[Wolves] IPv6 tunnel - was "It's the end of the internet as we know it"

Ron Wellsted ron at wellsted.org.uk
Tue Feb 8 12:50:46 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/02/11 23:59, Adam Sweet wrote:
> On 05/02/11 16:27, Ron Wellsted wrote:
>> On 04/02/11 21:31, Adam Sweet wrote:
> 
>>> The tunnel comes up but I can't ping6 anything and I'm not sure how to
>>> address my local subnet. So yes please :)
> 
>> What tunnel type do you have?  If you are having problems with protocol
>> 41, it sounds like you are using a 6in4 static or heartbeat.  The AYIYA
>> tunnels are the easiest to get setup (certainly with ADSL/NAT).
> 
> Yes I'm using a static 6in4 tunnel. I'm on a static IP so it seemed to
> be the right choice.
> 
>> Do you have a sixxs interface listed with ifconfig? it should have a
>> Global address starting with 2a01: and probably ending with a :2.  Try
>> ping6 that address (it sould respond within 50-70 microseconds.
> 
> Yes, I have a sixxs interface and pinging its address works fine.
> 
>> If that
>> worked OK, try changing the last :2 to :1 (the other end of the tunnel),
>> mine responds in about 30 milliseconds.
> 
> Destination unreachable :( This is where I got stuck.
> 
> The protocol 41 stuff was the only place where I could see possibility
> for a firewall problem since my machine is statically addressed behind a
> NAT with ports forwarded. My router insists that to use the machine in
> DMZ mode (and thus allow protocol 41) I have to make the machine use
> DHCP and thus begins quite a large ball-ache :)

It does sound like the problem is the router blocking protocol 41, which
router is it?

Perhaps an alternative solution would be to put a 2nd network card in
the machine (if physically possible, and configure that for DHCP/DMZ
from the router (then Robert is your parental sibling?). Just make sure
you firewall the relevant interface (iptables/ip6tables are you friend).

> 
> The machine in question runs a number of IP address specific services
> (no internal DNS yet at Chez Sweet) and my router's DHCP reservation
> functionality seems not to remember DHCP reservations (or to be able to
> change them post-configuration half the time!), but I guess I could
> reconfigure these services and the machines that use them unless there
> are any other options.
> 
> Moving the machine's IP into the DHCP range means either changing its IP
> and reconfiguring a bunch of machines, or moving the DHCP range to
> incorporate its IP and moving a bunch of other statically addressed
> machines out of the new DHCP range :-/ I guess I'm turning into Aq, I
> want everything to work the way *I* want it to and I don't want to have
> to change anything that I already have.
> 
> Not sure if the router's DMZ mode depends on using its DHCP server
> otherwise I'd bring forward the dnsmasq or BIND/DHCPD plans but I have
> more important things to do over the next few weeks :)
> 
> The protocol 41 thing might be a red herring based on my own uninformed
> googling though so I thought I should rule out other options before I
> start reconfiguring half my network.
> 
>> Once you have had the tunnel active for 1 week, you should have
>> sufficient credit with sixxs to be able to request a subnet.
> 
> <snip>
> 
> All of the and eth0 inet6 addressing and radvd stuff made sense.
> 
> Do you think I'd be best moving my addresses around and putting the
> machine in DMZ mode on my router or changing my tunnel type?

Changing the tunnel type maybe you only option.
> 
> Thanks for your help Ron.
> 
> Regards,
> 
> Adam Sweet
> 

- -- 
Ron Wellsted
ron at wellsted.org.uk http://www.wellsted.org.uk
N 52.567623, W 2.136111 Linux Counter No. 202120
Ekiga: 645022
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1ROy0ACgkQ8lOfTmhjD3M8WQCgkhE2phLoO3++8RiVaIqdoZN4
t5YAnRcLlUPICL0n4X+VnNzcMelgGBTK
=JKSE
-----END PGP SIGNATURE-----

More information about the Wolves mailing list