|
aiccu Tunnel on ASUS Router
![[us]](/s/countries/us.gif) Shadow Hawkins on Thursday, 05 June 2014 01:58:09
I have configured aiccu to run directly on my ASUS RT-AC66U router as my ISP gives out a private IP address and I am unable to forward any ports.
I am having trouble achieving IPv6 connectivity in my network. When I configure IPv6 on the router to use Native connection type with DHCP-PD, I am able to reach IPv6 addresses from the router itself but not from client devices.
When I configure the router for IPv6 connectivity using Tunnel 6in4, I am not able to access IPv6 from any devices (including the router itself).
Below is my configuration:
Basic Config
Connection type: Tunnel 6in4
Server IPv4 Address38.229.76.3
Client IPv6 Address2604:8800:100:***::2
IPv6 Prefix Length64
Tunnel MTU1280
Tunnel TTL255
IPv6 LAN Setting
LAN IPv6 Address2604:8800:100:****::1
LAN Prefix Length64
LAN IPv6 Prefix2604:8800:100:****::
IPv6 DNS Setting
IPv6 DNS Server 12001:4860:4860::8888
IPv6 DNS Server 22001:4860:4860::8844
IPv6 DNS Server 3
Auto Configuration Setting
Enable Router AdvertisementEnable
Enable DHCPv6 ServerEnable
And from the System Log page:
IPv6 Connection Type: Tunnel 6in4
WAN IPv6 Address: 2604:8800:100:***::2/64
WAN IPv6 Gateway: ::
LAN IPv6 Address: 2604:8800:100:****::1/64
LAN IPv6 Link-Local Address: fe80::62a4:4cff:fea1:54d0/64
LAN IPv6 Prefix: 2604:8800:100:****::/64
DNS Address: 2001:4860:4860::8888 2001:4860:4860::8844
Any assistance is appreciated.
aiccu Tunnel on ASUS Router
Client IPv6 Address2604:8800:100:***::2 ... LAN IPv6 Address2604:8800:100:****::1
The exact values here are important, but you are masking them out.
Note that these networks have to be different. Check your user home page for the exact tunnel ("Client IPv6" and subnet ("LAN IPv6") prefixes that have been assigned to you.
aiccu Tunnel on ASUS Router
Shadow Hawkins on Thursday, 05 June 2014 12:40:18
Oliver Wine wrote:
I have configured aiccu to run directly on my ASUS RT-AC66U router as my ISP gives out a private IP address and I am unable to forward any ports.
I am having trouble achieving IPv6 connectivity in my network. When I configure IPv6 on the router to use Native connection type with DHCP-PD, I am able to reach IPv6 addresses from the router itself but not from client devices.
When I configure the router for IPv6 connectivity using Tunnel 6in4, I am not able to access IPv6 from any devices (including the router itself).
Below is my configuration:
Basic Config
Connection type: Tunnel 6in4
Server IPv4 Address38.229.76.3
Client IPv6 Address2604:8800:100:***::2
IPv6 Prefix Length64
Tunnel MTU1280
Tunnel TTL255
IPv6 LAN Setting
LAN IPv6 Address2604:8800:100:****::1
LAN Prefix Length64
LAN IPv6 Prefix2604:8800:100:****::
IPv6 DNS Setting
IPv6 DNS Server 12001:4860:4860::8888
IPv6 DNS Server 22001:4860:4860::8844
IPv6 DNS Server 3
Auto Configuration Setting
Enable Router AdvertisementEnable
Enable DHCPv6 ServerEnable
And from the System Log page:
IPv6 Connection Type: Tunnel 6in4
WAN IPv6 Address: 2604:8800:100:***::2/64
WAN IPv6 Gateway: ::
LAN IPv6 Address: 2604:8800:100:****::1/64
LAN IPv6 Link-Local Address: fe80::62a4:4cff:fea1:54d0/64
LAN IPv6 Prefix: 2604:8800:100:****::/64
DNS Address: 2001:4860:4860::8888 2001:4860:4860::8844
Any assistance is appreciated.
Client address: 2604:8800:100:293::2
LAN address: 2604:8800:100:8293::1 (not manually entered, prefix is entered and router fills this field)
Thank you
aiccu Tunnel on ASUS Router
Client address: 2604:8800:100:293::2 LAN address: 2604:8800:100:8293::1 (not manually entered, prefix is entered and router fills this field)
Those should be fine.
What is actually applied is a different question though.
What addresses and routes do the clients receive?
aiccu Tunnel on ASUS Router
Shadow Hawkins on Thursday, 05 June 2014 15:34:22
Jeroen Massar wrote:
> Client address: 2604:8800:100:293::2
No addresses are assigned to any clients and I am unable to ping6 or traceroute6 from the router itself.
Routing Table from Router:
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.8.1 * 255.255.255.255 UH 0 0 0 WAN
192.168.1.0 * 255.255.255.0 U 0 0 0 LAN
172.16.8.0 * 255.255.252.0 U 0 0 0 WAN
default 172.16.8.1 0.0.0.0 UG 0 0 0 WAN
IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:4de0:1000:a3::2/128 2001:4de0:1000:a3::2 UC 0 1 0 v6in4
2001:4de0:1000:a4::2/128 2001:4de0:1000:a4::2 UC 0 1 0 v6in4
2604:8800:100:293::1/128 2604:8800:100:293::1 UC 0 1 0 sixxs
2604:8800:100:293::/64 :: U 256 0 0 v6in4
2604:8800:100:293::/64 :: U 256 1 0 sixxs
2604:8800:100:8293::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 vlan1
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 v6in4
fe80::/64 :: U 256 0 0 sixxs
::/0 :: U 1 0 0 v6in4
::/0 2604:8800:100:293::1 UG 1024 0 0 sixxs
::1/128 :: U 0 0 1 lo
2604:8800:100:293::/128 :: U 0 0 2 lo
2604:8800:100:293::/128 :: U 0 0 2 lo
2604:8800:100:293::2/128 :: U 0 0 1 lo
2604:8800:100:293::2/128 :: U 0 829 1 lo
2604:8800:100:8293::/128 :: U 0 0 2 lo
2604:8800:100:8293::1/128 :: U 0 0 1 lo
2604:8800:100:8293::54d0/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::ac10:8e3/128 :: U 0 0 1 lo
fe80::62a4:4cff:fea1:54d0/128 :: U 0 0 1 lo
fe80::62a4:4cff:fea1:54d0/128 :: U 0 2767 1 lo
fe80::62a4:4cff:fea1:54d0/128 :: U 0 801 1 lo
fe80::62a4:4cff:fea1:54d0/128 :: U 0 0 1 lo
fe80::62a4:4cff:fea1:54d4/128 :: U 0 0 1 lo
fe80::8800:100:293:2/128 :: U 0 0 1 lo
ff02::1/128 ff02::1 UC 0 7721 0 br0
ff02::fb/128 ff02::fb UC 0 5 0 br0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 br0
ff00::/8 :: U 256 0 0 v6in4
ff00::/8 :: U 256 0 0 sixxs
LAN address: 2604:8800:100:8293::1 (not manually entered, prefix is entered and router fills this field)
Those should be fine.
What is actually applied is a different question though.
What addresses and routes do the clients receive?
aiccu Tunnel on ASUS Router
2001:4de0:1000:a3::2/128 2001:4de0:1000:a3::2 UC 0 1 0 v6in4 2001:4de0:1000:a4::2/128 2001:4de0:1000:a4::2 UC 0 1 0 v6in4
What are those for?
2604:8800:100:293::1/128 2604:8800:100:293::1 UC 0 1 0 sixxs 2604:8800:100:293::/64 :: U 256 0 0 v6in4 2604:8800:100:293::/64 :: U 256 1 0 sixxs
Seems those go to two different interfaces, that will not work.
::/0 :: U 1 0 0 v6in4 ::/0 2604:8800:100:293::1 UG 1024 0 0 sixxs
Two defaults, the first one is wrong.
Seems you have a tunnel configured on both 'v6in4' and on the 'sixxs' interface. That will not work, at least not the way that you likely intend.
aiccu Tunnel on ASUS Router
Shadow Hawkins on Friday, 06 June 2014 18:13:17
Jeroen Massar wrote:
> 2001:4de0:1000:a3::2/128 2001:4de0:1000:a3::2 UC 0 1 0 v6in4
I do not know, restarting my router cleared those routes.
2001:4de0:1000:a4::2/128 2001:4de0:1000:a4::2 UC 0 1 0 v6in4
What are those for?> 2604:8800:100:293::1/128 2604:8800:100:293::1 UC 0 1 0 sixxs
The sixxs interface is created by aiccu, the v6in4 interface is created by the router for the 6in4 tunnel.
2604:8800:100:293::/64 :: U 256 0 0 v6in4 2604:8800:100:293::/64 :: U 256 1 0 sixxs
Seems those go to two different interfaces, that will not work.
::/0 :: U 1 0 0 v6in4 ::/0 2604:8800:100:293::1 UG 1024 0 0 sixxs
Two defaults, the first one is wrong.
Seems you have a tunnel configured on both 'v6in4' and on the 'sixxs' interface. That will not work, at least not the way that you likely intend.
aiccu Tunnel on ASUS Router
Oliver Wine wrote:
The sixxs interface is created by aiccu, the v6in4 interface is created by the router for the 6in4 tunnel.
Which '6in4' tunnel? Are you trying to have two tunnels on the same host?
aiccu Tunnel on ASUS Router
Shadow Hawkins on Friday, 06 June 2014 22:00:27
Jeroen Massar wrote:
Oliver Wine wrote:
I am not, but it appears that the only way the router knows to act is to create the v6in4 interface when it is configured with a 6in4 Tunnel via the web interface.
The sixxs interface is created by aiccu, the v6in4 interface is created by the router for the 6in4 tunnel.
Which '6in4' tunnel? Are you trying to have two tunnels on the same host?
aiccu Tunnel on ASUS Router
Oliver Wine wrote:
Jeroen Massar wrote:
What firmware runs on this, and can you maybe try disabling the 6in4 setup; as when one is using AICCU then that kind of config is not needed and clashes with what AICCU tries to do.
Oliver Wine wrote:
I am not, but it appears that the only way the router knows to act is to create the v6in4 interface when it is configured with a 6in4 Tunnel via the web interface.
The sixxs interface is created by aiccu, the v6in4 interface is created by the router for the 6in4 tunnel.
Which '6in4' tunnel? Are you trying to have two tunnels on the same host?
aiccu Tunnel on ASUS Router
Shadow Hawkins on Saturday, 07 June 2014 18:03:00
Jeroen Massar wrote:
Oliver Wine wrote:
I am running Asuswrt-Merlin. For IPv6 setup on the router, the options are Disable, Native, 6to4, 6in4, 6rd, Static. Which do you think may work?
I am bake to get v6 connectivity on the router only (no clients) when I do DHCP. None at all when I do Static.
Jeroen Massar wrote:
What firmware runs on this, and can you maybe try disabling the 6in4 setup; as when one is using AICCU then that kind of config is not needed and clashes with what AICCU tries to do.
Oliver Wine wrote:
I am not, but it appears that the only way the router knows to act is to create the v6in4 interface when it is configured with a 6in4 Tunnel via the web interface.
The sixxs interface is created by aiccu, the v6in4 interface is created by the router for the 6in4 tunnel.
Which '6in4' tunnel? Are you trying to have two tunnels on the same host?
aiccu Tunnel on ASUS Router
![[de]](/s/countries/de.gif) Shadow Hawkins on Sunday, 08 June 2014 10:08:10
Oliver Wine wrote:
I am running Asuswrt-Merlin. For IPv6 setup on the router, the options are Disable, Native, 6to4, 6in4, 6rd, Static. Which do you think may work?
I am bake to get v6 connectivity on the router only (no clients) when I do DHCP. None at all when I do Static.
I am using a similar configuration w/ Merlin's FW on a AC66U. In the IPv6 configuration of the router I am using "native", "Router Advertisment" and "DHCPv6" are enabled. Of cause I don't get an address this way but that doesn't matter. The WAN address gets configured by aiccu on the sixxs interface and the LAN address I configure manually on the br0 interface.
Starting w/ release 374.42 radvd and dhcpv6s are no longer started automatically.
But using startup scripts I can get everything up and running:
/jffs/scripts/wan-start:
#!/bin/sh
ifconfig br0 <the router address in the LAN>/64
ip -f inet6 route del default dev eth0
(sleep 60; /jffs/scripts/IPv6Start)&
The 60 sec sleep is to be sure that the system time has been set by the NTP client. Otherwise aiccu will fail.
/jffs/scripts/IPv6Start:
#!/bin/sh
/opt/sbin/aiccu start /opt/etc/aiccu.conf
if [ ! -f /tmp/var/run/radvd.pid ]
then
cp /jffs/configs/radvd.conf /etc
radvd -u admin
fi
if [ ! -f /tmp/var/run/dhcp6s.pid ]
then
cp /jffs/configs/dhcp6s.conf /etc
dhcp6s br0
fi
aiccu Tunnel on ASUS Router
Shadow Hawkins on Sunday, 08 June 2014 18:20:42
Juergen Spies wrote:
Oliver Wine wrote:
Ok, I've now got the router properly assigning addresses in my LAN (stateful and stateless). From clients I can ping via IPv6 but traceroutes stop at the router and I cannot get any other v6 connectivity from clients. From the router I have full v6 connectivity.
Any ideas how to achieve this final step?
I am running Asuswrt-Merlin. For IPv6 setup on the router, the options are Disable, Native, 6to4, 6in4, 6rd, Static. Which do you think may work?
I am bake to get v6 connectivity on the router only (no clients) when I do DHCP. None at all when I do Static.
I am using a similar configuration w/ Merlin's FW on a AC66U. In the IPv6 configuration of the router I am using "native", "Router Advertisment" and "DHCPv6" are enabled. Of cause I don't get an address this way but that doesn't matter. The WAN address gets configured by aiccu on the sixxs interface and the LAN address I configure manually on the br0 interface.
Starting w/ release 374.42 radvd and dhcpv6s are no longer started automatically.
But using startup scripts I can get everything up and running:
/jffs/scripts/wan-start:
#!/bin/sh
ifconfig br0 <the router address in the LAN>/64
ip -f inet6 route del default dev eth0
(sleep 60; /jffs/scripts/IPv6Start)&
The 60 sec sleep is to be sure that the system time has been set by the NTP client. Otherwise aiccu will fail.
/jffs/scripts/IPv6Start:
#!/bin/sh
/opt/sbin/aiccu start /opt/etc/aiccu.conf
if [ ! -f /tmp/var/run/radvd.pid ]
then
cp /jffs/configs/radvd.conf /etc
radvd -u admin
fi
if [ ! -f /tmp/var/run/dhcp6s.pid ]
then
cp /jffs/configs/dhcp6s.conf /etc
dhcp6s br0
fi
aiccu Tunnel on ASUS Router
Shadow Hawkins on Sunday, 08 June 2014 20:27:18
Here is the content of my wan-start script. This comes after scripting I have for NTP so that is not an issue for me.
ifconfig br0 2604:8800:100:8293:fea1:54d0/64
ip -f inet6 route del default dev eth0
sleep 3
/opt/sbin/aiccu start /opt/etc/aiccu.conf
sleep 3
service restart_dhcp6s
service restart_radvd
I use the restart commands instead of the additional IPv6Start script you have.
aiccu Tunnel on ASUS Router
Shadow Hawkins on Sunday, 08 June 2014 22:33:07
Oliver Wine wrote:
Ok, I've now got the router properly assigning addresses in my LAN (stateful and stateless). From clients I can ping via IPv6 but traceroutes stop at the router and I cannot get any other v6 connectivity from clients. From the router I have full v6 connectivity.
Any ideas how to achieve this final step?
Potential issues that come to my mind are:
1. Missing default route at clients (From your desc. it is not clear to me if the successful ping include external hosts)
2. Issues in ip6tables FORWARD chain on the asus
For 1) an "ipconfig /all" and "route print -6" from a client (assuming its Windows) would be helpful.
For 2) you should run "ip6tables -t filter -L -v -n --line-numbers" on the router
aiccu Tunnel on ASUS Router
Shadow Hawkins on Sunday, 08 June 2014 23:13:10
Juergen Spies wrote:
Oliver Wine wrote:
1. Ok, I've now got the router properly assigning addresses in my LAN (stateful and stateless). From clients I can ping via IPv6 but traceroutes stop at the router and I cannot get any other v6 connectivity from clients. From the router I have full v6 connectivity.
Any ideas how to achieve this final step?
Potential issues that come to my mind are:
1. Missing default route at clients (From your desc. it is not clear to me if the successful ping include external hosts)
2. Issues in ip6tables FORWARD chain on the asus
For 1) an "ipconfig /all" and "route print -6" from a client (assuming its Windows) would be helpful.
For 2) you should run "ip6tables -t filter -L -v -n --line-numbers" on the router
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default router.asus.com UGSc 28 0 en1
10.37.129/24 link#13 UC 2 0 vnic1
10.37.129.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 vnic1
10.211.55/24 link#12 UC 2 0 vnic0
10.211.55.13 0:1c:42:1d:b1:3b UHLWIi 1 0 vnic0 450
10.211.55.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 vnic0
127 localhost UCS 0 0 lo0
localhost localhost UH 114 52398473 lo0
169.254 link#5 UCS 1 0 en1
169.254.1.100 a8:54:b2:5a:9e:a UHLSW 0 0 en1
192.168.1 link#5 UCS 6 0 en1
router.asus.com 60:a4:4c:a1:54:d0 UHLWIir 30 13661 en1 1151
owmini.epow localhost UHS 0 283 lo0
owiphone5s.epow 18:af:61:c1:ee:21 UHLWIi 4 14756 en1 902
lrappletv.epow 70:73:cb:e1:71:41 UHLWI 0 0 en1 1092
brappletv.epow 58:55:ca:9:3:82 UHLWIi 3 353 en1 1093
vsx-1121-k.epow 0:e0:36:d3:3c:b8 UHLWI 0 0 en1 1109
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 en1
Internet6:
Destination Gateway Flags Netif Expire
default fe80::62a4:4cff:fe UGc en1
localhost localhost UHL lo0
2604:8800:100:8293 link#5 UC en1
2604:8800:100:8293 60:a4:4c:a1:54:d0 UHLWI en1
2604:8800:100:8293 18:af:61:c1:ee:21 UHLWI en1
2604:8800:100:8293 58:55:ca:9:3:82 UHLWI en1
2604:8800:100:8293 10:40:f3:c2:97:6d UHLWIi en1
2604:8800:100:8293 60:a4:4c:a1:54:d0 UHLWI en1
2604:8800:100:8293 18:af:61:c1:ee:21 UHLWI en1
2604:8800:100:8293 10:40:f3:c2:97:6d UHLWIi en1
2604:8800:100:8293 28:cf:e9:9:fa:c7 UHL lo0
2604:8800:100:8293 28:cf:e9:9:fa:c7 UHL lo0
fd66:f253:6469:dd6 fe80::a94c:120:2f0 Uc utun0
fd66:f253:6469:dd6 link#10 UHL lo0
fe80::%lo0 localhost UcI lo0
localhost link#1 UHLI lo0
fe80::%en1 link#5 UCI en1
bedroom-apple-tv.l 58:55:ca:9:3:82 UHLWIi en1
fe80::1482:93d:4c8 1c:ab:a7:a1:3:77 UHLWI en1
owmini.local 28:cf:e9:9:fa:c7 UHLI lo0
fe80::62a4:4cff:fe 60:a4:4c:a1:54:d0 UHLWIir en1
epowrinter.local bc:85:56:4f:a9:27 UHLWI en1
fe80::%utun0 fe80::a94c:120:2f0 UcI utun0
fe80::a94c:120:2f0 link#10 UHLI lo0
ff01::%lo0 localhost UmCI lo0
ff01::%en1 link#5 UmCI en1
ff01::%utun0 fe80::a94c:120:2f0 UmCI utun0
ff02::%lo0 localhost UmCI lo0
ff02::%en1 link#5 UmCI en1
ff02::%utun0 fe80::a94c:120:2f0 UmCI utun0
2. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all * * ::/0 ::/0 rt type:0
2 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
3 0 0 ACCEPT all lo * ::/0 ::/0 state NEW
4 21 2674 ACCEPT all br0 * ::/0 ::/0 state NEW
5 0 0 ACCEPT 59 * * ::/0 ::/0 length 40
6 1032 120K ACCEPT all br0 * ::/0 ::/0
7 0 0 ACCEPT all lo * ::/0 ::/0
8 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:546
9 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1
10 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2
11 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3
12 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4
13 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128
14 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129
15 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 130
16 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 131
17 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 132
18 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 133
19 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 134
20 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 135
21 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 136
22 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 141
23 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 142
24 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 143
25 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 148
26 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 149
27 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 151
28 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 152
29 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 153
30 0 0 DROP all * * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all * * ::/0 ::/0 state INVALID
2 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
3 0 0 DROP all * * ::/0 ::/0 rt type:0
4 0 0 ACCEPT all br0 eth0 ::/0 ::/0
5 0 0 ACCEPT all br0 br0 ::/0 ::/0
6 0 0 ACCEPT 59 * * ::/0 ::/0 length 40
7 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1
8 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2
9 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3
10 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4
11 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128
12 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129
13 0 0 ACCEPT all eth0 br0 ::/0 ::/0
14 0 0 DROP all * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 2129 packets, 290K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all * * ::/0 ::/0 rt type:0
Chain PControls (0 references)
num pkts bytes target prot opt in out source destination
Chain logaccept (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all * * ::/0 ::/0 state NEW LOG flags 7 level 4 prefix `ACCEPT '
2 0 0 ACCEPT all * * ::/0 ::/0
Chain logdrop (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all * * ::/0 ::/0 state NEW LOG flags 7 level 4 prefix `DROP '
2 0 0 DROP all * * ::/0 ::/0
Note: My only computer clients are Macs.
aiccu Tunnel on ASUS Router
Shadow Hawkins on Monday, 09 June 2014 10:31:44
Oliver Wine wrote:
2.
The issue is in rule 4. It only allows new traffic from br0 to eth0. But your IPv6 tunnel sits on device sixxs.
So you need a statement like
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all * * ::/0 ::/0 state INVALID
2 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
3 0 0 DROP all * * ::/0 ::/0 rt type:0
4 0 0 ACCEPT all br0 eth0 ::/0 ::/0
5 0 0 ACCEPT all br0 br0 ::/0 ::/0
6 0 0 ACCEPT 59 * * ::/0 ::/0 length 40
7 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1
8 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2
9 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3
10 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4
11 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128
12 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129
13 0 0 ACCEPT all eth0 br0 ::/0 ::/0
14 0 0 DROP all * * ::/0 ::/0
ip6tables -R FORWARD 4 -i br0 -o sixxs -m state --state NEW -j ACCEPT
in "firewall-start".
And I would remove rule 13 from the same table as it allows all IPv6 traffic from eth0 into your LAN.
aiccu Tunnel on ASUS Router
Shadow Hawkins on Monday, 09 June 2014 11:56:47
Juergen Spies wrote:
Oliver Wine wrote:
That worked! I have full connectivity on all clients now.
Thank you to you both.
2.
The issue is in rule 4. It only allows new traffic from br0 to eth0. But your IPv6 tunnel sits on device sixxs.
So you need a statement like
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all * * ::/0 ::/0 state INVALID
2 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
3 0 0 DROP all * * ::/0 ::/0 rt type:0
4 0 0 ACCEPT all br0 eth0 ::/0 ::/0
5 0 0 ACCEPT all br0 br0 ::/0 ::/0
6 0 0 ACCEPT 59 * * ::/0 ::/0 length 40
7 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1
8 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2
9 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3
10 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4
11 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128
12 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129
13 0 0 ACCEPT all eth0 br0 ::/0 ::/0
14 0 0 DROP all * * ::/0 ::/0
ip6tables -R FORWARD 4 -i br0 -o sixxs -m state --state NEW -j ACCEPT
in "firewall-start".
And I would remove rule 13 from the same table as it allows all IPv6 traffic from eth0 into your LAN.
aiccu Tunnel on ASUS Router
![[mk]](/s/countries/mk.gif) Shadow Hawkins on Tuesday, 08 September 2015 16:25:01
Oliver Wine wrote:
I have configured aiccu to run directly on my ASUS RT-AC66U router as my ISP gives out a private IP address and I am unable to forward any ports...
Oliver can you tell me how did you installed and configured aiccu to run on the router please?
|
![[ch]](/s/countries/ch.gif)
on Thursday, 05 June 2014 05:56:06
Posting is only allowed when you are