LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-19-2015, 09:01 AM   #1
colweb
LQ Newbie
 
Registered: Oct 2014
Location: planet Earth
Distribution: Slackware
Posts: 21

Rep: Reputation: Disabled
Server with 2 nics won't forward IPv6 from local lan to internet


Hi all,

I have the following situation: a Linux server with Slackware:

Server:
eth0 has 192.168.168.240 and 2001:x:y:2::240
eth1 has 10.0.0.240 and 2001:x:y:1::240

IPv6 default route 2001:x:y:1::1 dev eth1
net.ipv6.conf.all.forwarding = 1
Modem:
LAN site: 10.0.0.1 and 2001:x:y:1::1
Internet site: 80.x.x.x and 2001:x:y::1
IPv4 doesn't give any problems and works perfectly. But IPv6 ...

On the local lan I did give a Linux box 2001:x:y:2::10 and added a default route to 2001:x:y:2::240.
With ping6 I can ping both eth0 and eth1 of the server. So far so good. But ping6 to the lan side of the modem gives nothing.

From the server I can ping6 the Linux box, both eth0 and eth1 and the lan side of the modem. But it goes further then that, ping6 to the internet side of the modem works and ping6 to any external IPv6 address works as well.

ip6tables does allow forwarding of all IPv6 on both interfaces.

A normal IPv4 ping to the lan or internet side of the modem works from the Linux box and pings to any external IPv4 addresses work as well.
But what needs to be done to make it so that the Linux box can ping6 the outside world as well. Currently if won't go any further then eth1 in the server.

TIA

Last edited by colweb; 12-19-2015 at 11:24 AM.
 
Old 12-19-2015, 10:53 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
Quote:
Originally Posted by colweb View Post
With ping6 I can ping both eth0 and eth1 of the server. So far so good. But ping6 to the lan side of the modem gives nothing.
Sounds like a missing route on the ISP router.
Quote:
Originally Posted by colweb View Post
From the server I can ping6 the Linux box, both eth0 and eth1 and the lan side of the modem. But it goes further then that, ping6 to the internet side of the modem works and ping6 to any external IPv6 address works as well.
Have you tried pinging an external IPv6 address from the server, using the LAN IPv6 address as the source?
Code:
ping6 -I <IPv6 source address> <external host>
That will tell you in an instant if this is routing-related or not.

You can also try tcpdump-ing IPv6 ping packets on the external interface while you're attempting to ping a global address from a LAN host, to see if the server is actually forwarding these packets.
 
1 members found this post helpful.
Old 12-19-2015, 11:21 AM   #3
colweb
LQ Newbie
 
Registered: Oct 2014
Location: planet Earth
Distribution: Slackware
Posts: 21

Original Poster
Rep: Reputation: Disabled
Didn't know you could specify the interface to ping from. Doing so gives:

ping6 from eth0 to eth1 works
ping6 from eth0 to anything that is only reachable through eth1 doesn't work.

In other words:

ping6 -I 2001:x:y:2::240 2001:x:y:1::240 gives replies
ping6 -I 2001:x:y:2::240 2001:x:y:1::1 gives nothing, only packet loss.
 
Old 12-19-2015, 11:32 AM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
Quote:
Originally Posted by colweb View Post
ping6 from eth0 to anything that is only reachable through eth1 doesn't work.
Quote:
Originally Posted by colweb View Post
ping6 -I 2001:x:y:2::240 2001:x:y:1::1 gives nothing, only packet loss.
It seems your ISP isn't routing your /48 block to 2001:x:y:1::240.

Usually, an ISP will select n:n:n:n::1 as the address for their router, and then route the (rest of the) assigned /48 block to n:n:n:n::2. Are you sure you're supposed to use 2001:x:y:1::240 on your gateway?
 
Old 12-19-2015, 12:36 PM   #5
colweb
LQ Newbie
 
Registered: Oct 2014
Location: planet Earth
Distribution: Slackware
Posts: 21

Original Poster
Rep: Reputation: Disabled
If I change the IPv6 address of eth1 to 2001:x:y::2 I can no longer ping6 the modem or any outside IPv6 address.

Thought that eth1 should have an address in the same range as the internal address of the modem (that is 2001:x:y:1::1). That's why I did give it 2001:x:y:1::240 and added a default gateway to the internal address of the modem.

When I give eth1 2001:x:y::2 it can still ping6 eth0 and all machines on the internal lan. But it can't ping6 the modem anymore. Changing the default gateway to the external address of the modem doesn't make any difference.
 
Old 12-19-2015, 12:44 PM   #6
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
I think I see where the problem is.

If I understand this correctly, your Internet gateway has 2001:x:y::1/64 on the WAN side and 2001:x:y:1::1/64 on the LAN side. You're trying to use the another IPv6 network in the (assumably) assigned /48 block behind yet another router (your server), which has 2001:x:y:1::240/64 on one side and 2001:x:y:2::240/64 on the other.

For this to work, the Internet gateway has to be explicitly told to route 2001:x:y:2::/64 through 2001:x:y:1::240. You need to create a static IPv6 route on that gateway.

Last edited by Ser Olmy; 12-19-2015 at 12:45 PM.
 
Old 12-19-2015, 02:08 PM   #7
colweb
LQ Newbie
 
Registered: Oct 2014
Location: planet Earth
Distribution: Slackware
Posts: 21

Original Poster
Rep: Reputation: Disabled
Quote:
If I understand this correctly, your Internet gateway has 2001:x:y::1/64 on the WAN side and 2001:x:y:1::1/64 on the LAN side.
Correct.

Quote:
You're trying to use the another IPv6 network in the (assumably) assigned /48 block behind yet another router (your server), which has 2001:x:y:1::240/64 on one side and 2001:x:y:2::240/64 on the other.
And yes, my ISP did assign me a /48 block.

Quote:
For this to work, the Internet gateway has to be explicitly told to route 2001:x:y:2::/64 through 2001:x:y:1::240. You need to create a static IPv6 route on that gateway.
Can you please provide an example of the command needed to create that static routing. Have been buys studying then ip man page and while there is something about nexthop and adding routes, it isn't very clear. Unfortunately can't find any example of ip -6 where nexthop is used. (not in the man page, not with Google).

And when searching for "static routing eth0 to eth1" or similar with Google, I get lot's of text about routing but nothing useful.
 
Old 12-19-2015, 02:56 PM   #8
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
You have to add this route on the Internet gateway. If that is also a Linux system, the ip route command is what you'd typically use:
Code:
ip -6 route add 2001:x:y:2::/64 via 2001:x:y:1::240
The route will be active immediately, but since the routing table exists in kernel memory, it will be wiped at next reboot.

To make the static route persistent, the command above will have to be added to a startup script somewhere. Your distribution probably has a recommended procedure for adding routes, so you should check the relevant documentation.

If the Internet gateway is not a Linux box, you should search for a setting called "static routing" or something very similar.
 
Old 12-19-2015, 09:00 PM   #9
colweb
LQ Newbie
 
Registered: Oct 2014
Location: planet Earth
Distribution: Slackware
Posts: 21

Original Poster
Rep: Reputation: Disabled
Code:
slackserver# ip -6 route add 2001:x:y:2::/64 via 2001:x:y:1::240 dev eth0
Note: without dev eth0 it gives "RTNETLINK answer: Invalid argument"

Code:
slackserver# route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::1/128                         ::                         Un   0   3    13 lo
2001:x:y:1::/128                ::                         Un   0   2     0 lo
2001:x:y:1::/128          	::                         UH   1   0     0 eth0
2001:x:y:1::240/128       	::                         Un   0   1   256 lo
2001:x:y:1::/64           	::                         U    256 0     1 eth1
2001:x:y:1::/64           	::                         U    1024 0     1 eth0
2001:x:y:2::/128          	::                         Un   0   2     0 lo
2001:x:y:2::240/128       	::                         Un   0   1    89 lo
2001:x:y:2::/64           	::                         U    256 0     0 eth0
2001:x:y:2::/64           	2001:x:y:1::240       	   UG   1024 0     0 eth0
fe80::/128                      ::                         Un   0   2     0 lo
fe80::/128                      ::                         Un   0   2     0 lo
fe80::204:23ff:fec5:12a/128     ::                         Un   0   1    85 lo
fe80::204:23ff:fec5:12b/128     ::                         Un   0   1   593 lo
fe80::/64                       ::                         U    256 0     0 eth0
fe80::/64                       ::                         U    256 0     0 eth1
ff00::/8                        ::                         U    256 0     0 eth0
ff00::/8                        ::                         U    256 0     0 eth1
::/0                            2001:x:y:1::1              UG   1024 0   296 eth1
::/0                           ::                         !n   -1  1   768 lo
Code:
slackserver# ping6 -I 2001:x:y:2::240 2001:x:y:1::240  
PING 2001:x:y:1::240(2001:x:y:1::240) from 2001:x:y:2::240 : 56 data bytes
64 bytes from 2001:x:y:1::240: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 2001:x:y:1::240: icmp_seq=2 ttl=64 time=0.032 ms
Ping6 from eth0 (internal lan) to eth1 works But I could ping6 eth1 from any machine on the internal LAN before adding the extra route.r

Code:
slackserver# ping6 -I 2001:x:y:2::240 2001:x:y:1::1
PING 2001:x:y::1(2001:x:y::1) from 2001:x:y:2::240 : 56 data bytes
--- 2001:x:y::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2010ms
But ping6 from eth0 to the LAN side of the modem .. no response

And of course, ping6 to any outside IPv6 address gives the same result.
 
Old 12-20-2015, 06:20 PM   #10
colweb
LQ Newbie
 
Registered: Oct 2014
Location: planet Earth
Distribution: Slackware
Posts: 21

Original Poster
Rep: Reputation: Disabled
After studying for hours, it turns out that my modem (a FritzBox 7360) is the cause of all the problems. The Linux server does forward IPv6 pings and packages but the modem refused to answer.

Fortunately found a website with undocumented options about the FritzBox. After changing the routing table in the Fritzbox (something that isn't possible through the web interface), a ping6 from any 2001:x:y:2::# to the lan site of the modem results in an answer. Still not possible to ping any outside IPv6 address or the outside IPv6 address of the modem.

Currently not sure if this has something to do with the routing table in the modem. According to that same website responses to a ping6 is disabled if it is coming from internal with a different subnet. In other words, ping6 from eth1 (2001:x:y:1::240) to any IPv6 address is honored because the lan site of the modem also has 2001:x:y:1... But a ping6 from 2001:x:y:2... is blocked and can't be enabled.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Transparent proxy, 2 NICs, forward to internal proxy server Alcyone Linux - Networking 6 05-14-2013 08:15 PM
3 nics, connect to internet, share to local net, and connect to local net. Not workin linux-i386 Linux - Networking 2 09-15-2009 10:13 PM
Apache won't accept or reject incoming internet connections but accepts on local lan zenchess Linux - Networking 3 06-10-2006 10:06 AM
Wireless won't forward me outside of the LAN on Slackware 10.2 Rocksnob Linux - Wireless Networking 2 02-23-2006 10:49 PM
Problem when configuring 2 NICs for internal LAN and cable internet mailavj Linux - Networking 24 04-07-2005 10:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration