[rlug] Webserver pe IPv6

Tue, 31 Dec 2019 07:15:04 -0800 

  Salut,
  Am un home server pe care vreau sa il fac vizibil pe ipv6 (din motiv de prea mult timp liber de sarbatori). Serverul e situat in spatele unui router Asus RT-AC68U cu firmware Asuswrt-Merlin. Am configurat atat routerul cat si serverul dupa puterile mele, rezultatul fiind ceva de genul (copy-paste din ce raporteaza routerul): 

   IPv6 Connection Type: Native with DHCP-PD
   *WAN IPv6 Address: 2a02:181f:zzz:d0b3*
   WAN IPv6 Gateway: fe80::217:10ff:fe87:a589
   *LAN IPv6 Address: 2a02:1807:xxx:yyy::1/56*
   LAN IPv6 link-local Address: fe80::e23f:49ff:fe24:68a8/64
   DHCP-PD: Enabled
   *LAN IPv6 Prefix: 2a02:1807:xxx:yyy::/56*


Partea cu 2a02:1807:xxx:yyy::/56 e obtinuta prin DHCP6 si corespunde cu 
ce mi-a comunicat ISP-ul ca ar fi adresa mea statica IPv6.*

*



Serverul in sine e o mashina virtuala (bsd jail) care ruleaza pe FreeBSD 
si e configurat static:


   root@erebus:/ # ifconfig
   lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
            inet 127.0.0.1 netmask 0xff000000
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
            groups: lo
   epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
   mtu 1500
            options=8<VLAN_MTU>
            ether 08:62:66:2d:5e:24
            hwaddr 02:9d:d0:00:09:0b
            inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
   *        inet6 2a02:1807:xxx:yyy::3 prefixlen 56*
            nd6 options=1<PERFORMNUD>
            media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
            status: active
            groups: epair


Baiul este ca routerul nu pare sa faca forward la pachetele din 
exterior. Folosind http://nl.traceroute6.net, ping6 imi zice asa:


   2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes
    From *2a02:181f:zzz:d0b3* icmp_seq=2 Destination unreachable:
   Address unreachable
    From *2a02:181f:zzz:d0b3* icmp_seq=3 Destination unreachable:
   Address unreachable
    From *2a02:181f:zzz:d0b3* icmp_seq=5 Destination unreachable:
   Address unreachable

   --- 2a02:1807:xxx:yyy::3 ping statistics ---
   5 packets transmitted, 0 received, +3 errors, 100% packet loss, time
   4000ms


Adresa 2a02:181f:zzz:d0b3 e routerul insusi (IP-ul extern). Pot sa fac 
ping6 cu succes de la router la server, de la statia mea de lucru la 
server, de la server la orice adresa ipv6 interna/externa, dar nu din 
exterior la server. Deci pare sa fie ceva legat de forwarding. Routerul 
are un firewall ipv6 pe care l-am inspectat atat din gui cat si din 
linia de comanda (ip6tables) si pare ok - are forwarding la adresa ipv6 
a serverului meu.



Ce ma nelamureste cu adevarat este urmatoarea chestie:

1. ma conectez la router si dau din linia de comanda ping6 la serverul meu:

   admin@RT-AC68U-68A8:/proc/sys/net/ipv6/conf# ping6 2a02:1807:xxx:yyy::3
   PING 2a02:1807:xxx:yyy::3 (2a02:1807:xxx:yyy::3): 56 data bytes
   64 bytes from 2a02:1807:xxx:yyy::3: seq=0 ttl=64 time=5.275 ms
   64 bytes from 2a02:1807:xxx:yyy::3: seq=1 ttl=64 time=0.472 ms

2. opresc ping6 de pe router


3. in decurs de cateva secunde, ma duc la http://nl.traceroute6.net, dau 
ping6 la serverul meu si functioneaza:


   PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes

   64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=1 ttl=53 time=20.5 ms
   64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=2 ttl=54 time=20.9 ms
   64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=3 ttl=54 time=21.7 ms

     

Am verificat si cu alte tool-uri online si porturile porturile 80 si 443 
(http/https) sunt de asemenea accesibile.



4. Insa nici ping6 nici http-ul nu functioneaza pentru mult timp - in 
decurs de 10 secunde situatia revine la "Destination unreachable: 
Address unreachable".




Am inspectat /proc/sys/net/ipv6/conf/*/forwarding de pe router si toate 
interfetele au forwarding pe 1, cu exceptia interfetei WAN, care e pe 0. 
Daca o pun pe 1:


    admin@RT-AC68U-68A8:/proc/sys/net/ipv6/conf# echo 1 > ./eth0/forwarding

atunci http://nl.traceroute6.net zice scurt:

   PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes

   --- 2a02:1807:xxx:yyy::3 ping statistics ---
   5 packets transmitted, 0 received, 100% packet loss, time 4000ms



Nu ma pricep la IPv6. Stie cineva sa imi dea un indiciu ce am configurat 
aiurea ? Routerul e un embedded Linux, pot sa verific din linia de 
comanda toate setarile.


Multumesc,
Mihai









_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro






















					Raspunde prin e-mail lui