SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #5284538
Ticket Status: User

PoP: chzrh02 - Init7 AG (Zurich)

T48965 doesn't work anymore (drops traffic)
[ch] Shadow Hawkins on Friday, 29 July 2011 09:31:00
Starting up aiccu works, as do steps 1-5 of "aiccu test". Test6:
PING 2001:1620:f00:ce::1(2001:1620:f00:ce::1) 56 data bytes --- 2001:1620:f00:ce::1 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2015ms
Routing tables before starting aiccu:
default via 84.72.172.1 dev eth1 metric 3 84.72.172.0/22 dev eth1 proto kernel scope link src 84.72.173.122 metric 3 127.0.0.0/8 via 127.0.0.1 dev lo 172.17.1.0/24 dev eth0 proto kernel scope link src 172.17.1.1 172.17.2.0/24 dev wlan0 proto kernel scope link src 172.17.2.1 2001:1620:f67::/64 dev eth0 proto kernel metric 256 2001:1620:f67:1::/64 dev wlan0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev wlan0 proto kernel metric 256 ff00::/8 dev eth0 metric 256 ff00::/8 dev eth1 metric 256 ff00::/8 dev wlan0 metric 256
After starting aiccu: 2001:1620:f00:ce::/64 dev sixxs proto kernel metric 256 2001:1620:f67::/64 dev eth0 proto kernel metric 256 2001:1620:f67:1::/64 dev wlan0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev wlan0 proto kernel metric 256 fe80::/64 dev sixxs proto kernel metric 256 ff00::/8 dev eth0 metric 256 ff00::/8 dev eth1 metric 256 ff00::/8 dev wlan0 metric 256 ff00::/8 dev sixxs metric 256 default via 2001:1620:f00:ce::1 dev sixxs metric 1024 (v4 stays the same, as expected)
I've tried both with my normal packetfilter setup and one that just permits everything. In both cases, the packets just disappear into the tunnel and never get an answer. On the far side, nothing arrives.
traceroute6 kaini6.schwarzvogel.de traceroute to kaini6.schwarzvogel.de (2a01:4f8:110:61c2::) from 2001:1620:f00:ce::2, 30 hops max, 16 byte packets 1 * * * (never completes)
Aiccu startup messages:
Jul 29 09:28:02 desjani aiccu: Succesfully retrieved tunnel information for T48965 Jul 29 09:28:02 desjani aiccu: AICCU running as PID 13139 Jul 29 09:28:02 desjani aiccu: [AYIYA-start] : Anything in Anything (draft-02) Jul 29 09:28:02 desjani aiccu: [AYIYA-tun->tundev] : (Socket to TUN) started
State change: user Locked
[ch] Jeroen Massar SixXS Staff on Friday, 29 July 2011 09:51:33
Message is Locked
The state of this ticket has been changed to user
T48965 doesn't work anymore (drops traffic)
[ch] Jeroen Massar SixXS Staff on Friday, 29 July 2011 09:53:25
I've tried both with my normal packetfilter setup and one that just permits everything. In both cases, the packets just disappear into the tunnel and never get an answer. On the far side, nothing arrives.
The ticket system is not a firewall debugging help desk. Please per use the forums. If you do think there is a problem on the PoP side, please read and follow the "Reporting Problems" section on the Contact page and provide all requested details.
T48965 doesn't work anymore (drops traffic)
[ch] Shadow Hawkins on Friday, 29 July 2011 10:26:15
This is /not/ a Firewall problem. As I said, I tried with both my normal filtering setup and "no firewall". It doesn't make a difference. As for the reporting problems steps: - I ran aiccu test and told you what it said - NAT is done on that very machine, but only for v4. The v4 part works, as evidenced by aiccu test. This setup hasn't really changed until I tried to debug the tunnel not working anymore. - OS is Linux (obviously), v3.0.0, LFS - Netfilter table is empty: # ip6tables-save # Generated by ip6tables-save v1.4.10 on Fri Jul 29 10:15:12 2011 *filter :INPUT ACCEPT [1:96] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [81:8416] COMMIT # Completed on Fri Jul 29 10:15:12 2011 # iptables-save # Generated by iptables-save v1.4.10 on Fri Jul 29 10:19:57 2011 *nat :PREROUTING ACCEPT [42709:2784769] :INPUT ACCEPT [19848:1272579] :OUTPUT ACCEPT [14287:1010530] :POSTROUTING ACCEPT [14541:1021010] -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.17.1.2:80 -A POSTROUTING -s 172.17.1.0/24 -o eth1 -j MASQUERADE -A POSTROUTING -s 172.17.2.0/24 -o eth1 -j MASQUERADE COMMIT # Completed on Fri Jul 29 10:19:57 2011 # Generated by iptables-save v1.4.10 on Fri Jul 29 10:19:57 2011 *filter :INPUT ACCEPT [34:2536] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [24:2848] COMMIT # Completed on Fri Jul 29 10:19:57 2011 ping from outside (from 2a01:4f8:110:61c2::): $ ping6 fw.i-no.de PING fw.i-no.de(cl-207.zrh-02.ch.sixxs.net) 56 data bytes From 2001:1620:2005:4::2 icmp_seq=1 Destination unreachable: No route From 2001:1620:2005:4::2 icmp_seq=2 Destination unreachable: No route From 2001:1620:2005:4::2 icmp_seq=3 Destination unreachable: No route From 2001:1620:2005:4::2 icmp_seq=4 Destination unreachable: No route # ip link sh 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0d:b9:20:e8:e0 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0d:b9:20:e8:e1 brd ff:ff:ff:ff:ff:ff 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:0d:b9:20:e8:e2 brd ff:ff:ff:ff:ff:ff 5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:1b:b1:5e:d8:4b brd ff:ff:ff:ff:ff:ff 6: sit0: <NOARP> mtu 1480 qdisc noop state DOWN link/sit 0.0.0.0 brd 0.0.0.0 7: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN link/tunnel6 :: brd :: 9: mon.wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000 link/ieee802.11/radiotap 00:1b:b1:5e:d8:4b brd ff:ff:ff:ff:ff:ff 20: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN qlen 500 link/none ###### # aiccu test ####### ####### AICCU Quick Connectivity Test ####### ####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (84.72.173.122) ### This should return so called 'echo replies' ### If it doesn't then check your firewall settings ### Your local endpoint should always be pingable ### It could also indicate problems with your IPv4 stack PING 84.72.173.122 (84.72.173.122) 56(84) bytes of data. 64 bytes from 84.72.173.122: icmp_req=1 ttl=64 time=0.146 ms 64 bytes from 84.72.173.122: icmp_req=2 ttl=64 time=0.078 ms 64 bytes from 84.72.173.122: icmp_req=3 ttl=64 time=0.072 ms --- 84.72.173.122 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.072/0.098/0.146/0.035 ms ###### Did this work? [Y/n] y ####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (213.144.148.74) ### These pings should reach the PoP and come back to you ### In case there are problems along the route between your ### host and the PoP this could not return replies ### Check your firewall settings if problems occur PING 213.144.148.74 (213.144.148.74) 56(84) bytes of data. 64 bytes from 213.144.148.74: icmp_req=1 ttl=54 time=24.9 ms 64 bytes from 213.144.148.74: icmp_req=2 ttl=54 time=20.3 ms 64 bytes from 213.144.148.74: icmp_req=3 ttl=54 time=20.9 ms --- 213.144.148.74 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 20.349/22.085/24.918/2.023 ms ###### Did this work? [Y/n] y ####### [3/8] Traceroute to the PoP (213.144.148.74) over IPv4 ### This traceroute should reach the PoP ### In case this traceroute fails then you have no connectivity ### to the PoP and this is most probably the problem traceroute to 213.144.148.74 (213.144.148.74), 30 hops max, 60 byte packets 1 * * * 2 217-168-56-105.static.cablecom.ch (217.168.56.105) 12.800 ms 12.762 ms 12.693 ms 3 172.31.208.69 (172.31.208.69) 12.704 ms 12.642 ms 12.865 ms 4 ch-zrh01a-si1.aorta.net (213.46.171.18) 16.745 ms 16.825 ms 16.765 ms 5 r1gva1.core.init7.net (77.109.134.249) 16.694 ms 16.835 ms 16.771 ms 6 r1zug1.core.init7.net (77.109.128.217) 22.395 ms 33.385 ms 33.304 ms 7 r1glb1.core.init7.net (77.109.140.205) 33.515 ms 33.462 ms 33.418 ms 8 r1oer1.core.init7.net (77.109.128.177) 33.254 ms 37.050 ms 36.588 ms 9 r1zur1.core.init7.net (77.109.128.253) 36.508 ms 36.446 ms 36.492 ms 10 r1zlz1.core.init7.net (77.109.128.210) 36.414 ms 31.119 ms 22.241 ms 11 chzrh02.sixxs.net (213.144.148.74) 20.476 ms 20.331 ms 20.257 ms ###### Did this work? [Y/n] y ###### [4/8] Checking if we can ping IPv6 localhost (::1) ### This confirms if your IPv6 is working ### If ::1 doesn't reply then something is wrong with your IPv6 stack PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.109 ms 64 bytes from ::1: icmp_seq=2 ttl=64 time=0.079 ms 64 bytes from ::1: icmp_seq=3 ttl=64 time=0.077 ms --- ::1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.077/0.088/0.109/0.016 ms ###### Did this work? [Y/n] y ###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:1620:f00:ce::2) ### This confirms that your tunnel is configured ### If it doesn't reply then check your interface and routing tables PING 2001:1620:f00:ce::2(2001:1620:f00:ce::2) 56 data bytes 64 bytes from 2001:1620:f00:ce::2: icmp_seq=1 ttl=64 time=0.123 ms 64 bytes from 2001:1620:f00:ce::2: icmp_seq=2 ttl=64 time=0.093 ms 64 bytes from 2001:1620:f00:ce::2: icmp_seq=3 ttl=64 time=0.085 ms --- 2001:1620:f00:ce::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.085/0.100/0.123/0.018 ms ###### Did this work? [Y/n] y ###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:1620:f00:ce::1) ### This confirms the reachability of the other side of the tunnel ### If it doesn't reply then check your interface and routing tables ### Don't forget to check your firewall of course ### If the previous test was succesful then this could be both ### a firewalling and a routing/interface problem PING 2001:1620:f00:ce::1(2001:1620:f00:ce::1) 56 data bytes --- 2001:1620:f00:ce::1 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms ###### Did this work? [Y/n] (while running ping6 in another shell) # tshark -i sixxs [Errno 2] No such file or directory: '/usr/lib/wireshark/python/1.4.7/wspy_dissectors' Running as user "root" and group "root". This could be dangerous. Capturing on sixxs 0.000000 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 1.006703 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 2.014678 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 3.022681 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 4.030685 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request tshark -i eth1 not port 22 and not arp [Errno 2] No such file or directory: '/usr/lib/wireshark/python/1.4.7/wspy_dissectors' Running as user "root" and group "root". This could be dangerous. Capturing on eth1 0.000000 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 1.007975 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 2.015965 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 3.023970 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 4.031963 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request 5.039966 2001:1620:f00:ce::2 -> 2a01:4f8:110:61c2:: ICMPv6 Echo (ping) request And how was my earlier request one for Firewall help?!

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker