Re: IPv6 router is not forwarding packets
Le 06/01/2019 à 18:36, Rainer Dorsch a écrit :
ISP router -> Stretch router (home) -> Endpoint (mohot)
I can ssh from the mohot to home (ssh 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c)
and I can ssh from the home to the internet (using IPv6), but I cannot ssh
from the mohot (endpoint) to the internet:
(...)
For me it seems that home is dropping the request, if that is the case, is
there a good way to find out why that happens?
Did you run a packet capture on each involved interface ?
Stretch Router:
---------------
The stretch router has an upstream interface
root@home:/etc# ip addr show dev eth0.1
4: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.30/24 brd 192.168.0.255 scope global eth0.1
valid_lft forever preferred_lft forever
inet6 2a02:8070:898f:e400:d263:b4ff:fe00:325c/64 scope global mngtmpaddr
dynamic
valid_lft 6968sec preferred_lft 3368sec
inet6 fe80::d263:b4ff:fe00:325c/64 scope link
valid_lft forever preferred_lft forever
and a downstream interface
root@home:/etc# ip addr show dev eth0.7
10: eth0.7@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.7.1/24 brd 192.168.7.255 scope global eth0.7
valid_lft forever preferred_lft forever
inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c/62 scope global
Why /62 instead of the standard /64 ?
valid_lft forever preferred_lft forever
inet6 fe80::d263:b4ff:fe00:325c/64 scope link
valid_lft forever preferred_lft forever
root@home:/etc#
for prefix delegation, I followed the Debian wiki
https://wiki.debian.org/IPv6PrefixDelegation
And routing information:
root@home:/etc# ip -6 r
2a02:8070:898f:e400::/64 dev eth0.1 proto kernel metric 256 expires 6974sec
pref medium
2a02:8070:898f:e4f8::/62 dev eth0.7 proto kernel metric 256 pref medium
(...)
IPv6 forwarding is enabled:
root@home:/etc# cat /proc/sys/net/ipv6/conf/all/forwarding
1
root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.7/forwarding
1
root@home:/etc#
What about eth0.1 ? Needed to forward incoming reply packets too.
Endpoint:
---------
rd@mohot:~$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether d0:63:b4:00:4d:d1 brd ff:ff:ff:ff:ff:ff
inet 192.168.7.31/24 brd 192.168.7.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a02:8070:898f:e400:d263:b4ff:fe00:4dd1/64 scope global dynamic
mngtmpaddr
valid_lft 7030sec preferred_lft 3430sec
inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:4dd1/64 scope global dynamic
mngtmpaddr
valid_lft 14215sec preferred_lft 14215sec
inet6 fe80::d263:b4ff:fe00:4dd1/64 scope link
valid_lft forever preferred_lft forever
What about IPv6 routes ?
Reply to: