tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
IPV6 router works, but clients fail
OK, I'm almost there with IPv6 now. The router is working fine by itself
with IPv6. My test site is http://www.goscomb.net as it's my ISP and the
transport is pure IPv6
wget -6 http://www.goscomb.net
works fine.
Clients at first appear fine as well, and can connect to
ipv6.google.com, however this fails
wget -6 http://www.goscomb.net
What is really odd is the traceroute6 from ftp.netbsd.org to the client
$ traceroute6 2a01:348:31:2:20e:2eff:fe66:36ec
traceroute6 to 2a01:348:31:2:20e:2eff:fe66:36ec
(2a01:348:31:2:20e:2eff:fe66:36ec) from 2001:4f8:3:7:230:48ff:fe31:43f2,
64 hops max, 12 byte packets
1 2001:4f8:3:7::1 1.363 ms 1.27 ms 0.734 ms
2 int-0-1-0-0-606.r1.sfo2.isc.org 4.614 ms 4.901 ms 5.393 ms
3 int-3-0-0.r1.pao1.isc.org 2.274 ms 1.964 ms 1.913 ms
4 ge-1-11.r03.plalca01.us.bb.gin.ntt.net 2.35 ms 2.049 ms 2.315 ms
5 ae-3.r21.plalca01.us.bb.gin.ntt.net 2.257 ms 2.236 ms 2.157 ms
6 ae-1.r20.snjsca04.us.bb.gin.ntt.net 3.763 ms 3.527 ms 3.804 ms
7 as-1.r21.chcgil09.us.bb.gin.ntt.net 59.208 ms 64.015 ms 64.135 ms
8 ae-0.r20.chcgil09.us.bb.gin.ntt.net 59.49 ms 59.861 ms 64.139 ms
9 as-1.r21.nycmny01.us.bb.gin.ntt.net 79.759 ms 78.668 ms 78.344 ms
10 ae-0.r20.nycmny01.us.bb.gin.ntt.net 83.645 ms 83.981 ms 83.694 ms
11 as-1.r22.londen03.uk.bb.gin.ntt.net 151.626 ms 155.074 ms 155.082 ms
12 po-4.r01.londen03.uk.bb.gin.ntt.net 316.029 ms 244.966 ms 350.231 ms
13 2001:728:0:5000::6e 156.617 ms 280.137 ms 153.643 ms
14 ge-0-0-31.rt1.lon4.ipv6.goscomb.net 152.039 ms 156.782 ms 153.582 ms
15 2a01:348:31:2:209:5bff:fe84:887d 167.777 ms 171.006 ms 165.695 ms
$
Wtf? The last node is not my client - it's the router!
So I think my router isn't passing packets to the client.
However, ftp.netbsd.org can ping6 the client.
I'm not a PF expert by any means so I've attached the pf.conf from my
router.
Anyone got an idea?
Thanks
Roy
# $NetBSD: pf.conf,v 1.4 2008/06/18 09:06:25 yamt Exp $
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="pppoe0"
int_if="ath0"
# asterisk needs 5060 (tcp, udp) and 4569 (udp)
# We special case ssh and domain
tcp_services="{ ident, smtp, www, imap, git, svn, \
ftp, ftp-data, 50000:50100, svn, rsync }"
icmp_types="echoreq"
icmp6_types="{ echoreq, neighbradv, neighbrsol }"
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
scrub out on pppoe0 max-mss 1452
# Schedulers
altq on $ext_if priq bandwidth 500Kb queue { std_out, ssh_out, dns_out, \
tcp_ack_out }
queue std_out priq(default)
queue ssh_out priority 4 priq(red)
queue dns_out priority 5
queue tcp_ack_out priority 6
altq on $int_if cbq bandwidth 3.5Mb queue { std_in, ssh_in, dns_in }
queue std_in cbq(default)
queue ssh_in priority 4
queue dns_in priority 5
# nat/rdr
nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
nat on rtk0 from !(rtk0) -> (rtk0:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
rdr-anchor miniupnpd
anchor miniupnpd
# filter rules
block in
anchor "ftp-proxy/*"
antispoof quick for lo
# antispoof fails for inet6?
antispoof quick for { $int_if } inet
pass out
pass in quick on $int_if
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services queue(std_out, tcp_ack_out)
pass in on $ext_if inet6 proto tcp from any to any \
port $tcp_services queue(std_out, tcp_ack_out)
pass in on $ext_if inet proto {tcp udp} from any to ($ext_if) \
port domain queue dns_out
pass in on $ext_if inet6 proto {tcp udp} from any to any \
port domain queue dns_out
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port ssh queue ssh_out
pass in on $ext_if inet6 proto tcp from any to any \
port ssh queue ssh_out
pass in inet proto icmp all icmp-type $icmp_types
pass in inet6 proto ipv6-icmp all icmp6-type $icmp6_types
Home |
Main Index |
Thread Index |
Old Index