Web lists-archives.com

IPv6 router is not forwarding packets




Hello,

I tried to configure a stretch based IPv6 router.

My setup is:

ISP router -> Stretch router (home) -> Endpoint (mohot)

I can ssh from the mohot to home (ssh 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c) 
and I can ssh from the home to the internet (using IPv6), but I cannot ssh 
from the mohot (endpoint) to the internet:

rd@mohot:~$ ssh -vvv 2a03:4000:6:52b6::
OpenSSH_7.7p1 Debian-3, OpenSSL 1.0.2o  27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 2a03:4000:6:52b6:: is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 2a03:4000:6:52b6:: [2a03:4000:6:52b6::] port 22.

IPv6 forwarding is enabled on the home (stretch router):

# cat /proc/sys/net/ipv6/conf/all/forwarding 
1
#

For me it seems that home is dropping the request, if that is the case, is 
there a good way to find out why that happens?

Any hint is welcome... 

Here is the interface config and routing configuration:

ISP Router:
-----------

My upstream connection gives me a dynamic IPv6 prefix: 2a02:8070:898f:e400::/56
and has an IPv6 address 2a02:8070:8900::30a0:caa7:42e0:93d2

Stretch Router:
---------------

The stretch router has an upstream interface

root@home:/etc# ip addr show dev eth0.1
4: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state 
UP group default qlen 1000
    link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.30/24 brd 192.168.0.255 scope global eth0.1
       valid_lft forever preferred_lft forever
    inet6 2a02:8070:898f:e400:d263:b4ff:fe00:325c/64 scope global mngtmpaddr 
dynamic 
       valid_lft 6968sec preferred_lft 3368sec
    inet6 fe80::d263:b4ff:fe00:325c/64 scope link 
       valid_lft forever preferred_lft forever

and a downstream interface

root@home:/etc# ip addr show dev eth0.7 
10: eth0.7@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
state UP group default qlen 1000 
   link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff 
   inet 192.168.7.1/24 brd 192.168.7.255 scope global eth0.7 
      valid_lft forever preferred_lft forever 
   inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c/62 scope global  
      valid_lft forever preferred_lft forever 
   inet6 fe80::d263:b4ff:fe00:325c/64 scope link  
      valid_lft forever preferred_lft forever 
root@home:/etc# 

for prefix delegation, I followed the Debian wiki

https://wiki.debian.org/IPv6PrefixDelegation

And routing information:
root@home:/etc# ip -6 r
2a02:8070:898f:e400::/64 dev eth0.1 proto kernel metric 256  expires 6974sec 
pref medium
2a02:8070:898f:e4f8::/62 dev eth0.7 proto kernel metric 256  pref medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium
fe80::/64 dev eth0.1 proto kernel metric 256  pref medium
fe80::/64 dev eth0.2 proto kernel metric 256  pref medium
fe80::/64 dev eth0.3 proto kernel metric 256  pref medium
fe80::/64 dev eth0.4 proto kernel metric 256  pref medium
fe80::/64 dev eth0.5 proto kernel metric 256  pref medium
fe80::/64 dev eth0.6 proto kernel metric 256  pref medium
fe80::/64 dev eth0.7 proto kernel metric 256  pref medium
default via fe80::e228:6dff:fe43:5776 dev eth0.1 proto ra metric 1024  expires 
1574sec hoplimit 255 pref medium
root@home:/etc# 

IPv6 forwarding is enabled:

root@home:/etc# cat /proc/sys/net/ipv6/conf/all/forwarding 
1
root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.7/forwarding 
1
root@home:/etc#


Endpoint:
---------
rd@mohot:~$ ip addr show dev eth0 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000 
   link/ether d0:63:b4:00:4d:d1 brd ff:ff:ff:ff:ff:ff 
   inet 192.168.7.31/24 brd 192.168.7.255 scope global eth0 
      valid_lft forever preferred_lft forever 
   inet6 2a02:8070:898f:e400:d263:b4ff:fe00:4dd1/64 scope global dynamic 
mngtmpaddr  
      valid_lft 7030sec preferred_lft 3430sec 
   inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:4dd1/64 scope global dynamic 
mngtmpaddr  
      valid_lft 14215sec preferred_lft 14215sec 
   inet6 fe80::d263:b4ff:fe00:4dd1/64 scope link  
      valid_lft forever preferred_lft forever 
rd@mohot:~$ 

Many thanks 
Rainer

-- 
Rainer Dorsch
http://bokomoko.de/