LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-22-2011, 01:16 AM   #1
xywang
LQ Newbie
 
Registered: Oct 2011
Posts: 4

Rep: Reputation: Disabled
ip6-ip6 tunnel receives traffic but not going out to the outbound interface


Folks:

I am new to this forum, but I have been dealing with Unix/Linux and networking for a while.

Recently I run into this ip6-ip6 tunnel issue and want to bring to this forum to seek help.

In my ubuntu 11.10 box (Linux 3.0.0-12-server #20-Ubuntu SMP) I have created the following:
eth4: 2001:xxxx:xxxx:304::1/56 <-- public net
eth1: 2001:xxxx:xxxx:306::1/64 <-- private subnet using public address
ip6tnl1: 2001:xxxx:xxxx:304::2/64

where:
eth4 is directly connected to 2001:xxxx:xxxx:300::/56 network and from the ubuntu box it can ping to the main router 2001:xxxx:xxxx:300::1/56.

My goal is to let 2001:xxxx:xxxx:306::1/64 subnet to get to the main router but having to go through the ubuntu gateway for traffic control.

I have tried the regular route solution, but the 2001:xxxx:xxxx:300::1 router thinks 306 nodes as its local neiboughor and tries to use local milticast address to find out what this 306 node is, and the multicast message is blocked by the ubuntu gateway.

I have tried ip6tables rules without success, because the ubuntu box at eth4 does not pick up the multicast message. The reason the multicast message got drop (I think) is because it has the multicast network headers but also with the last 4 hex digits of the 306 node.

Another solution I am experimenting is to use a ip6ip6 tunnel to force the out going message to uses the ubuntu gateway ip address so that the returning message can be tunnelled back to the 306 subnet.

ip6tnl1 is created by the command:
ip -6 tunnel change ip6tnl1 mode ip6ip6 remote 2001:xxxx:xxxx:300::1 local 2001:xxxx:xxxx:304::1

and here is the route table:
2001:xxxx:xxxx:300::1 dev eth4 metric 1
2001:xxxx:xxxx:304::/64 dev ip6tnl1 proto kernel metric 256
2001:xxxx:xxxx:306::/64 dev eth1 proto kernel metric 256
2001:xxxx:xxxx:300::/56 dev eth4 proto kernel metric 256
2000::/3 dev ip6tnl1 metric 1024
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev eth4 proto kernel metric 256
fe80::/64 dev ip6tnl1 proto kernel metric 256

after all these set up, ping6 to 2001:xxxx:xxxx:300::1 still works.
However, ping6 to 2607:f8b0:4001:c01::69 does not.

tcpdump shows ping6 to 2607:f8b0:4001:c01::69 goes to ip6tnl1, but no relavent tunnelled traffic is shown to any other interface, therefore the ping did not go out to router 2001:xxxx:xxxx:300::1.

the ip4 and ip6 forward paramenter is set to 1 and is working by the indication that the gatway routes 306 traffic to eth4 or ip6tnl1 according to the route table instruction. I am not aware of any special parameter for ip6_tunel forwarding. If there is please let me know.

Any can help me to analysis this issue?
Regardless of any answer, thanks for reading this post.

Last edited by xywang; 10-22-2011 at 10:59 AM. Reason: spelling/technical word of choice
 
Old 10-24-2011, 06:01 PM   #2
xywang
LQ Newbie
 
Registered: Oct 2011
Posts: 4

Original Poster
Rep: Reputation: Disabled
Folks:

I have found the solution from here: http://linux-attitude.fr/post/proxy-ndp-ipv6.
It is written in Finnish, but you can use google translate to read it. It describes the same problem and the solution. I have implemented the solution and my problem is solved.

To be clear, this is not ip6ip6 tunnel solution, this is ipv6 ndp proxy solution. This solution requires all IPs are public routable IPs.

Thanks for the reading.

Last edited by xywang; 10-24-2011 at 06:42 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ip4 in IP6 encapsulator/decapsulator and raw socket the_ionic Programming 0 10-14-2009 12:24 PM
net.inet6.ip6.v6only ? KlaymenDK *BSD 0 11-12-2005 08:32 AM
IP6 Fedora Core 2 odysseynetwork Linux - Networking 0 10-15-2004 11:29 AM
OpenBSD IP6 Vulnerability leeach *BSD 10 03-18-2004 06:33 PM
OOT: ip6 makes NAT to be history linuxJaver Slackware 0 09-08-2003 02:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration