[CentOS] how to capture packets that was forwarded
hello, the topology is like this: centos v0:eth1 -- centos v0: eth2 fc00:2:3:4::1 fc00:2:3::4 i turned the packet forwarding ping6 -i eth2 fc00:2:3:4::1 the output is PING fc00:2:3:4::1(fc00:2:3:4::1) from fc00:2:3::5 eth2: 56 data bytes From fc00:2:3::4 icmp_seq=1 Destination unreachable: Administratively prohibited From fc00:2:3::4 icmp_seq=2 Destination unreachable: Administratively prohibited From fc00:2:3::4 icmp_seq=3 Destination unreachable: Administratively prohibited From fc00:2:3::4 icmp_seq=4 Destination unreachable: Administratively prohibited why the box do not forwarding icmp packets to eth2? and how to set forwarding rules on centos 6.3? Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to capture packets that was forwarded
2013/4/16 Andy Smith spoo...@gmail.com Hi Jaze On 16 April 2013 09:52, Jaze Lee jaze...@gmail.com wrote: hello, the topology is like this: centos v0:eth1 -- centos v0: eth2 fc00:2:3:4::1 fc00:2:3::4 i turned the packet forwarding If you are talking about forwarding on Centos V0, forwarding will have no effect here. You appear to be trying to ping eth1 from a box somewhere on eth2's network. This is still classed as an input to V0 and will be handled by the INPUT chain. ping6 -i eth2 fc00:2:3:4::1 the output is PING fc00:2:3:4::1(fc00:2:3:4::1) from fc00:2:3::5 eth2: 56 data bytes From fc00:2:3::4 icmp_seq=1 Destination unreachable: Administratively prohibited From fc00:2:3::4 icmp_seq=2 Destination unreachable: Administratively prohibited From fc00:2:3::4 icmp_seq=3 Destination unreachable: Administratively prohibited From fc00:2:3::4 icmp_seq=4 Destination unreachable: Administratively prohibited Administratively prohibited looks like a firewall issue. Check your IPv6 firewall settings on V0 Thanks, it is truely because firewall issue. It's ok when i turned ip6tables stoped. Thank you all the same why the box do not forwarding icmp packets to eth2? and how to set forwarding rules on centos 6.3? Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- 谦谦君子 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] centos 6.3 ipv6 default gateway
hello, i met a problem in configuratiion of ipv6 gw in my box i install centos 6.3 (64 bit) on my boxs, which have four netcard. i use a straight-through cable to connect centosv0:netcard-2 and centosv1:netcard2 the topology is this: client c(windows xp) --centosv0:netcard-3 -- centosv0:netcard-2 --- centosv1:netcard-2 centosv1:netcard-2 --- client d (backtrack r2 32) 1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64 1:2:3::5/64 1:2:3:5::1/64 1:2:3:5::2/64 what i want to do is set default gw on centosv0 to centosv1 i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this DEVICE=eth2 BOOTPROTO=static HWADDR=60:A4:4C:23:2F:6F NM_CONTROLLED=yes ONBOOT=yes TYPE=Ethernet #UUID=0ddcf499-878f-4ac7-9d1a-c27f85d2bccf IPV6INIT=yes IPV6ADDR=1:2:3::4 IPV6_DEFAULTGW=1:2:3::5 and i also configure /etc/sysconfig/network to this: NETWORKING=yes HOSTNAME=centosv0 NETWORKING_IPV6=yes IPV6_AUTOCONF=no but i met an error: Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error i do not know how why,and can some one gives me some suggestion? thanks a lot. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 6.3 ipv6 default gateway
2013/4/12 Michael H. Warfield m...@wittsend.com Hello, I may be totally off base here but... On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote: hello, i met a problem in configuratiion of ipv6 gw in my box i install centos 6.3 (64 bit) on my boxs, which have four netcard. i use a straight-through cable to connect centosv0:netcard-2 and centosv1:netcard2 the topology is this: client c(windows xp) --centosv0:netcard-3 -- centosv0:netcard-2 --- centosv1:netcard-2 centosv1:netcard-2 --- client d (backtrack r2 32) 1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64 1:2:3::5/64 1:2:3:5::1/64 1:2:3:5::2/64 Surely, I hope you jest with those numbers. You are not allowed to pick numbers out of the air and just use them, even if it's for private use. There are specific blocks of addresses for specific uses and assigned scopes and all the private use addresses are in blocks very high up in the address space beginning with fc or fd. If those are literally the addresses you used, they will not work and I would expect them to give you all sorts of grief at some point or another. what i want to do is set default gw on centosv0 to centosv1 I take it centosv0 and centosv1 are configured for ipv6 forwarding? You didn't provide the information on that. There are some gotcha's in there with default routing on a router (basically there is no such thing) and the router needs to be set up properly for both routing and its routes. But I don't think that's your problem you're describing down below. i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this DEVICE=eth2 BOOTPROTO=static HWADDR=60:A4:4C:23:2F:6F NM_CONTROLLED=yes ONBOOT=yes TYPE=Ethernet #UUID=0ddcf499-878f-4ac7-9d1a-c27f85d2bccf IPV6INIT=yes IPV6ADDR=1:2:3::4 ^^ You didn't specify a netmask here (default /128). IPV6_DEFAULTGW=1:2:3::5 Technically not on your interface's network (/128) and i also configure /etc/sysconfig/network to this: NETWORKING=yes HOSTNAME=centosv0 NETWORKING_IPV6=yes IPV6_AUTOCONF=no For forwarding... In that file you're also going to need: IPV6FORWARDING=yes You may also need to add lines to /etc/sysctl.conf (I've needed in the past on Fedora): net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 But those aren't your problem with this... but i met an error: Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error I'm not totally sure if this is because you didn't specify a prefix length on your IPV6ADDR line or the fact that it then conflicted with your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it was because you choose and illegal IPv6 prefix or if it was a combination of all of them. The WARN: [ipv6_add_route] Unknown error makes me suspicious because your default gatway conflicts with your interface network definition (because you didn't specify the prefix size and it defaulted to /128) and the kernel has no way to route it out any interface. IAC... You won't be able to use a default route on a router anyways (more below). i do not know how why,and can some one gives me some suggestion? thanks a lot. If those were literally the addresses you used, It may be an address that's in an illegal scope. i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we should change system to Centos 6.3. And i add all the stuff that i miss. One machine is configured like this: [root@centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE=eth2 BOOTPROTO=static HWADDR=60:A4:4C:23:2F:6F NM_CONTROLLED=yes ONBOOT=yes TYPE=Ethernet #UUID=0ddcf499-878f-4ac7-9d1a-c27f85d2bccf IPV6INIT=yes IPV6ADDR=1:2:3::4/64 IPV6_DEFAULTGW=1:2:3::5/64 and add the below to /etc/sysctl.conf net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 and through /proc i can see this [root@centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding 1 [root@centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding 1 and through command ifconfig i can see this eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E inet6 addr: 1:2:3:4::1/64 Scope:Global --- subnet inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB) Interrupt:17 Memory:dc30-dc32 eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F inet6 addr: 1:2:3::4/64 Scope:Global connected by straight-through cable inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link UP BROADCAST
Re: [CentOS] centos 6.3 ipv6 default gateway
2013/4/12 Michael H. Warfield m...@wittsend.com On Fri, 2013-04-12 at 09:28 +0800, Jaze Lee wrote: 2013/4/12 Michael H. Warfield m...@wittsend.com Hello, I may be totally off base here but... On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote: hello, i met a problem in configuratiion of ipv6 gw in my box i install centos 6.3 (64 bit) on my boxs, which have four netcard. i use a straight-through cable to connect centosv0:netcard-2 and centosv1:netcard2 the topology is this: client c(windows xp) --centosv0:netcard-3 -- centosv0:netcard-2 --- centosv1:netcard-2 centosv1:netcard-2 --- client d (backtrack r2 32) 1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64 1:2:3::5/64 1:2:3:5::1/64 1:2:3:5::2/64 Surely, I hope you jest with those numbers. You are not allowed to pick numbers out of the air and just use them, even if it's for private use. There are specific blocks of addresses for specific uses and assigned scopes and all the private use addresses are in blocks very high up in the address space beginning with fc or fd. If those are literally the addresses you used, they will not work and I would expect them to give you all sorts of grief at some point or another. what i want to do is set default gw on centosv0 to centosv1 I take it centosv0 and centosv1 are configured for ipv6 forwarding? You didn't provide the information on that. There are some gotcha's in there with default routing on a router (basically there is no such thing) and the router needs to be set up properly for both routing and its routes. But I don't think that's your problem you're describing down below. i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this DEVICE=eth2 BOOTPROTO=static HWADDR=60:A4:4C:23:2F:6F NM_CONTROLLED=yes ONBOOT=yes TYPE=Ethernet #UUID=0ddcf499-878f-4ac7-9d1a-c27f85d2bccf IPV6INIT=yes IPV6ADDR=1:2:3::4 ^^ You didn't specify a netmask here (default /128). IPV6_DEFAULTGW=1:2:3::5 Technically not on your interface's network (/128) and i also configure /etc/sysconfig/network to this: NETWORKING=yes HOSTNAME=centosv0 NETWORKING_IPV6=yes IPV6_AUTOCONF=no For forwarding... In that file you're also going to need: IPV6FORWARDING=yes You may also need to add lines to /etc/sysctl.conf (I've needed in the past on Fedora): net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 But those aren't your problem with this... but i met an error: Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error I'm not totally sure if this is because you didn't specify a prefix length on your IPV6ADDR line or the fact that it then conflicted with your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it was because you choose and illegal IPv6 prefix or if it was a combination of all of them. The WARN: [ipv6_add_route] Unknown error makes me suspicious because your default gatway conflicts with your interface network definition (because you didn't specify the prefix size and it defaulted to /128) and the kernel has no way to route it out any interface. IAC... You won't be able to use a default route on a router anyways (more below). i do not know how why,and can some one gives me some suggestion? thanks a lot. If those were literally the addresses you used, It may be an address that's in an illegal scope. i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we should change system to Centos 6.3. And i add all the stuff that i miss. One machine is configured like this: [root@centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE=eth2 BOOTPROTO=static HWADDR=60:A4:4C:23:2F:6F NM_CONTROLLED=yes ONBOOT=yes TYPE=Ethernet #UUID=0ddcf499-878f-4ac7-9d1a-c27f85d2bccf IPV6INIT=yes IPV6ADDR=1:2:3::4/64 IPV6_DEFAULTGW=1:2:3::5/64 ^^^ You do NOT need the /64 on this line. and add the below to /etc/sysctl.conf net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 and through /proc i can see this [root@centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding 1 [root@centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding 1 and through command ifconfig i can see this eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E inet6 addr: 1:2:3:4::1/64 Scope:Global --- subnet inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns