
Chain FORWARD (Policy: DROP, Packets: 0, Traffic: 0.00 B)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
112939948.80 KBforwarding_ruleall--**::/0::/0-
212939948.80 KBforwardall--**::/0::/0-
311784.00 Brejectall--**::/0::/0-
Chain OUTPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BACCEPTall--*lo::/0::/0-
21718842.82 KBoutput_ruleall--**::/0::/0-
31718842.82 KBoutputall--**::/0::/0-
Chain forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
12699198.73 KBzone_lan_forwardall--br-lan*::/0::/0-
200.00 Bzone_wan_forwardall--pppoe-wan*::/0::/0-
310229749.30 KBzone_wan6_forwardall--sixxs.0*::/0::/0-
Chain input (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
11352140.15 KBzone_lanall--br-lan*::/0::/0-
200.00 Bzone_wanall--pppoe-wan*::/0::/0-
3725727.83 KBzone_wan6all--sixxs.0*::/0::/0-
Chain output (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
11718842.82 KBzone_lan_ACCEPTall--**::/0::/0-
2729727.30 KBzone_wan_ACCEPTall--**::/0::/0-
3729727.30 KBzone_wan6_ACCEPTall--**::/0::/0-
Chain reject (References: 7)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
111784.00 BREJECTtcp--**::/0::/0reject-with tcp-reset
200.00 BREJECTall--**::/0::/0reject-with icmp6-port-unreachable
Chain syn_flood (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BRETURNtcp--**::/0::/0tcp flags:0x17/0x02 limit: avg 25/sec burst 50
200.00 BDROPall--**::/0::/0-
Chain zone_lan (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
11352140.15 KBinput_lanall--**::/0::/0-
21352140.15 KBzone_lan_ACCEPTall--**::/0::/0-
Chain zone_lan_ACCEPT (References: 3)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
1989115.52 KBACCEPTall--*br-lan::/0::/0-
21360140.71 KBACCEPTall--br-lan*::/0::/0-
Chain zone_lan_DROP (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--*br-lan::/0::/0-
200.00 BDROPall--br-lan*::/0::/0-
Chain zone_lan_REJECT (References: 0)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Brejectall--*br-lan::/0::/0-
200.00 Brejectall--br-lan*::/0::/0-
Chain zone_lan_forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
12699198.73 KBzone_wan6_ACCEPTall--**::/0::/0-
28572.00 Bzone_wan_ACCEPTall--**::/0::/0-
38572.00 Bforwarding_lanall--**::/0::/0-
48572.00 Bzone_lan_ACCEPTall--**::/0::/0-
Chain zone_wan (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Binput_wanall--**::/0::/0-
200.00 Bzone_wan_REJECTall--**::/0::/0-
Chain zone_wan6 (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--**::/0::/0rt type:0
2725727.83 KBACCEPTicmpv6--**::/0::/0ipv6-icmp type 128 limit: avg 2000/sec burst 5
300.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 1 limit: avg 2000/sec burst 5
400.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 2 limit: avg 2000/sec burst 5
500.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 3 limit: avg 2000/sec burst 5
600.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 4 code 0 limit: avg 2000/sec burst 5
700.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 4 code 1 limit: avg 2000/sec burst 5
800.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 133 limit: avg 2000/sec burst 5
900.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 135 limit: avg 2000/sec burst 5
1000.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 129 limit: avg 2000/sec burst 5
1100.00 Binput_wan6all--**::/0::/0-
1200.00 Bzone_wan6_DROPall--**::/0::/0-
Chain zone_wan6_ACCEPT (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
13415925.00 KBACCEPTall--*sixxs.0::/0::/0-
200.00 BACCEPTall--sixxs.0*::/0::/0-
Chain zone_wan6_DROP (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--*sixxs.0::/0::/0-
210229749.30 KBDROPall--sixxs.0*::/0::/0-
Chain zone_wan6_REJECT (References: 0)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Brejectall--*sixxs.0::/0::/0-
200.00 Brejectall--sixxs.0*::/0::/0-
Chain zone_wan6_forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Bzone_lan_DROPall--**::/0::/0rt type:0
210229749.30 KBforwarding_wan6all--**::/0::/0-
310229749.30 KBzone_wan6_DROPall--**::/0::/0-
Chain zone_wan_ACCEPT (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BACCEPTall--*pppoe-wan::/0::/0-
200.00 BACCEPTall--pppoe-wan*::/0::/0-
Chain zone_wan_DROP (References: 0)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--*pppoe-wan::/0::/0-
200.00 BDROPall--pppoe-wan*::/0::/0-
Chain zone_wan_REJECT (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Brejectall--*pppoe-wan::/0::/0-
200.00 Brejectall--pppoe-wan*::/0::/0-
Chain zone_wan_forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Bforwarding_wanall--**::/0::/0-
200.00 Bzone_wan_REJECTall--**::/0::/0-
Table: Mangle
Chain FORWARD (Policy: ACCEPT, Packets: 12939, Traffic: 948.80 KB)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
112939948.80 KBzone_wan_MSSFIXall--**::/0::/0-
Table: Raw
Chain PREROUTING (Policy: ACCEPT, Packets: 16137, Traffic: 2.03 MB)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
15480663.29 KBzone_lan_notrackall--br-lan*::/0::/0-
200.00 Bzone_wan_notrackall--pppoe-wan*::/0::/0-
3109531.44 MBzone_wan6_notrackall--sixxs.0*::/0::/0-
Can't ping tunnel or outside from LAN
Shadow Hawkins on Wednesday, 26 September 2012 13:37:50
Ok, let me put this again in a more readable way (I hope!)
Table: Filter
Chain INPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BACCEPTall--lo*::/0::/0-
200.00 Bsyn_floodtcp--**::/0::/0tcp flags:0x17/0x02
32081868.21 KBinput_ruleall--**::/0::/0-
42079868.09 KBinputall--**::/0::/0-
Chain FORWARD (Policy: DROP, Packets: 0, Traffic: 0.00 B)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
112939948.80 KBforwarding_ruleall--**::/0::/0-
212939948.80 KBforwardall--**::/0::/0-
311784.00 Brejectall--**::/0::/0-
Chain OUTPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BACCEPTall--*lo::/0::/0-
21718842.82 KBoutput_ruleall--**::/0::/0-
31718842.82 KBoutputall--**::/0::/0-
Chain forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
12699198.73 KBzone_lan_forwardall--br-lan*::/0::/0-
200.00 Bzone_wan_forwardall--pppoe-wan*::/0::/0-
310229749.30 KBzone_wan6_forwardall--sixxs.0*::/0::/0-
Chain input (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
11352140.15 KBzone_lanall--br-lan*::/0::/0-
200.00 Bzone_wanall--pppoe-wan*::/0::/0-
3725727.83 KBzone_wan6all--sixxs.0*::/0::/0-
Chain output (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
11718842.82 KBzone_lan_ACCEPTall--**::/0::/0-
2729727.30 KBzone_wan_ACCEPTall--**::/0::/0-
3729727.30 KBzone_wan6_ACCEPTall--**::/0::/0-
Chain reject (References: 7)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
111784.00 BREJECTtcp--**::/0::/0reject-with tcp-reset
200.00 BREJECTall--**::/0::/0reject-with icmp6-port-unreachable
Chain syn_flood (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BRETURNtcp--**::/0::/0tcp flags:0x17/0x02 limit: avg 25/sec burst 50
200.00 BDROPall--**::/0::/0-
Chain zone_lan (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
11352140.15 KBinput_lanall--**::/0::/0-
21352140.15 KBzone_lan_ACCEPTall--**::/0::/0-
Chain zone_lan_ACCEPT (References: 3)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
1989115.52 KBACCEPTall--*br-lan::/0::/0-
21360140.71 KBACCEPTall--br-lan*::/0::/0-
Chain zone_lan_DROP (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--*br-lan::/0::/0-
200.00 BDROPall--br-lan*::/0::/0-
Chain zone_lan_REJECT (References: 0)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Brejectall--*br-lan::/0::/0-
200.00 Brejectall--br-lan*::/0::/0-
Chain zone_lan_forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
12699198.73 KBzone_wan6_ACCEPTall--**::/0::/0-
28572.00 Bzone_wan_ACCEPTall--**::/0::/0-
38572.00 Bforwarding_lanall--**::/0::/0-
48572.00 Bzone_lan_ACCEPTall--**::/0::/0-
Chain zone_wan (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Binput_wanall--**::/0::/0-
200.00 Bzone_wan_REJECTall--**::/0::/0-
Chain zone_wan6 (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--**::/0::/0rt type:0
2725727.83 KBACCEPTicmpv6--**::/0::/0ipv6-icmp type 128 limit: avg 2000/sec burst 5
300.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 1 limit: avg 2000/sec burst 5
400.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 2 limit: avg 2000/sec burst 5
500.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 3 limit: avg 2000/sec burst 5
600.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 4 code 0 limit: avg 2000/sec burst 5
700.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 4 code 1 limit: avg 2000/sec burst 5
800.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 133 limit: avg 2000/sec burst 5
900.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 135 limit: avg 2000/sec burst 5
1000.00 BACCEPTicmpv6--**::/0::/0ipv6-icmp type 129 limit: avg 2000/sec burst 5
1100.00 Binput_wan6all--**::/0::/0-
1200.00 Bzone_wan6_DROPall--**::/0::/0-
Chain zone_wan6_ACCEPT (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
13415925.00 KBACCEPTall--*sixxs.0::/0::/0-
200.00 BACCEPTall--sixxs.0*::/0::/0-
Chain zone_wan6_DROP (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--*sixxs.0::/0::/0-
210229749.30 KBDROPall--sixxs.0*::/0::/0-
Chain zone_wan6_REJECT (References: 0)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Brejectall--*sixxs.0::/0::/0-
200.00 Brejectall--sixxs.0*::/0::/0-
Chain zone_wan6_forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Bzone_lan_DROPall--**::/0::/0rt type:0
210229749.30 KBforwarding_wan6all--**::/0::/0-
310229749.30 KBzone_wan6_DROPall--**::/0::/0-
Chain zone_wan_ACCEPT (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BACCEPTall--*pppoe-wan::/0::/0-
200.00 BACCEPTall--pppoe-wan*::/0::/0-
Chain zone_wan_DROP (References: 0)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 BDROPall--*pppoe-wan::/0::/0-
200.00 BDROPall--pppoe-wan*::/0::/0-
Chain zone_wan_REJECT (References: 2)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Brejectall--*pppoe-wan::/0::/0-
200.00 Brejectall--pppoe-wan*::/0::/0-
Chain zone_wan_forward (References: 1)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
100.00 Bforwarding_wanall--**::/0::/0-
200.00 Bzone_wan_REJECTall--**::/0::/0-
Table: Mangle
Chain FORWARD (Policy: ACCEPT, Packets: 12939, Traffic: 948.80 KB)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
112939948.80 KBzone_wan_MSSFIXall--**::/0::/0-
Table: Raw
Chain PREROUTING (Policy: ACCEPT, Packets: 16137, Traffic: 2.03 MB)
Rule #Pkts.TrafficTargetProt.FlagsInOutSourceDestinationOptions
15480663.29 KBzone_lan_notrackall--br-lan*::/0::/0-
200.00 Bzone_wan_notrackall--pppoe-wan*::/0::/0-
3109531.44 MBzone_wan6_notrackall--sixxs.0*::/0::/0-
Can't ping tunnel or outside from LAN
Default policies of DROP and a lot of REJECT and DROPPED packets in there, you might want to start with an empty/clean ruleset with ACCEPT policy instead.
Can't ping tunnel or outside from LAN
Shadow Hawkins on Wednesday, 26 September 2012 13:44:51
Ok, sorry for the triple post, but I don't know how to delete the previous..., hope this last time is fine...
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lo * ::/0 ::/0
0 0 syn_flood tcp * * ::/0 ::/0 tcp flags:0x17/0x02
2108 898K input_rule all * * ::/0 ::/0
2106 898K input all * * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
13368 1003K forwarding_rule all * * ::/0 ::/0
13368 1003K forward all * * ::/0 ::/0
11 784 reject all * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * lo ::/0 ::/0
1737 872K output_rule all * * ::/0 ::/0
1737 872K output all * * ::/0 ::/0
Chain forward (1 references)
pkts bytes target prot opt in out source destination
2771 209K zone_lan_forward all br-lan * ::/0 ::/0
0 0 zone_wan_forward all pppoe-wan * ::/0 ::/0
10586 793K zone_wan6_forward all sixxs.0 * ::/0 ::/0
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan6 (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
1372 146K zone_lan all br-lan * ::/0 ::/0
0 0 zone_wan all pppoe-wan * ::/0 ::/0
732 752K zone_wan6 all sixxs.0 * ::/0 ::/0
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan6 (1 references)
pkts bytes target prot opt in out source destination
Chain output (1 references)
pkts bytes target prot opt in out source destination
1737 872K zone_lan_ACCEPT all * * ::/0 ::/0
736 752K zone_wan_ACCEPT all * * ::/0 ::/0
736 752K zone_wan6_ACCEPT all * * ::/0 ::/0
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (7 references)
pkts bytes target prot opt in out source destination
11 784 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp * * ::/0 ::/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
0 0 DROP all * * ::/0 ::/0
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
1372 146K input_lan all * * ::/0 ::/0
1372 146K zone_lan_ACCEPT all * * ::/0 ::/0
Chain zone_lan_ACCEPT (3 references)
pkts bytes target prot opt in out source destination
1001 120K ACCEPT all * br-lan ::/0 ::/0
1380 146K ACCEPT all br-lan * ::/0 ::/0
Chain zone_lan_DROP (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * br-lan ::/0 ::/0
0 0 DROP all br-lan * ::/0 ::/0
Chain zone_lan_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all * br-lan ::/0 ::/0
0 0 reject all br-lan * ::/0 ::/0
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
2771 209K zone_wan6_ACCEPT all * * ::/0 ::/0
8 572 zone_wan_ACCEPT all * * ::/0 ::/0
8 572 forwarding_lan all * * ::/0 ::/0
8 572 zone_lan_ACCEPT all * * ::/0 ::/0
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 input_wan all * * ::/0 ::/0
0 0 zone_wan_REJECT all * * ::/0 ::/0
Chain zone_wan6 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0 rt type:0
732 752K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4 code 0 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4 code 1 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 133 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 135 limit: avg 2000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129 limit: avg 2000/sec burst 5
0 0 input_wan6 all * * ::/0 ::/0
0 0 zone_wan6_DROP all * * ::/0 ::/0
Chain zone_wan6_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
3494 960K ACCEPT all * sixxs.0 ::/0 ::/0
0 0 ACCEPT all sixxs.0 * ::/0 ::/0
Chain zone_wan6_DROP (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * sixxs.0 ::/0 ::/0
10586 793K DROP all sixxs.0 * ::/0 ::/0
Chain zone_wan6_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all * sixxs.0 ::/0 ::/0
0 0 reject all sixxs.0 * ::/0 ::/0
Chain zone_wan6_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 zone_lan_DROP all * * ::/0 ::/0 rt type:0
10586 793K forwarding_wan6 all * * ::/0 ::/0
10586 793K zone_wan6_DROP all * * ::/0 ::/0
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * pppoe-wan ::/0 ::/0
0 0 ACCEPT all pppoe-wan * ::/0 ::/0
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * pppoe-wan ::/0 ::/0
0 0 DROP all pppoe-wan * ::/0 ::/0
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
0 0 reject all * pppoe-wan ::/0 ::/0
0 0 reject all pppoe-wan * ::/0 ::/0
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_wan all * * ::/0 ::/0
0 0 zone_wan_REJECT all * * ::/0 ::/0
Can't ping tunnel or outside from LAN
Shadow Hawkins on Wednesday, 26 September 2012 13:48:07
ok, did't work, sorry for the triple post, but I do not wan't to keep posting, please use the first and discard the second and third, as I think they are incomplete.
Can't ping tunnel or outside from LAN
Shadow Hawkins on Wednesday, 26 September 2012 15:27:48
Ok, finally it worked!!!
I only have to add the following to my /etc/config/firewall
config 'forwarding'
option 'src' 'wan6'
option 'dest' 'lan'
so now I have this:
config 'defaults'
option 'drop_invalid' '1'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'DROP'
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'wan'
option 'input' 'DROP'
option 'output' 'ACCEPT'
option 'forward' 'DROP'
option 'masq' '1'
option 'mtu_fix' '1'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
option 'mtu_fix' '1'
config 'include'
option 'path' '/etc/firewall.user'
config 'zone'
option 'name' 'wan6'
option 'network' 'wan6'
option 'family' 'ipv6'
option 'input' 'DROP'
option 'output' 'ACCEPT'
option 'forward' 'DROP'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan6'
config 'forwarding'
option 'src' 'wan6'
option 'dest' 'lan'
config 'rule'
option 'name' 'RHO'
option 'family' 'ipv6'
option 'target' 'DROP'
option 'extra' '-m rt --rt-type 0'
option 'proto' 'all'
option 'src' 'wan6'
config 'rule'
option 'name' 'RHO2'
option 'family' 'ipv6'
option 'target' 'DROP'
option 'extra' '-m rt --rt-type 0'
option 'proto' 'all'
option 'src' 'wan6'
option 'dest' 'lan'
config 'rule'
option 'target' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'DROP'
option 'name' 'Allow-Ping ipv6'
option 'family' 'ipv6'
option 'proto' 'icmp'
option 'src' 'wan6'
option 'limit' '2000/sec'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
list 'icmp_type' 'router-solicitation'
list 'icmp_type' 'neighbour-solicitation'
list 'icmp_type' 'echo-reply'
But I really don't fully understand, because as you can see I do not have that for thw 'wan' zone, so why it's needed dor 'wan6'?
Despite all this.... it's working!!!!!! yahooooooo, thant's very very very very much!!!!!!!!!
Pablo
|
![[ch]](/s/countries/ch.gif)
on Sunday, 23 September 2012 15:37:26
Posting is only allowed when you are