Hi, I have AICCU installed from the ports. Well I have filled in the missed informations (username/password) in the aiccu.conf. AICCU seems to work, but I can't ping any IPv6 address. I'm using the IPFW, here's my config: #!/bin/sh # Also die Regeln auf "Null" stellen /sbin/ipfw -q -f flush # IPFW-Kommando "Quiet" fwcmd="/sbin/ipfw -q add" # Das setzen unserer eigenen Variabeln int_interface="rl1" # ${int_interface} Internes Interface natd_interface="tun0" # ${natd_interface} Externes Interface dns_server1="217.237.150.33" # ${dns_server1} 1. DNS-Server des ISP dns_server2="217.237.151.161" # ${dns_server2} 2. DNS-Server des ISP #open_tcpports="21,22,25,80,443,465,993,49152-65535" # ${open_tcpports} Offene Ports #open_udpports="7777,7778,7787,28902" # ${open_udpports} Offene Ports int_open_tcpports="22,80" # Offene Ports für das interne Interface # Erlaubt Loopbackverbindungen ${fwcmd} 00100 allow ip from any to any via lo0 # Hiermit dürfen alle ins Internet ${fwcmd} 00150 divert natd all from any to any via ${natd_interface} # Stateful Packet Inspection ${fwcmd} 00200 check-state # Erlaubt internen Verkehr ${fwcmd} 00210 allow tcp from any to me ${int_open_tcpports} via ${int_interface} setup keep-state ${fwcmd} 00215 deny log all from any to me via ${int_interface} ${fwcmd} 00217 allow ip from any to any via ${int_interface} keep-state # Anti-Spoofing ${fwcmd} 00220 deny log ip from 10.0.0.0/8 to any in via ${natd_interface} ${fwcmd} 00230 deny log ip from 172.16.0.0/12 to any in via ${natd_interface} ${fwcmd} 00240 deny log ip from 192.168.0.0/16 to any in via ${natd_interface} # Fragmentiert Packete werden verworfen ${fwcmd} 00250 deny all from any to any frag in via ${natd_interface} # Ack Packete ohne vorheriges Req werden geblockt ${fwcmd} 00260 deny tcp from any to any established in via ${natd_interface} # Erlaubt alle Verbindungen welche von hier initiiert wurden ${fwcmd} 00300 allow tcp from any to any out via ${natd_interface} setup keep-state ${fwcmd} 00310 allow udp from any to any out via ${natd_interface} keep-state # Wenn die Verbindung einmal hergestellt wurde, erlaube dieser offen zu stehen ${fwcmd} 00320 allow tcp from any to any via ${natd_interface} established ${fwcmd} 00330 allow udp from any to any via ${natd_interface} established # Erlaubte Dienste die ausm Internet erreicht werden dürfen #${fwcmd} 00400 allow tcp from any to any ${open_tcpports} setup keep-state #${fwcmd} 00410 allow udp from any to any ${open_udpports} keep-state # This sends a RESET to all ident packets. ${fwcmd} 00500 reset log tcp from any to me 113 in via ${natd_interface} # Erlaubt ausgehende DNS queries NUR auf angegebenem DNS-Server ${fwcmd} 00600 allow udp from any to ${dns_server1} 53 out via ${natd_interface} keep-state ${fwcmd} 00610 allow tcp from any to ${dns_server1} 53 out via ${natd_interface} setup keep-state ${fwcmd} 00620 allow udp from any to ${dns_server2} 53 out via ${natd_interface} keep-state ${fwcmd} 00630 allow tcp from any to ${dns_server2} 53 out via ${natd_interface} setup keep-state # Loggt ICMP Anfragen (echo und dest. unreachable) == script kiddies ${fwcmd} 00700 allow log icmp from any to any in recv ${natd_interface} icmptype 3 ${fwcmd} 00710 allow log icmp from any to any in recv ${natd_interface} icmptype 8 # ICMP erlauben ${fwcmd} 00750 allow icmp from any to any ${fwcmd} 00800 allow 41 from me to 212.224.0.188 out keep-state ${fwcmd} 00810 allow 41 from 212.224.0.188 to me in keep-state # Alles andere verbieten (Wird nicht geloggt) ${fwcmd} deny ip from any to any # END ----------------------------- Here's the autotest log from AICCU: sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)" sock_printf() : "client TIC/draft-00 AICCU/2005.01.31-console-freebsd4 FreeBSD/4.10-RELEASE-p5" sock_getline() : "200 Client Identity accepted" sock_printf() : "get unixtime" sock_getline() : "200 1112731209" sock_printf() : "username XXXXXXX" sock_getline() : "200 Choose your authentication challenge please" sock_printf() : "challenge md5" sock_getline() : "200 XXXXXXX" sock_printf() : "authenticate md5 XXXXXXXXX" sock_getline() : "200 Succesfully logged in using md5 as XXXXXXX from 84.178.52.220" sock_printf() : "tunnel show T6809" sock_getline() : "201 Showing tunnel information for T6809" sock_getline() : "TunnelId: T6809" sock_getline() : "Type: 6in4-heartbeat" sock_getline() : "IPv6 Endpoint: 2001:6f8:900:4d1::2" sock_getline() : "IPv6 POP: 2001:6f8:900:4d1::1" sock_getline() : "IPv6 PrefixLength: 64" sock_getline() : "Tunnel MTU: 1280" sock_getline() : "POP Id: deham01" sock_getline() : "IPv4 Endpoint: heartbeat" sock_getline() : "IPv4 POP: 212.224.0.188" sock_getline() : "UserState: enabled" sock_getline() : "AdminState: enabled" sock_getline() : "Password: XXXXXXXXX" sock_getline() : "Heartbeat_Interval: 60" sock_getline() : "202 Done" Succesfully retrieved tunnel information for T6809 sock_printf() : "QUIT Better Off Dead" Tunnel Information for T6809: POP Id : deham01 IPv6 Local : 2001:6f8:900:4d1::2/64 IPv6 Remote : 2001:6f8:900:4d1::1/64 Tunnel Type : 6in4-heartbeat Adminstate : enabled Userstate : enabled heartbeat_socket() - IPv4 : 84.178.52.220 ####### ####### AICCU Quick Connectivity Test ####### ####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (84.178.52.220) ### This should return so called 'echo replies' ### If it doesn't then check your firewall settings ### Your local endpoint should always be pingable ### It could also indicate problems with your IPv4 stack PING 84.178.52.220 (84.178.52.220): 56 data bytes 64 bytes from 84.178.52.220: icmp_seq=0 ttl=64 time=0.551 ms 64 bytes from 84.178.52.220: icmp_seq=1 ttl=64 time=0.585 ms 64 bytes from 84.178.52.220: icmp_seq=2 ttl=64 time=3.915 ms --- 84.178.52.220 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.551/1.684/3.915/1.578 ms ###### ####### [2/8] Ping the IPv4 Remote/POP Outer Endpoint (212.224.0.188) ### These pings should reach the POP and come back to you ### In case there are problems along the route between your ### host and the POP this could not return replies ### Check your firewall settings if problems occur PING 212.224.0.188 (212.224.0.188): 56 data bytes 64 bytes from 212.224.0.188: icmp_seq=0 ttl=58 time=52.861 ms 64 bytes from 212.224.0.188: icmp_seq=1 ttl=58 time=53.731 ms 64 bytes from 212.224.0.188: icmp_seq=2 ttl=58 time=56.489 ms --- 212.224.0.188 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 52.861/54.360/56.489/1.547 ms ###### ####### [3/8] Traceroute to the POP (212.224.0.188) over IPv4 ### This traceroute should reach the POP ### In case this traceroute fails then you have no connectivity ### to the POP and this is most probably the problem traceroute to 212.224.0.188 (212.224.0.188), 64 hops max, 44 byte packets 1 217.0.116.28 (217.0.116.28) 43.610 ms 42.909 ms 42.512 ms 2 217.0.66.18 (217.0.66.18) 41.199 ms 41.582 ms 41.888 ms 3 f-eb5.F.DE.net.DTAG.DE (62.154.17.62) 42.840 ms 42.677 ms 42.084 ms 4 62.156.139.226 (62.156.139.226) 43.010 ms 40.877 ms 51.580 ms 5 ge1-1-0-0.br0.ixfra.de.easynet.net (194.64.253.113) 41.012 ms 41.274 ms 42.490 ms 6 so0-2-0-0.br1.isham.de.easynet.net (194.64.4.146) 50.720 ms 50.963 ms 49.995 ms 7 vl40.as0-r0.isham.de.easynet.net (212.224.4.225) 50.028 ms 49.853 ms 50.900 ms 8 deham01.sixxs.net (212.224.0.188) 50.291 ms 49.947 ms 50.416 ms ###### ###### [4/8] Checking if we can ping IPv6 localhost (::1) ### This confirms if your IPv6 is working ### If ::1 doesn't reply then something is wrong with your IPv6 stack PING6(56=40+8+8 bytes) ::1 --> ::1 16 bytes from ::1: Echo Request 16 bytes from ::1, icmp_seq=0 hlim=64 dst=::1%5 time=0.292 ms 16 bytes from ::1: Echo Request 16 bytes from ::1, icmp_seq=1 hlim=64 dst=::1%5 time=0.277 ms 16 bytes from ::1: Echo Request 16 bytes from ::1, icmp_seq=2 hlim=64 dst=::1%5 time=0.276 ms --- ::1 ping6 statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.276/0.282/0.292/0.007 ms ###### ###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:6f8:900:4d1::2) ### This confirms that your tunnel is configured ### If it doesn't reply then check your interface and routing tables PING6(56=40+8+8 bytes) 2001:6f8:900:4d1::2 --> 2001:6f8:900:4d1::2 16 bytes from 2001:6f8:900:4d1::2: Echo Request 16 bytes from 2001:6f8:900:4d1::2, icmp_seq=0 hlim=64 dst=2001:6f8:900:4d1::2%5 time=0.292 ms 16 bytes from 2001:6f8:900:4d1::2: Echo Request 16 bytes from 2001:6f8:900:4d1::2, icmp_seq=1 hlim=64 dst=2001:6f8:900:4d1::2%5 time=0.298 ms 16 bytes from 2001:6f8:900:4d1::2: Echo Request 16 bytes from 2001:6f8:900:4d1::2, icmp_seq=2 hlim=64 dst=2001:6f8:900:4d1::2%5 time=0.284 ms --- 2001:6f8:900:4d1::2 ping6 statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.284/0.291/0.298/0.006 ms ###### ###### [6/8] Ping the IPv6 Remote/POP Inner Tunnel Endpoint (2001:6f8:900:4d1::1) ### This confirms the reachability of the other side of the tunnel ### If it doesn't reply then check your interface and routing tables ### Don't forget to check your firewall of course ### If the previous test was succesful then this could be both ### a firewalling and a routing/interface problem PING6(56=40+8+8 bytes) 2001:6f8:900:4d1::2 --> 2001:6f8:900:4d1::1 --- 2001:6f8:900:4d1::1 ping6 statistics --- 3 packets transmitted, 0 packets received, 100% packet loss ###### ###### [7/8] Traceroute6 to the central SixXS machine (noc.sixxs.net) ### This confirms that you can reach the central machine of SixXS ### If that one is reachable you should be able to reach most IPv6 destinations ### Also check http://www.sixxs.net/ipv6calc/ which should show an IPv6 connection ### If your browser supports IPv6 and uses it of course. traceroute6 to noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) from 2001:6f8:900:4d1::2, 30 hops max, 12 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * ###### ###### [8/8] Traceroute6 to (www.kame.net) ### This confirms that you can reach a Japanese IPv6 destination ### If that one is reachable you should be able to reach most IPv6 destinations ### You should also check http://www.kame.net which should display ### a animated kame (turtle), of course only when your browser supports and uses IPv6 traceroute6 to www.kame.net (2001:200:0:8002:203:47ff:fea5:3085) from 2001:6f8:900:4d1::2, 30 hops max, 12 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * ###### ###### ACCU Quick Connectivity Test (done) The relevant interfaces via ifconfig: tun0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1492 inet 84.178.52.220 --> 217.0.116.28 netmask 0xffffffff Opened by PID 278 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet 84.178.52.220 --> 212.224.0.188 inet6 fe80::230:84ff:fe0c:53a5%gif0 prefixlen 64 scopeid 0x9 inet6 2001:6f8:900:4d1::2 prefixlen 128 Does anybody know what's wrong?! Thanks, Miguel