SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #1324777
Ticket Status: User

PoP: dedus01 - SpeedPartner GmbH (Duesseldorf)

Tunnel stopped working after power outage
[de] Shadow Hawkins on Monday, 11 January 2010 16:27:12
my handle: MHK3-SIXXS tunnel ID: T22970 email: mathias@bitcaster.de Tunnel stopped working after a power outage. Nothing in the FAQ that helps me, no changes on local system other than restarting it... "aiccu test" fails at the "ping6 to remote endpoint" stage. wireshark listening on the tunnel interface sees this when ping6-ing to noc.sixx.net from a host in our local LAN: Capturing on sixxs 0.000000 2a01:198:502:0:215:17ff:fe62:501 -> 2001:838:1:1:210:dcff:fe20:7c7c ICMPv6 Echo request 1.014084 2a01:198:502:0:215:17ff:fe62:501 -> 2001:838:1:1:210:dcff:fe20:7c7c ICMPv6 Echo request 2.014086 2a01:198:502:0:215:17ff:fe62:501 -> 2001:838:1:1:210:dcff:fe20:7c7c ICMPv6 Echo request wireshark does not see any return packets. the firewall also sees the outgoing packets, but no packets coming back are seen. there are also no IPv6 packets being dropped. connection detail: aiccu host is openSUSE 11.1 running the latest AICCU and connected to internet thru DSL from QSC which otherwhise runs just fine. uname -a: furystation:~ # uname -a Linux furystation 2.6.27.39-0.2-default #1 SMP 2009-11-23 12:57:38 +0100 i686 i686 i386 GNU/Linux traceroute to pop: furystation:~ # traceroute 91.184.37.98 traceroute to 91.184.37.98 (91.184.37.98), 30 hops max, 40 byte packets using UDP 1 bras1.fra.qsc.de (213.148.133.203) 13.531 ms 17.147 ms 18.891 ms 2 core1.fra.qsc.de (87.234.12.237) 7.075 ms 7.357 ms 7.384 ms 3 core1.dus.qsc.de (213.148.128.214) 11.120 ms 11.030 ms 10.885 ms 4 speedpartner.dus.ecix.net (194.146.118.13) 11.479 ms 10.812 ms 10.888 ms 5 dedus01.sixxs.net (91.184.37.98) 11.734 ms 11.094 ms 11.152 ms interface tables: furystation:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0e:0c:67:ca:5e brd ff:ff:ff:ff:ff:ff inet 192.168.1.8/24 brd 192.168.1.255 scope global eth0 inet6 2a01:198:502::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::20e:cff:fe67:ca5e/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:0e:0c:67:ca:5f brd ff:ff:ff:ff:ff:ff inet 192.168.101.254/24 brd 192.168.101.255 scope global eth1 inet6 fe80::20e:cff:fe67:ca5f/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:04:23:bd:2a:d6 brd ff:ff:ff:ff:ff:ff inet 192.168.201.254/24 brd 192.168.201.255 scope global eth2 inet6 fe80::204:23ff:febd:2ad6/64 scope link valid_lft forever preferred_lft forever 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:04:23:bd:2a:d7 brd ff:ff:ff:ff:ff:ff 6: sit0: <NOARP> mtu 1480 qdisc noop state DOWN link/sit 0.0.0.0 brd 0.0.0.0 8: dsl0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc htb state UNKNOWN qlen 3 link/ppp inet 87.193.228.95 peer 213.148.133.203/32 scope global dsl0 9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 192.168.2.1 peer 192.168.2.2/32 scope global tun0 13: sixxs@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN link/sit 87.193.228.95 peer 91.184.37.98 inet6 2a01:198:200:5f4::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::c0a8:201/64 scope link valid_lft forever preferred_lft forever inet6 fe80::57c1:e45f/64 scope link valid_lft forever preferred_lft forever inet6 fe80::c0a8:c9fe/64 scope link valid_lft forever preferred_lft forever inet6 fe80::c0a8:65fe/64 scope link valid_lft forever preferred_lft forever inet6 fe80::c0a8:108/64 scope link valid_lft forever preferred_lft forever routing tables: furystation:~ # ip route 192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1 213.148.133.203 dev dsl0 proto kernel scope link src 87.193.228.95 192.168.101.0/24 dev eth1 proto kernel scope link src 192.168.101.254 192.168.2.0/24 via 192.168.2.2 dev tun0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.8 192.168.201.0/24 dev eth2 proto kernel scope link src 192.168.201.254 169.254.0.0/16 dev eth0 scope link 127.0.0.0/8 dev lo scope link default dev dsl0 scope link furystation:~ # ip route show table 3 192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1 213.148.133.203 dev dsl0 proto kernel scope link src 87.193.228.95 192.168.101.0/24 dev eth1 proto kernel scope link src 192.168.101.254 192.168.2.0/24 via 192.168.2.2 dev tun0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.8 192.168.201.0/24 dev eth2 proto kernel scope link src 192.168.201.254 169.254.0.0/16 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 192.168.1.1 dev eth0 furystation:~ # ip -f inet6 route show 2a01:198:200:5f4::/64 via :: dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 2a01:198:502::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 via :: dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 default via 2a01:198:200:5f4::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 4294967295 iptables rules: furystation:~ # iptables-save # Generated by iptables-save v1.4.2-rc1 on Mon Jan 11 16:21:50 2010 *nat :PREROUTING ACCEPT [7461:613337] :POSTROUTING ACCEPT [4091:235207] :OUTPUT ACCEPT [1116:123268] -A PREROUTING -i dsl0 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.1.97:5060 -A PREROUTING -i eth1 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.1.97:5060 -A PREROUTING -i eth2 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.1.97:5060 -A PREROUTING -i sixxs -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.1.97:5060 -A PREROUTING -i eth3 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.1.97:5060 -A PREROUTING -i dsl0 -p udp -m udp --dport 4569 -j DNAT --to-destination 192.168.1.97:4569 -A PREROUTING -i eth1 -p udp -m udp --dport 4569 -j DNAT --to-destination 192.168.1.97:4569 -A PREROUTING -i eth2 -p udp -m udp --dport 4569 -j DNAT --to-destination 192.168.1.97:4569 -A PREROUTING -i sixxs -p udp -m udp --dport 4569 -j DNAT --to-destination 192.168.1.97:4569 -A PREROUTING -i eth3 -p udp -m udp --dport 4569 -j DNAT --to-destination 192.168.1.97:4569 -A PREROUTING -i dsl0 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.97:10000-20000 -A PREROUTING -i eth1 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.97:10000-20000 -A PREROUTING -i eth2 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.97:10000-20000 -A PREROUTING -i sixxs -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.97:10000-20000 -A PREROUTING -i eth3 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.97:10000-20000 -A POSTROUTING -o dsl0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth2 -j MASQUERADE -A POSTROUTING -o sixxs -j MASQUERADE -A POSTROUTING -o eth3 -j MASQUERADE COMMIT # Completed on Mon Jan 11 16:21:50 2010 # Generated by iptables-save v1.4.2-rc1 on Mon Jan 11 16:21:50 2010 *mangle :PREROUTING ACCEPT [115590:28190659] :INPUT ACCEPT [16522:12580004] :FORWARD ACCEPT [98685:15570678] :OUTPUT ACCEPT [14809:1942134] :POSTROUTING ACCEPT [112806:17446956] -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 21 -j MARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.2.0/24 -p tcp -m tcp --dport 21 -j MARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.2.0/24 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.2.0/24 -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x3/0xffffffff -A POSTROUTING -o dsl0 -p tcp -m length --length 0:64 -j MARK --set-xmark 0xa/0xffffffff -A POSTROUTING -o dsl0 -p tcp -m tos --tos 0x10/0x3f -m tcp --dport 22 -j MARK --set-xmark 0xa/0xffffffff -A POSTROUTING -o dsl0 -p tcp -m tos --tos 0x10/0x3f -m tcp --sport 22 -j MARK --set-xmark 0xa/0xffffffff -A POSTROUTING -o dsl0 -p udp -m udp --dport 53 -j MARK --set-xmark 0xa/0xffffffff -A POSTROUTING -o dsl0 -p tcp -m tcp --dport 53 -j MARK --set-xmark 0xa/0xffffffff -A POSTROUTING -o dsl0 -p esp -j MARK --set-xmark 0xb/0xffffffff COMMIT # Completed on Mon Jan 11 16:21:50 2010 # Generated by iptables-save v1.4.2-rc1 on Mon Jan 11 16:21:50 2010 *raw :PREROUTING ACCEPT [115735:28201158] :OUTPUT ACCEPT [14852:1947651] -A PREROUTING -i lo -j NOTRACK -A OUTPUT -o lo -j NOTRACK COMMIT # Completed on Mon Jan 11 16:21:50 2010 # Generated by iptables-save v1.4.2-rc1 on Mon Jan 11 16:21:50 2010 *filter :INPUT DROP [0:0] :FORWARD DROP [2:1324] :OUTPUT ACCEPT [70:4564] :forward_ext - [0:0] :forward_int - [0:0] :input_ext - [0:0] :input_int - [0:0] :reject_func - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state ESTABLISHED -j ACCEPT -A INPUT -p icmp -m state --state RELATED -j ACCEPT -A INPUT -i eth0 -j input_int -A INPUT -i tun0 -j input_int -A INPUT -i dsl0 -j input_ext -A INPUT -i eth1 -j input_ext -A INPUT -i eth2 -j input_ext -A INPUT -i sixxs -j input_ext -A INPUT -i eth3 -j input_ext -A INPUT -j input_ext -A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options -A INPUT -j DROP -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT -A FORWARD -i eth0 -j forward_int -A FORWARD -i tun0 -j forward_int -A FORWARD -i dsl0 -j forward_ext -A FORWARD -i eth1 -j forward_ext -A FORWARD -i eth2 -j forward_ext -A FORWARD -i sixxs -j forward_ext -A FORWARD -i eth3 -j forward_ext -A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT -A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT -A forward_ext -o dsl0 -j ACCEPT -A forward_ext -o eth1 -j ACCEPT -A forward_ext -o eth2 -j ACCEPT -A forward_ext -o sixxs -j ACCEPT -A forward_ext -o eth3 -j ACCEPT -A forward_ext -i dsl0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i dsl0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i eth1 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i eth2 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i sixxs -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i sixxs -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i eth3 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -i eth3 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -d 192.168.1.97/32 -p udp -m limit --limit 3/min -m udp --dport 5060 -m state --state NEW -j LOG --log-prefix "SFW2-FWDext-ACC-REVMASQ " --log-tcp-options --log-ip-options -A forward_ext -d 192.168.1.97/32 -p udp -m udp --dport 5060 -j ACCEPT -A forward_ext -s 192.168.1.97/32 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -d 192.168.1.97/32 -p udp -m limit --limit 3/min -m udp --dport 4569 -m state --state NEW -j LOG --log-prefix "SFW2-FWDext-ACC-REVMASQ " --log-tcp-options --log-ip-options -A forward_ext -d 192.168.1.97/32 -p udp -m udp --dport 4569 -j ACCEPT -A forward_ext -s 192.168.1.97/32 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -d 192.168.1.97/32 -p udp -m limit --limit 3/min -m udp --dport 10000:20000 -m state --state NEW -j LOG --log-prefix "SFW2-FWDext-ACC-REVMASQ " --log-tcp-options --log-ip-options -A forward_ext -d 192.168.1.97/32 -p udp -m udp --dport 10000:20000 -j ACCEPT -A forward_ext -s 192.168.1.97/32 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -m limit --limit 3/min -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -m pkttype --pkt-type multicast -j DROP -A forward_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT-INV " --log-tcp-options --log-ip-options -A forward_ext -j DROP -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT -A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT -A forward_int -o eth0 -j ACCEPT -A forward_int -o tun0 -j ACCEPT -A forward_int -i eth0 -o dsl0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i tun0 -o dsl0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i eth0 -o eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i tun0 -o eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i eth0 -o eth2 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i tun0 -o eth2 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i eth0 -o sixxs -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i tun0 -o sixxs -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i eth0 -o eth3 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -i tun0 -o eth3 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -d 192.168.1.97/32 -p udp -m limit --limit 3/min -m udp --dport 5060 -m state --state NEW -j LOG --log-prefix "SFW2-FWDint-ACC-REVMASQ " --log-tcp-options --log-ip-options -A forward_int -d 192.168.1.97/32 -p udp -m udp --dport 5060 -j ACCEPT -A forward_int -s 192.168.1.97/32 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_int -d 192.168.1.97/32 -p udp -m limit --limit 3/min -m udp --dport 4569 -m state --state NEW -j LOG --log-prefix "SFW2-FWDint-ACC-REVMASQ " --log-tcp-options --log-ip-options -A forward_int -d 192.168.1.97/32 -p udp -m udp --dport 4569 -j ACCEPT -A forward_int -s 192.168.1.97/32 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_int -d 192.168.1.97/32 -p udp -m limit --limit 3/min -m udp --dport 10000:20000 -m state --state NEW -j LOG --log-prefix "SFW2-FWDint-ACC-REVMASQ " --log-tcp-options --log-ip-options -A forward_int -d 192.168.1.97/32 -p udp -m udp --dport 10000:20000 -j ACCEPT -A forward_int -s 192.168.1.97/32 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_int -m limit --limit 3/min -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -m pkttype --pkt-type multicast -j DROP -A forward_int -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT-INV " --log-tcp-options --log-ip-options -A forward_int -j reject_func -A input_ext -m pkttype --pkt-type broadcast -j DROP -A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT -A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1194 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options -A input_ext -p tcp -m tcp --dport 1194 -j ACCEPT -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options -A input_ext -p tcp -m tcp --dport 22 -j ACCEPT -A input_ext -p udp -m udp --dport 4569 -j ACCEPT -A input_ext -p udp -m udp --dport 5060 -j ACCEPT -A input_ext -p udp -m udp --dport 10000:20000 -j ACCEPT -A input_ext -p udp -m udp --dport 1194 -j ACCEPT -A input_ext -m limit --limit 3/min -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -m pkttype --pkt-type multicast -j DROP -A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-INext-DROP-DEFLT-INV " --log-tcp-options --log-ip-options -A input_ext -j DROP -A input_int -j ACCEPT -A reject_func -p tcp -j REJECT --reject-with tcp-reset -A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable -A reject_func -j REJECT --reject-with icmp-proto-unreachable COMMIT # Completed on Mon Jan 11 16:21:50 2010 ip6tables-save: furystation:~ # ip6tables-save # Generated by ip6tables-save v1.4.2-rc1 on Mon Jan 11 16:22:15 2010 *raw :PREROUTING ACCEPT [1183:118263] :OUTPUT ACCEPT [445:40968] -A PREROUTING -i lo -j NOTRACK -A OUTPUT -o lo -j NOTRACK COMMIT # Completed on Mon Jan 11 16:22:15 2010 # Generated by ip6tables-save v1.4.2-rc1 on Mon Jan 11 16:22:15 2010 *mangle :PREROUTING ACCEPT [1183:118263] :INPUT ACCEPT [379:34464] :FORWARD ACCEPT [801:83551] :OUTPUT ACCEPT [445:40968] :POSTROUTING ACCEPT [1509:149782] COMMIT # Completed on Mon Jan 11 16:22:15 2010 # Generated by ip6tables-save v1.4.2-rc1 on Mon Jan 11 16:22:15 2010 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :forward_ext - [0:0] :forward_int - [0:0] :input_ext - [0:0] :input_int - [0:0] :reject_func - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -m state --state RELATED -j ACCEPT -A INPUT -i eth0 -j input_int -A INPUT -i tun0 -j input_int -A INPUT -i dsl0 -j input_ext -A INPUT -i eth1 -j input_ext -A INPUT -i eth2 -j input_ext -A INPUT -i sixxs -j input_ext -A INPUT -i eth3 -j input_ext -A INPUT -j input_ext -A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options -A INPUT -j DROP -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT -A FORWARD -i eth0 -j forward_int -A FORWARD -i tun0 -j forward_int -A FORWARD -i dsl0 -j forward_ext -A FORWARD -i eth1 -j forward_ext -A FORWARD -i eth2 -j forward_ext -A FORWARD -i sixxs -j forward_ext -A FORWARD -i eth3 -j forward_ext -A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p ipv6-icmp -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options -A forward_ext -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 129 -j ACCEPT -A forward_ext -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 1 -j ACCEPT -A forward_ext -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 2 -j ACCEPT -A forward_ext -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 3 -j ACCEPT -A forward_ext -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 4 -j ACCEPT -A forward_ext -o dsl0 -j ACCEPT -A forward_ext -o eth1 -j ACCEPT -A forward_ext -o eth2 -j ACCEPT -A forward_ext -o sixxs -j ACCEPT -A forward_ext -o eth3 -j ACCEPT -A forward_ext -s 2a01:198:502::/64 -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-FWDext-ACC-FORW " --log-tcp-options --log-ip-options -A forward_ext -s 2a01:198:502::/64 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_ext -d 2a01:198:502::/64 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -p ipv6-icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_ext -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT-INV " --log-tcp-options --log-ip-options -A forward_ext -j DROP -A forward_int -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 129 -j ACCEPT -A forward_int -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 1 -j ACCEPT -A forward_int -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 2 -j ACCEPT -A forward_int -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 3 -j ACCEPT -A forward_int -p ipv6-icmp -m state --state RELATED,ESTABLISHED -m icmp6 --icmpv6-type 4 -j ACCEPT -A forward_int -o eth0 -j ACCEPT -A forward_int -o tun0 -j ACCEPT -A forward_int -s 2a01:198:502::/64 -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-FWDint-ACC-FORW " --log-tcp-options --log-ip-options -A forward_int -s 2a01:198:502::/64 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A forward_int -d 2a01:198:502::/64 -m state --state RELATED,ESTABLISHED -j ACCEPT -A forward_int -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -p ipv6-icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options -A forward_int -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT-INV " --log-tcp-options --log-ip-options -A forward_int -j reject_func -A input_ext -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT -A input_ext -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT -A input_ext -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT -A input_ext -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT -A input_ext -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT -A input_ext -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j ACCEPT -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1194 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options -A input_ext -p tcp -m tcp --dport 1194 -j ACCEPT -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options -A input_ext -p tcp -m tcp --dport 22 -j ACCEPT -A input_ext -p udp -m udp --dport 4569 -j ACCEPT -A input_ext -p udp -m udp --dport 5060 -j ACCEPT -A input_ext -p udp -m udp --dport 10000:20000 -j ACCEPT -A input_ext -p udp -m udp --dport 1194 -j ACCEPT -A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -p ipv6-icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options -A input_ext -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-INext-DROP-DEFLT-INV " --log-tcp-options --log-ip-options -A input_ext -j DROP -A input_int -j ACCEPT -A reject_func -p tcp -j REJECT --reject-with tcp-reset -A reject_func -p udp -j REJECT --reject-with icmp6-port-unreachable -A reject_func -j REJECT --reject-with icmp6-addr-unreachable -A reject_func -j DROP COMMIT # Completed on Mon Jan 11 16:22:15 2010
State change: user Locked
[ch] Jeroen Massar SixXS Staff on Monday, 11 January 2010 17:14:46
Message is Locked
The state of this ticket has been changed to user
Tunnel stopped working after power outage
[ch] Jeroen Massar SixXS Staff on Monday, 11 January 2010 17:24:32
wireshark listening on the tunnel interface
Please re-read the contact page and use the underlying (IPv4) interface as that is where you will see the tunneled packets (if they are there) and any return traffic like ICMP.
sees this when ping6-ing to > noc.sixx.net from a host in our local LAN:
you mean noc.sixxs.net, but why are you pinging that, try the PoP endpoint of your tunnel. This is stated on the contact page....
wireshark does not see any return packets.
Because you are looking at the wrong interface.
inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
Out of 127.0.0.1/8 only 127.0.0.1 is allowed to be used, everything else in 127.0.0.0/8 is unused.... As for your routing tables and firewall rules, we are not your personal debug service, make it simpler (aka disable it), then try again. Also please actually read that big yellow box, it is there for a reason.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker