Hallo! Da ich noch nie mit IPv6 gearbeitet habe wollte ich das mal versuchen. Ich hab mir einen IPv6 Tunnel von SixXS besorgt. Der "IPv6 Them" lautet "2001:15c0:65ff:XXX::2/64". SixxS (bzw. AYIYA) hab ich auf meinem Router (Open-WRT) konfiguriert. Pinge ich von dort Google klappt das:
root@OpenWrt:~# ping6 ipv6.google.com PING ipv6.google.com (2a00:1450:400d:800::1012): 56 data bytes 64 bytes from 2a00:1450:400d:800::1012: seq=0 ttl=55 time=477.081 ms 64 bytes from 2a00:1450:400d:800::1012: seq=1 ttl=55 time=287.922 ms ^C
Ping6 vom PC aus:
ping6 ipv6.google.com PING ipv6.google.com(bud01s09-in-x14.1e100.net) 56 data bytes From 2001:15c0:65ff:XXX::1 icmp_seq=1 Destination unreachable: Port unreachable From gw-1761.mbx-01.si.sixxs.net icmp_seq=2 Destination unreachable: Port unreachable From gw-1761.mbx-01.si.sixxs.net icmp_seq=3 Destination unreachable: Port unreachable From gw-1761.mbx-01.si.sixxs.net icmp_seq=4 Destination unreachable: Port unreachable From gw-1761.mbx-01.si.sixxs.net icmp_seq=5 Destination unreachable: Port unreachable From gw-1761.mbx-01.si.sixxs.net icmp_seq=6 Destination unreachable: Port unreachable From gw-1761.mbx-01.si.sixxs.net icmp_seq=7 Destination unreachable: Port unreachable ^C --- ipv6.google.com ping statistics --- 7 packets transmitted, 0 received, +7 errors, 100% packet loss, time 6008ms
Ping6 von PC ⇐⇒ Router und Router ⇐⇒ PC klappt mit den globalen Adressen ebenfalls. Der Router hat folgende IP Adressen:
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:26:5A:A4:66:F6
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::226:5aff:fea4:66f6/64 Scope:Link
inet6 addr: 2001:15c0:65ff:XXX::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53045 errors:0 dropped:0 overruns:0 frame:0
TX packets:47332 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5937809 (5.6 MiB) TX bytes:25832270 (24.6 MiB)
eth0 Link encap:Ethernet HWaddr 00:26:5A:A4:66:F6
inet6 addr: fe80::226:5aff:fea4:66f6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53045 errors:0 dropped:0 overruns:0 frame:0
TX packets:63855 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6892619 (6.5 MiB) TX bytes:32738591 (31.2 MiB)
Interrupt:5
eth0.1 Link encap:Ethernet HWaddr 00:26:5A:A4:66:F6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53045 errors:0 dropped:0 overruns:0 frame:0
TX packets:47332 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5937809 (5.6 MiB) TX bytes:25832270 (24.6 MiB)
eth0.2 Link encap:Ethernet HWaddr 00:26:5A:A4:66:F7
inet6 addr: fe80::226:5aff:fea4:66f7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:16515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:6636502 (6.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:864 errors:0 dropped:0 overruns:0 frame:0
TX packets:864 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:797099 (778.4 KiB) TX bytes:797099 (778.4 KiB)
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::14c0:65ff:XXX:2/64 Scope:Link
inet6 addr: 2001:15c0:65ff:XXX::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:817 errors:0 dropped:0 overruns:0 frame:0
TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:799220 (780.4 KiB) TX bytes:18188 (17.7 KiB)
wlan0 Link encap:Ethernet HWaddr 00:26:5A:A4:66:F6
inet addr:10.0.0.171 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::226:5aff:fea4:66f6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:63128 errors:0 dropped:0 overruns:0 frame:0
TX packets:30805 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:25388883 (24.2 MiB) TX bytes:4787114 (4.5 MiB)
Hier die IP Adressen meines Rechners:
eth0 Link encap:Ethernet Hardware Adresse 00:26:9e:16:1d:b2
inet Adresse:192.168.1.236 Bcast:192.168.1.255 Maske:255.255.255.0
inet6-Adresse: 2001:15c0:65ff:XXX:226:9eff:fe16:1db2/64 Gültigkeitsbereich:Global
inet6-Adresse: fe80::226:9eff:fe16:1db2/64 Gültigkeitsbereich:Verbindung
inet6-Adresse: 2001:15c0:65ff:XXX:204b:e519:730b:2f08/64 Gültigkeitsbereich:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:32025 errors:0 dropped:0 overruns:0 frame:0
TX packets:34626 errors:0 dropped:0 overruns:0 carrier:2
Kollisionen:0 Sendewarteschlangenlänge:1000
RX-Bytes:21789295 (21.7 MB) TX-Bytes:4729426 (4.7 MB)
Interrupt:47
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:7620 errors:0 dropped:0 overruns:0 frame:0
TX packets:7620 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX-Bytes:653473 (653.4 KB) TX-Bytes:653473 (653.4 KB)
lxcbr0 Link encap:Ethernet Hardware Adresse c2:11:d9:80:58:c0
inet Adresse:10.0.3.1 Bcast:10.0.3.255 Maske:255.255.255.0
inet6-Adresse: fe80::c011:d9ff:fe80:58c0/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:450 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX-Bytes:0 (0.0 B) TX-Bytes:57074 (57.0 KB)
Die ip6tables am Router: wobei WAN nicht genutz wird, WWAN der Zugang zum Internet ist und WAN6 der SixxS Tunnel ist.
root@OpenWrt:~# ip6tables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all anywhere anywhere syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN input_rule all anywhere anywhere input all anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED forwarding_rule all anywhere anywhere forward all anywhere anywhere reject all anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all anywhere anywhere output_rule all anywhere anywhere output all anywhere anywhere Chain forward (1 references) target prot opt source destination zone_lan_forward all anywhere anywhere zone_wan_forward all anywhere anywhere zone_wan6_forward all anywhere anywhere Chain forwarding_lan (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination Chain forwarding_wan6 (1 references) target prot opt source destination Chain input (1 references) target prot opt source destination zone_lan all anywhere anywhere zone_wan all anywhere anywhere zone_wan6 all anywhere anywhere Chain input_lan (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain input_wan6 (1 references) target prot opt source destination Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all anywhere anywhere zone_wan_ACCEPT all anywhere anywhere zone_wan6_ACCEPT all anywhere anywhere Chain output_rule (1 references) target prot opt source destination Chain reject (7 references) target prot opt source destination REJECT tcp anywhere anywhere reject-with tcp-reset REJECT all anywhere anywhere reject-with icmp6-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all anywhere anywhere Chain zone_lan (1 references) target prot opt source destination input_lan all anywhere anywhere zone_lan_ACCEPT all anywhere anywhere Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all anywhere anywhere ACCEPT all anywhere anywhere Chain zone_lan_DROP (0 references) target prot opt source destination DROP all anywhere anywhere DROP all anywhere anywhere Chain zone_lan_REJECT (1 references) target prot opt source destination reject all anywhere anywhere reject all anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination zone_wan6_ACCEPT all anywhere anywhere zone_wan_ACCEPT all anywhere anywhere forwarding_lan all anywhere anywhere zone_lan_REJECT all anywhere anywhere Chain zone_wan (1 references) target prot opt source destination ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement limit: avg 1000/sec burst 5 input_wan all anywhere anywhere zone_wan_REJECT all anywhere anywhere Chain zone_wan6 (1 references) target prot opt source destination input_wan6 all anywhere anywhere zone_wan6_ACCEPT all anywhere anywhere Chain zone_wan6_ACCEPT (3 references) target prot opt source destination ACCEPT all anywhere anywhere ACCEPT all anywhere anywhere Chain zone_wan6_DROP (0 references) target prot opt source destination DROP all anywhere anywhere DROP all anywhere anywhere Chain zone_wan6_REJECT (1 references) target prot opt source destination reject all anywhere anywhere reject all anywhere anywhere Chain zone_wan6_forward (1 references) target prot opt source destination forwarding_wan6 all anywhere anywhere zone_wan6_REJECT all anywhere anywhere Chain zone_wan_ACCEPT (2 references) target prot opt source destination ACCEPT all anywhere anywhere ACCEPT all anywhere anywhere Chain zone_wan_DROP (0 references) target prot opt source destination DROP all anywhere anywhere DROP all anywhere anywhere Chain zone_wan_REJECT (2 references) target prot opt source destination reject all anywhere anywhere reject all anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 forwarding_wan all anywhere anywhere zone_wan_REJECT all anywhere anywhere root@OpenWrt:~#
Jetzt die Frage: Was Blockiert hier den Zugang zum Netz? Wie kann ich das beheben?
