|
Port unreachable
![[de]](/s/countries/de.gif) Shadow Hawkins on Friday, 17 December 2010 17:44:36
Hello Forum,
I want to use my Fritz!Box 7240 router as a IPv6 router announcing a prefix that can be used by my clients.
As long as I had not enough ISK to request a dedicated subnet, I used a tunnel-client (aiccu) to establish the tunnel. During this time, I was able to communicate via IPv6.
Since I had enough ISK to request a subnet, I configured my Fritz!Box to act as a IPv6 router. The Tunnel is up, the Router advertisements and neibor solicitation|advertisement are exchanged before I try to communicate with IPv6.
I can ping my Fritz!Box, My POP and the ISP POP and any other host in my subnet.
IPv6-Routing Table of my End-Host
Kernel-IPv6-Routentabelle
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 4 lo
2001:4dd0:fc0c:0:213:d3ff:fe9c:23d8/128 :: Un 0 1 813 lo
2001:4dd0:fc0c::/64 :: UAe 256 0 15 eth0
fe80::213:d3ff:fe9c:23d8/128 :: Un 0 1 16 lo
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth0
::/0 fe80::224:feff:fec9:b185 UGDAe 1024 0 126 eth0
::/0 :: !n -1 1 1 lo
Ping Default-Gateway - OK
# ping6 -I eth0 fe80::224:feff:fec9:b185
PING fe80::224:feff:fec9:b185(fe80::224:feff:fec9:b185) from fe80::213:d3ff:fe9c:23d8 eth0: 56 data bytes
64 bytes from fe80::224:feff:fec9:b185: icmp_seq=1 ttl=64 time=9.91 ms
64 bytes from fe80::224:feff:fec9:b185: icmp_seq=2 ttl=64 time=0.354 ms
^C
--- fe80::224:feff:fec9:b185 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.354/5.132/9.911/4.779 ms
Ping My POP Tunnel IP - OK
# ping6 2001:4dd0:ff00:421::2
PING 2001:4dd0:ff00:421::2(2001:4dd0:ff00:421::2) 56 data bytes
64 bytes from 2001:4dd0:ff00:421::2: icmp_seq=1 ttl=64 time=0.335 ms
64 bytes from 2001:4dd0:ff00:421::2: icmp_seq=2 ttl=64 time=0.344 ms
^C
--- 2001:4dd0:ff00:421::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.335/0.339/0.344/0.018 ms
Ping ISP POP Tunnel IP - OK
# ping6 2001:4dd0:ff00:421::1
PING 2001:4dd0:ff00:421::1(2001:4dd0:ff00:421::1) 56 data bytes
64 bytes from 2001:4dd0:ff00:421::1: icmp_seq=1 ttl=63 time=22.1 ms
64 bytes from 2001:4dd0:ff00:421::1: icmp_seq=2 ttl=63 time=21.7 ms
64 bytes from 2001:4dd0:ff00:421::1: icmp_seq=3 ttl=63 time=21.2 ms
^C
--- 2001:4dd0:ff00:421::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 21.254/21.691/22.103/0.367 ms
But it seems that I can't reach any host outside my subnet or tunnelnet.
Ping outside IPv6 Address - NOK
# ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8004::68) 56 data bytes
From gw-1058.cgn-01.de.sixxs.net icmp_seq=1 Destination unreachable: Port unreachable
From gw-1058.cgn-01.de.sixxs.net icmp_seq=2 Destination unreachable: Port unreachable
^C
--- ipv6.google.com ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1001ms
I get this ICMPv6 Destination unreachable: Port unreachable even when I try to connect via TCP. The following capture was taken to connect to Freenode IRC via IPv6:
Trace TCP traffic over IPv6
# tshark -R 'icmpv6 or ipv6.addr == 2001:6b0:e:2018::172'
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
3.996324 2001:4dd0:fc0c:0:213:d3ff:fe9c:23d8 -> 2001:6b0:e:2018::172 TCP 59174 > ircd [SYN] Seq=0 Win=4880 [TCP CHECKSUM INCORRECT] Len=0 MSS=1220 TSV=2032782 TSER=0 WS=6
4.021834 fe80::224:feff:fec9:b185 -> ff02::1:ff9c:23d8 ICMPv6 Neighbor solicitation
4.021881 2001:4dd0:fc0c:0:213:d3ff:fe9c:23d8 -> fe80::224:feff:fec9:b185 ICMPv6 Neighbor advertisement
4.022151 2001:4dd0:ff00:421::1 -> 2001:4dd0:fc0c:0:213:d3ff:fe9c:23d8 ICMPv6 Unreachable (Port unreachable)
6.032785 fe80::224:feff:fec9:b185 -> ff02::1 ICMPv6 Router advertisement
9.010294 fe80::213:d3ff:fe9c:23d8 -> fe80::224:feff:fec9:b185 ICMPv6 Neighbor solicitation
9.010694 fe80::224:feff:fec9:b185 -> fe80::213:d3ff:fe9c:23d8 ICMPv6 Neighbor advertisement
^C7 packets captured
Even the traceroute to that hosts looks very strange.
Traceroute to destination
# traceroute6 2001:6b0:e:2018::172
traceroute to 2001:6b0:e:2018::172 (2001:6b0:e:2018::172), 30 hops max, 40 byte packets
1 fritz.box (2001:4dd0:fc0c:0:224:feff:fec9:b185) 8.253 ms 8.238 ms 8.228 ms
2 gw-1058.cgn-01.de.sixxs.net (2001:4dd0:ff00:421::1) 25.600 ms 27.828 ms 32.660 ms
3 gw-1058.cgn-01.de.sixxs.net (2001:4dd0:ff00:421::1) 33.085 ms 35.043 ms 37.204 ms
#
It seems to end at ISP POP IPv6 Address???
I don't know what's wrong. It doesn't seem that something wrong at my side. Or am I blind. Please advice.
Thanks in advance.
Cheers Alex
Port unreachable
Shadow Hawkins on Sunday, 19 December 2010 20:56:15
Hello,
i've got the same Problem, similiar Setup.
I have a FritzBox 7390, Tunnel with Subnet.
I tried out a Setup with ULA and with no ULA.
Till some days before i got the Subnet the Tunnel works from a single host with no problem, switching to Tunnel with Subnet i cant connect to outside Locations.
traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:8002::68), 30 hops max, 40 byte packets using UDP
1 2001:4dd0:fc13:0:be05:43ff:fe32:d2b0 (2001:4dd0:fc13:0:be05:43ff:fe32:d2b0) 4.768 ms 3.598 ms 2.331 ms
2 gw-1066.cgn-01.de.sixxs.net (2001:4dd0:ff00:429::1) 34.663 ms 35.463 ms 34.107 ms
3 gw-1066.cgn-01.de.sixxs.net (2001:4dd0:ff00:429::1) 35.436 ms 36.521 ms 36.463 ms
---
br0 Link encap:Ethernet HWaddr 00:1B:24:16:F7:E9
inet addr:192.168.2.20 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: 2001:4dd0:fc13:0:21b:24ff:fe16:f7e9/64 Scope:Global
inet6 addr: fe80::21b:24ff:fe16:f7e9/64 Scope:Link
----
ip -6 route
2001:4dd0:fc13::/64 dev br0 proto kernel metric 256 expires 7181sec mtu 1280 advmss 1220 hoplimit 4294967295
fe80::/64 dev br0 proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::be05:43ff:fe32:d2b0 dev br0 proto kernel metric 1024 expires 1782sec mtu 1280 advmss 1220 hoplimit 25
----
If i try to ping my host Adresse vom Outside i got e eror Message from my Fritzbox which is blocking incomming Traffic.
I got the newest Firmware for my Fritzbox.
Home someone has an Idea to solve that Problem.
Thanks for help
Dirk
Port unreachable
Shadow Hawkins on Sunday, 19 December 2010 20:57:01
Hi again,
sorry i forgot the ping output..
ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8002::68) 56 data bytes
From gw-1066.cgn-01.de.sixxs.net icmp_seq=1 Destination unreachable: Port unreachable
From gw-1066.cgn-01.de.sixxs.net icmp_seq=2 Destination unreachable: Port unreachable
^C
--- ipv6.google.com ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1001ms
Port unreachable
Shadow Hawkins on Monday, 20 December 2010 18:07:55
That's strange.
I tried today and everything works without any change on my side.
traceroute6 looks now like:
# traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:8004::67), 30 hops max, 40 byte packets
1 fritz.box (2001:4dd0:fc0c:0:224:feff:fec9:b185) 0.671 ms 1.067 ms 1.246 ms
2 gw-1058.cgn-01.de.sixxs.net (2001:4dd0:ff00:421::1) 23.240 ms 24.720 ms 27.769 ms
3 2001:4dd0:1234:3:dc40::a (2001:4dd0:1234:3:dc40::a) 29.619 ms 31.309 ms 33.751 ms
4 2001:4dd0:a2b:6d:30::b (2001:4dd0:a2b:6d:30::b) 39.893 ms 42.334 ms 46.862 ms
5 2001:4dd0:b2b::20e6:0:0 (2001:4dd0:b2b::20e6:0:0) 47.015 ms 49.700 ms 50.835 ms
6 2001:4860::1:0:8 (2001:4860::1:0:8) 53.772 ms 2001:4860::1:0:4b3 (2001:4860::1:0:4b3) 47.418 ms 2001:4860::1:0:8 (2001:4860::1:0:8) 49.546 ms
7 2001:4860::1:0:12 (2001:4860::1:0:12) 59.167 ms 44.981 ms 44.982 ms
8 2001:4860::1:0:fdd (2001:4860::1:0:fdd) 51.100 ms 2001:4860::1:0:fbc (2001:4860::1:0:fbc) 34.592 ms 2001:4860::1:0:fdd (2001:4860::1:0:fdd) 35.795 ms
9 2001:4860::1:0:5bd (2001:4860::1:0:5bd) 42.922 ms 2001:4860::1:0:60d (2001:4860::1:0:60d) 44.552 ms 46.929 ms
10 2001:4860::2:0:6e0 (2001:4860::2:0:6e0) 49.378 ms 50.991 ms 55.002 ms
11 2001:4860:0:1::9d (2001:4860:0:1::9d) 69.408 ms 2001:4860:0:1::9b (2001:4860:0:1::9b) 69.494 ms 2001:4860:0:1::9d (2001:4860:0:1::9d) 69.428 ms
12 2a00:1450:8004::67 (2a00:1450:8004::67) 63.944 ms 66.373 ms 69.395 ms
And I didn't change anything. I dont know what was wrong.
It took 8 days from activating hosts in the subnet until it worked.
Hope you'll have that luck too.
Cheers Alex
Port unreachable
Shadow Hawkins on Monday, 20 December 2010 20:13:58
I guess the ISP POP had a default route back into the tunnel (look at the IP 2 and 3 in the traceroute; both are the tunnel addresses of the Fritz!Box). So the request hit again my Fritz!Box from outside and denied it. The ICMP Deny message could be directly delivered because of the connected network.
It's definetely a provide issue.
Port unreachable
Shadow Hawkins on Monday, 20 December 2010 20:14:25
I mean the 1st non-working traceroute6
Port unreachable
Shadow Hawkins on Tuesday, 21 December 2010 08:59:49
Hello,
yes i tried a ping6 & Traceroute6 some mins ago, and now it works, without doing anything on my side.
Cheers
Dirk
|
Posting is only allowed when you are