|
nothing works after reboot - i'm lost
![[de]](/s/countries/de.gif) Shadow Hawkins on Monday, 10 May 2004 12:18:51
hey there everybody.
i run 2 ipv6-tunnels for about a year and never had such problems.
the last time i booted my linux debian machine (saturday), the tunnel stopped working. i get incoming traffic shown in tcdump, but nothing goes out. i just don't see what i've done wrong/forgotten, please help me :)
-- snip --
blackbox:~# ping6 -c5 2001:6f8:900:3c::1
PING 2001:6f8:900:3c::1(2001:6f8:900:3c::1) 56 data bytes
--- 2001:6f8:900:3c::1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4018ms
blackbox:~# ip tun
tunl0: ip/ip remote any local any ttl inherit nopmtudisc
gre0: gre/ip remote any local any ttl inherit nopmtudisc
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
sixxs: ipv6/ip remote 212.244.0.188 local 131.234.79.123 ttl 64
blackbox:~# ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:a0:d2:15:80:a6 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:05:5d:dd:42:71 brd ff:ff:ff:ff:ff:ff
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
5: gre0@NONE: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
8: sixxs@NONE: <POINTOPOINT,NOARP,UP> mtu 1280 qdisc noqueue
link/sit 131.234.79.123 peer 212.244.0.188
10: wlan0: <BROADCAST,MULTICAST,PROMISC,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:09:5b:91:9a:5b brd ff:ff:ff:ff:ff:ff
blackbox:~# ip -6 addr
1: lo: <LOOPBACK,UP>
inet6 ::1/128 scope host
3: eth1: <BROADCAST,MULTICAST,UP> qlen 1000
inet6 fe80::205:5dff:fedd:4271/64 scope link
inet6 2001:6f8:93e:1337::1/64 scope global
8: sixxs: <POINTOPOINT,NOARP,UP>
inet6 2001:6f8:900:3c::2/64 scope global
inet6 fe80::83ea:4eed/128 scope link
inet6 2001:6f8:93e::1/64 scope global
10: wlan0: <BROADCAST,MULTICAST,PROMISC,NOTRAILERS,UP> qlen 1000
inet6 fe80::209:5bff:fe91:9a5b/64 scope link
blackbox:~# ip -6 ro
2001:6f8:900:3c::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 metric10 64
2001:6f8:93e::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 metric10 64
2001:6f8:93e:1337::/64 dev eth1 metric 256 mtu 1500 advmss 1440 metric10 64
fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440 metric10 64
fe80::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 metric10 64
fe80::/64 dev wlan0 metric 256 mtu 1500 advmss 1440 metric10 64
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440 metric10 1
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220 metric10 1
ff00::/8 dev wlan0 metric 256 mtu 1500 advmss 1440 metric10 1
default via 2001:6f8:900:3c::1 dev sixxs metric 1024 mtu 1280 advmss 1220 metric10 64
-- snip --
here's some tcpdump i did:
-- snip --
[...]
12:01:51.680047 212.224.0.188 > dhcp-79-123.uni-paderborn.de: gw-61.ham-01.de.sixxs.net > cl-61.ham-01.de.sixxs.net: icmp6: echo request
12:02:05.730868 212.224.0.188 > dhcp-79-123.uni-paderborn.de: gw-61.ham-01.de.sixxs.net > cl-61.ham-01.de.sixxs.net: icmp6: echo request
12:02:19.921354 212.224.0.188 > dhcp-79-123.uni-paderborn.de: gw-61.ham-01.de.sixxs.net > cl-61.ham-01.de.sixxs.net: icmp6: echo request
[...some more of them but no answers...]
12:04:27.436147 212.224.0.188 > dhcp-79-123.uni-paderborn.de: haunted.ipv6.frontbone.de.32878 > blackbox.lechte.net.domain: 92[|domain]
12:04:42.437310 212.224.0.188 > dhcp-79-123.uni-paderborn.de: haunted.ipv6.frontbone.de.32878 > blackbox.lechte.net.domain: 32818[|domain]
12:04:57.439566 212.224.0.188 > dhcp-79-123.uni-paderborn.de: haunted.ipv6.frontbone.de.32878 > blackbox.lechte.net.domain: 40962[|domain]
12:05:12.440154 212.224.0.188 > dhcp-79-123.uni-paderborn.de: haunted.ipv6.frontbone.de.32878 > blackbox.lechte.net.domain: 20734[|domain]
[...no answers either, blackbox.lechte.net from my ip6-subnet-space...]
12:11:39.136610 dhcp-79-123.uni-paderborn.de > 212.244.0.188: cl-61.ham-01.de.sixxs.net > gw-61.ham-01.de.sixxs.net: icmp6: echo request (DF)
12:11:40.154724 dhcp-79-123.uni-paderborn.de > 212.244.0.188: cl-61.ham-01.de.sixxs.net > gw-61.ham-01.de.sixxs.net: icmp6: echo request (DF)
12:11:41.154727 dhcp-79-123.uni-paderborn.de > 212.244.0.188: cl-61.ham-01.de.sixxs.net > gw-61.ham-01.de.sixxs.net: icmp6: echo request (DF)
12:11:42.154683 dhcp-79-123.uni-paderborn.de > 212.244.0.188: cl-61.ham-01.de.sixxs.net > gw-61.ham-01.de.sixxs.net: icmp6: echo request (DF)
12:11:43.154695 dhcp-79-123.uni-paderborn.de > 212.244.0.188: cl-61.ham-01.de.sixxs.net > gw-61.ham-01.de.sixxs.net: icmp6: echo request (DF)
-- snip --
the last 5 lines where produced by the ping6 i did above.
look, i'm totally lost here, i really don't know what it could be, so point me on everything!
ah, yes...
-- snip --
blackbox:~# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+dhcp-prim.uni-p 192.53.103.104 2 u 44 64 377 3.478 5.164 2.083
+dhcp-sec.uni-pa 192.53.103.103 2 u 59 64 377 3.651 4.327 6.414
+zit-net1.uni-pa 192.53.103.104 2 u 107 64 376 2.616 4.104 5.704
*zit-net2.uni-pa 192.53.103.104 2 u 58 64 377 2.556 -3.049 4.548
-- snip --
...it's a heartbeat-tunnel, heartbeat-client is running.
nothing works after reboot - i'm lost
Check your firewall rules as you are simply not sending any traffic out, or at least not over the correct link. As it is seems to be a linux box (you didn't tell so without information we are having to guess again) try adding 2000::/3 next to the default route that sometimes helps on older kernels.
nothing works after reboot - i'm lost
Shadow Hawkins on Wednesday, 12 May 2004 12:32:39
jeroen, you're not totally right here :)
the last time i booted my linux debian machine (saturday), ...
however, i can include more information,
blackbox:~# uname -a
Linux blackbox 2.4.25-blackbox #2 Fri Mar 12 12:02:49 CET 2004 i686 GNU/Linux
sixxs Link encap:IPv6-in-IPv4
inet6 addr: 2001:6f8:900:3c::2/64 Scope:Global
inet6 addr: fe80::83ea:4eed/128 Scope:Link
inet6 addr: 2001:6f8:93e::1/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1206 errors:14 dropped:0 overruns:0 carrier:14
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:138376 (135.1 KiB)
blackbox:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
fwd all -- localnet/24 anywhere
fwd all -- anywhere localnet/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fwd (2 references)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere
blackbox:~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpts:5000:5049 to:192.168.0.240
DNAT tcp -- anywhere anywhere tcp dpts:20000:20039 to:192.168.0.254
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
blackbox:~# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
adding 2000::/3 as route did not bring improvements, as it's a 2.4.25 kernel.
nothing works after reboot - i'm lost
I suggest you start asking your system administration if they have started filtering proto-41. Then again your first tcpdump shows that the traffic from the POP does arrive. Is your kernel maybe flaky? 2.6.x series are actually better than the 2.4.x ones.
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 12 May 2004 09:16:42
Posting is only allowed when you are