Web lists-archives.com

Re: IPv6 router is not forwarding packets




Le 06/01/2019 à 18:36, Rainer Dorsch a écrit :

ISP router -> Stretch router (home) -> Endpoint (mohot)

I can ssh from the mohot to home (ssh 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c)
and I can ssh from the home to the internet (using IPv6), but I cannot ssh
from the mohot (endpoint) to the internet:
(...)
For me it seems that home is dropping the request, if that is the case, is
there a good way to find out why that happens?

Did you run a packet capture on each involved interface ?

Stretch Router:
---------------

The stretch router has an upstream interface

root@home:/etc# ip addr show dev eth0.1
4: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
     link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
     inet 192.168.0.30/24 brd 192.168.0.255 scope global eth0.1
        valid_lft forever preferred_lft forever
     inet6 2a02:8070:898f:e400:d263:b4ff:fe00:325c/64 scope global mngtmpaddr
dynamic
        valid_lft 6968sec preferred_lft 3368sec
     inet6 fe80::d263:b4ff:fe00:325c/64 scope link
        valid_lft forever preferred_lft forever

and a downstream interface

root@home:/etc# ip addr show dev eth0.7
10: eth0.7@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
    link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.7.1/24 brd 192.168.7.255 scope global eth0.7
       valid_lft forever preferred_lft forever
    inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c/62 scope global

Why /62 instead of the standard /64 ?

       valid_lft forever preferred_lft forever
    inet6 fe80::d263:b4ff:fe00:325c/64 scope link
       valid_lft forever preferred_lft forever
root@home:/etc#

for prefix delegation, I followed the Debian wiki

https://wiki.debian.org/IPv6PrefixDelegation

And routing information:
root@home:/etc# ip -6 r
2a02:8070:898f:e400::/64 dev eth0.1 proto kernel metric 256  expires 6974sec
pref medium
2a02:8070:898f:e4f8::/62 dev eth0.7 proto kernel metric 256  pref medium
(...)
IPv6 forwarding is enabled:

root@home:/etc# cat /proc/sys/net/ipv6/conf/all/forwarding
1
root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.7/forwarding
1
root@home:/etc#

What about eth0.1 ? Needed to forward incoming reply packets too.

Endpoint:
---------
rd@mohot:~$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
    link/ether d0:63:b4:00:4d:d1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.7.31/24 brd 192.168.7.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a02:8070:898f:e400:d263:b4ff:fe00:4dd1/64 scope global dynamic
mngtmpaddr
       valid_lft 7030sec preferred_lft 3430sec
    inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:4dd1/64 scope global dynamic
mngtmpaddr
       valid_lft 14215sec preferred_lft 14215sec
    inet6 fe80::d263:b4ff:fe00:4dd1/64 scope link
       valid_lft forever preferred_lft forever

What about IPv6 routes ?