De ip6tables n-ai zis nimic... On Tue, 31 Dec 2019, 17:15 Mihai Osian, <[email protected]> wrote:
> Salut, > > Am un home server pe care vreau sa il fac vizibil pe ipv6 (din motiv > de prea mult timp liber de sarbatori). Serverul e situat in spatele unui > router Asus RT-AC68U cu firmware Asuswrt-Merlin. Am configurat atat > routerul cat si serverul dupa puterile mele, rezultatul fiind ceva de > genul (copy-paste din ce raporteaza routerul): > > IPv6 Connection Type: Native with DHCP-PD > *WAN IPv6 Address: 2a02:181f:zzz:d0b3* > WAN IPv6 Gateway: fe80::217:10ff:fe87:a589 > *LAN IPv6 Address: 2a02:1807:xxx:yyy::1/56* > LAN IPv6 link-local Address: fe80::e23f:49ff:fe24:68a8/64 > DHCP-PD: Enabled > *LAN IPv6 Prefix: 2a02:1807:xxx:yyy::/56* > > Partea cu 2a02:1807:xxx:yyy::/56 e obtinuta prin DHCP6 si corespunde cu > ce mi-a comunicat ISP-ul ca ar fi adresa mea statica IPv6.* > * > > > Serverul in sine e o mashina virtuala (bsd jail) care ruleaza pe FreeBSD > si e configurat static: > > root@erebus:/ # ifconfig > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > groups: lo > epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 > mtu 1500 > options=8<VLAN_MTU> > ether 08:62:66:2d:5e:24 > hwaddr 02:9d:d0:00:09:0b > inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255 > * inet6 2a02:1807:xxx:yyy::3 prefixlen 56* > nd6 options=1<PERFORMNUD> > media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) > status: active > groups: epair > > Baiul este ca routerul nu pare sa faca forward la pachetele din > exterior. Folosind http://nl.traceroute6.net, ping6 imi zice asa: > > 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes > From *2a02:181f:zzz:d0b3* icmp_seq=2 Destination unreachable: > Address unreachable > From *2a02:181f:zzz:d0b3* icmp_seq=3 Destination unreachable: > Address unreachable > From *2a02:181f:zzz:d0b3* icmp_seq=5 Destination unreachable: > Address unreachable > > --- 2a02:1807:xxx:yyy::3 ping statistics --- > 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time > 4000ms > > Adresa 2a02:181f:zzz:d0b3 e routerul insusi (IP-ul extern). Pot sa fac > ping6 cu succes de la router la server, de la statia mea de lucru la > server, de la server la orice adresa ipv6 interna/externa, dar nu din > exterior la server. Deci pare sa fie ceva legat de forwarding. Routerul > are un firewall ipv6 pe care l-am inspectat atat din gui cat si din > linia de comanda (ip6tables) si pare ok - are forwarding la adresa ipv6 > a serverului meu. > > > Ce ma nelamureste cu adevarat este urmatoarea chestie: > > 1. ma conectez la router si dau din linia de comanda ping6 la serverul meu: > > admin@RT-AC68U-68A8:/proc/sys/net/ipv6/conf# ping6 > 2a02:1807:xxx:yyy::3 > PING 2a02:1807:xxx:yyy::3 (2a02:1807:xxx:yyy::3): 56 data bytes > 64 bytes from 2a02:1807:xxx:yyy::3: seq=0 ttl=64 time=5.275 ms > 64 bytes from 2a02:1807:xxx:yyy::3: seq=1 ttl=64 time=0.472 ms > > 2. opresc ping6 de pe router > > 3. in decurs de cateva secunde, ma duc la http://nl.traceroute6.net, dau > ping6 la serverul meu si functioneaza: > > PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes > > 64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=1 ttl=53 time=20.5 ms > 64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=2 ttl=54 time=20.9 ms > 64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=3 ttl=54 time=21.7 ms > > > Am verificat si cu alte tool-uri online si porturile porturile 80 si 443 > (http/https) sunt de asemenea accesibile. > > 4. Insa nici ping6 nici http-ul nu functioneaza pentru mult timp - in > decurs de 10 secunde situatia revine la "Destination unreachable: > Address unreachable". > > > Am inspectat /proc/sys/net/ipv6/conf/*/forwarding de pe router si toate > interfetele au forwarding pe 1, cu exceptia interfetei WAN, care e pe 0. > Daca o pun pe 1: > > admin@RT-AC68U-68A8:/proc/sys/net/ipv6/conf# echo 1 > > ./eth0/forwarding > > atunci http://nl.traceroute6.net zice scurt: > > PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes > > --- 2a02:1807:xxx:yyy::3 ping statistics --- > 5 packets transmitted, 0 received, 100% packet loss, time 4000ms > > > Nu ma pricep la IPv6. Stie cineva sa imi dea un indiciu ce am configurat > aiurea ? Routerul e un embedded Linux, pot sa verific din linia de > comanda toate setarile. > > Multumesc, > Mihai > > > > > > > > > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro > _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro
