|
Aptitude ipv6 routing problem on Debian Squeeze
![[nl]](/s/countries/nl.gif) Shadow Hawkins on Friday, 25 November 2011 09:57:37
When I try to install something with aptitude through my Aiccu tunnel, I get the following:
apt-get install icinga
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
fping icinga-cgi icinga-common icinga-core libjs-mootools libjs-prototype libjs-scriptaculous libradiusclient-ng2 nagios-images nagios-plugins nagios-plugins-basic nagios-plugins-standard qstat
Suggested packages:
nagios-nrpe-plugin nagios3
The following NEW packages will be installed:
fping icinga icinga-cgi icinga-common icinga-core libjs-mootools libjs-prototype libjs-scriptaculous libradiusclient-ng2 nagios-images nagios-plugins nagios-plugins-basic nagios-plugins-standard qstat
0 upgraded, 14 newly installed, 0 to remove and 2 not upgraded.
Need to get 6,067 kB/6,230 kB of archives.
After this operation, 17.2 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
0% [Connecting to ftp.nl.debian.org (2001:610:1908:a000::149:21)] ^C
If I stop my tunnel, everything continues to work. For good measure, here is my ipv6tables output:
ip6tables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere
ACCEPT tcp anywhere anywhere tcp dpt:https
LOG all anywhere anywhere LOG level warning
DROP all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere
ACCEPT all anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere
Anyone got any idea what could be going on? The tunnel is functioning normally.
Aptitude ipv6 routing problem on Debian Squeeze
Check your MTU and during testing disable your firewall (don't forget to set policy allow).
That firewall looks weird anyway, as you have an ACCEPT anything at the top.
Aptitude ipv6 routing problem on Debian Squeeze
![[de]](/s/countries/de.gif) Shadow Hawkins on Monday, 28 November 2011 22:53:01
not a problem of the server, I can access the server for installing pakets.
(via a static sixxs tunnel using ipv6)
pls provide the output of ip6tables --list -v, the will be some more infos about interfaces in line 1 of your FW e.g.
pkts bytes target prot opt in out source destination
2304 278K ACCEPT all lo any anywhere anywhere
which looks in a short version like
target prot opt source destination
ACCEPT all anywhere anywhere
you may add a log rule at the end of input and output
e.g.
$IP6TABLE -A INPUT -p tcp -j LOG --log-prefix "dropping ipv6 END of input "
Aptitude ipv6 routing problem on Debian Squeeze
pls provide the output of ip6tables --list -v, the will be some more infos about interfaces in line 1 of your FW e.g.
You always want to use at least: ip6tables -v --list -n --line-numbers
That way: -n = numeric, otherwise you get useless host or even network names, and --line-numbers is alway useful as it also is used for deletion and helps in discussions saying "INPUT 5" etc.
$IP6TABLE -A INPUT -p tcp -j LOG --log-prefix "dropping ipv6 END of input "
Which would thus not log ICMP packets for instance which are used for Path MTU discovery...
Also note that the original poster had already:
LOG all anywhere anywhere LOG level warning
which should do just what is needed.
Also, the problem might not be local, but on the path between you and the destination.
Or one might have diverged from the standard 1280 MTU on the tunnel but not updated that setting either locally or on the SixXS side of the tunnel (can be done in the tunnel overview page, see the FAQ)
|
![[ch]](/s/countries/ch.gif)
on Friday, 25 November 2011 10:13:40
Posting is only allowed when you are