Web lists-archives.com

Re: IPv6 router is not forwarding packets




Hi Pascal,

Am Sonntag, 6. Januar 2019, 19:41:51 CET schrieb Pascal Hambourg:
> Le 06/01/2019 à 18:36, Rainer Dorsch a écrit :
> > ISP router -> Stretch router (home) -> Endpoint (mohot)
> > 
> > I can ssh from the mohot to home (ssh
> > 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c) and I can ssh from the home to
> > the internet (using IPv6), but I cannot ssh
> > from the mohot (endpoint) to the internet:
> (...)
> 
> > For me it seems that home is dropping the request, if that is the case, is
> > there a good way to find out why that happens?
> 
> Did you run a packet capture on each involved interface ?

Since these are all vlans, I can run wireshark on each interface. That would 
be my next step...

> 
> > Stretch Router:
> > ---------------
> > 
> > The stretch router has an upstream interface
> > 
> > root@home:/etc# ip addr show dev eth0.1
> > 4: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> > state UP group default qlen 1000
> > 
> >      link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
> >      inet 192.168.0.30/24 brd 192.168.0.255 scope global eth0.1
> >      
> >         valid_lft forever preferred_lft forever
> >      
> >      inet6 2a02:8070:898f:e400:d263:b4ff:fe00:325c/64 scope global
> >      mngtmpaddr
> > 
> > dynamic
> > 
> >         valid_lft 6968sec preferred_lft 3368sec
> >      
> >      inet6 fe80::d263:b4ff:fe00:325c/64 scope link
> >      
> >         valid_lft forever preferred_lft forever
> > 
> > and a downstream interface
> > 
> > root@home:/etc# ip addr show dev eth0.7
> > 10: eth0.7@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> > state UP group default qlen 1000
> > 
> >     link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
> >     inet 192.168.7.1/24 brd 192.168.7.255 scope global eth0.7
> >     
> >        valid_lft forever preferred_lft forever
> >     
> >     inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c/62 scope global
> 
> Why /62 instead of the standard /64 ?

I think that is the outcome of prefix delegation (I have /56 from the ISP).  
This is implemented by the script in

https://wiki.debian.org/IPv6PrefixDelegation

(at least I am not aware that I specify anywhere /62).

> 
> >        valid_lft forever preferred_lft forever
> >     
> >     inet6 fe80::d263:b4ff:fe00:325c/64 scope link
> >     
> >        valid_lft forever preferred_lft forever
> > 
> > root@home:/etc#
> > 
> > for prefix delegation, I followed the Debian wiki
> > 
> > https://wiki.debian.org/IPv6PrefixDelegation
> > 
> > And routing information:
> > root@home:/etc# ip -6 r
> > 2a02:8070:898f:e400::/64 dev eth0.1 proto kernel metric 256  expires
> > 6974sec pref medium
> > 2a02:8070:898f:e4f8::/62 dev eth0.7 proto kernel metric 256  pref medium
> 
> (...)
> 
> > IPv6 forwarding is enabled:
> > 
> > root@home:/etc# cat /proc/sys/net/ipv6/conf/all/forwarding
> > 1
> > root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.7/forwarding
> > 1
> > root@home:/etc#
> 
> What about eth0.1 ? Needed to forward incoming reply packets too.

They should be forwarded:

root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.1/forwarding 
1
root@home:/etc#
 
> > Endpoint:
> > ---------
> > rd@mohot:~$ ip addr show dev eth0
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> > UP group default qlen 1000
> > 
> >     link/ether d0:63:b4:00:4d:d1 brd ff:ff:ff:ff:ff:ff
> >     inet 192.168.7.31/24 brd 192.168.7.255 scope global eth0
> >     
> >        valid_lft forever preferred_lft forever
> >     
> >     inet6 2a02:8070:898f:e400:d263:b4ff:fe00:4dd1/64 scope global dynamic
> > 
> > mngtmpaddr
> > 
> >        valid_lft 7030sec preferred_lft 3430sec
> >     
> >     inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:4dd1/64 scope global dynamic
> > 
> > mngtmpaddr
> > 
> >        valid_lft 14215sec preferred_lft 14215sec
> >     
> >     inet6 fe80::d263:b4ff:fe00:4dd1/64 scope link
> >     
> >        valid_lft forever preferred_lft forever
> 
> What about IPv6 routes ?

root@mohot:~# ip -6 r
2a02:8070:898f:e400::/64 dev eth0 proto kernel metric 256 pref medium
2a02:8070:898f:e4f8::/64 dev eth0 proto kernel metric 256 pref medium
2a02:8070:898f:e4f8::/62 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::d263:b4ff:fe00:325c dev eth0 proto ra metric 1024 hoplimit 64 
pref medium
default via fe80::e228:6dff:fe43:5776 dev eth0 proto ra metric 1024 hoplimit 
255 pref medium
root@mohot:~# 

I thought I better start with an empty ipv6 config on mohot, but even with

rd@mohot:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface

#iface eth0 inet6 auto
iface eth0 inet6 manual
rd@mohot:~$ 

I get the same output. Not sure why these routes and addresses are configured 
on mohot.

Thanks
Rainer

-- 
Rainer Dorsch
http://bokomoko.de/