OVH Community, your new community space.

IP6 not working?

Myatu

22-04-2013, 16:07

I've noticed you've said that "autoconf" is already set to 0. Try setting "accept_ra" to 0 as well with either:

Code:

echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Code:

sysctl -w net.ipv6.conf.eth0.accept_ra=0

cyclo

17-04-2013, 22:59

I've noticed that this randomly resets itself for no apparent reason and I have to manually add the route again

Y3K-Daniel

26-03-2013, 16:59

Interesting, the only way I have it working on at least one of my servers is with what i posted (except with an ipv6 in my /64). If I do it the other way it does not work correctly, as it appears to add a /56 route itself that stops working a while after reboot (similar to the route cyclo was getting).

Myatu

26-03-2013, 15:51

Originally Posted by Y3K-Daniel

Code:

iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 56
        gateway 2001:41D0:2:91ff:ff:ff:ff:ff #This is optional

nd ra is removed again, so this will be depreated (see http://status.ovh.co.uk/?do=details&id=2858). There was a little debate surrounding that, whether to use /56 or /64. The answer was to use the /64 style, as in cyclo's original configuration (see http://forum.ovh.co.uk/showpost.php?...5&postcount=13).

Y3K-Daniel

26-03-2013, 15:31

Code:

iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0

Change that to:

Code:

iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 56
        gateway 2001:41D0:2:91ff:ff:ff:ff:ff #This is optional

And it should all work nicely, it's just the way the OVH setup works.

Myatu

25-03-2013, 23:30

Good stuff. Don't forget to setup a firewall for IPv6.

It is a bit odd that your route was the way it was, if autoconf was already disabled. But hopefully it'll not change now.

cyclo

25-03-2013, 23:24

autoconf was already set to 0, but I went ahead and manually added the changes you pasted above and it works fine!

Myatu

25-03-2013, 19:43

Hmm, you're getting your requests so it's reachable and the OVH router is doings its thing, but your replies might end up in limbo because of the route.

If cat /proc/sys/net/ipv6/conf/eth0/autoconf gives you 1, disable it temporarily with echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf . Then re-setup the route directly to the gateway with:

Code:

ip -6 route del 2001:41d0:2:9100::/56 dev eth0
ip -6 route del default via fe80::8a43:e1ff:fe11:c23c
ip -6 route add default via 2001:41D0:2:91ff:ff:ff:ff:ff

Which should leave you with just this (checked via ip -6 route):

Code:

2001:41d0:2:9133::/64 dev eth0  proto kernel  metric 256
2001:41d0:2:91ff:ff:ff:ff:ff dev eth0  metric 1024
fe80::/64 dev eth0  proto kernel  metric 256
default via 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0  metric 1024

See if this will lead you somewhere. If it does, make sure to permanently disable the autoconf, ie:

Code:

echo "net.ipv6.conf.eth0.autoconf = 0" >> /etc/sysctl.conf
sysctl -p

cyclo

25-03-2013, 18:37

Here you go:

Code:

root@saladfingerz:~# tcpdump -i eth0 icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:35:47.714492 IP6 2001:5c0:1502:f900:1d0:deb4:6ce2:e807 > 2001:41d0:2:9133::1: ICMP6, echo request, seq 43, length 40
18:35:47.714513 IP6 2001:41d0:2:9133::1 > 2001:5c0:1502:f900:1d0:deb4:6ce2:e807: ICMP6, echo reply, seq 43, length 40
18:35:52.246108 IP6 2001:5c0:1502:f900:1d0:deb4:6ce2:e807 > 2001:41d0:2:9133::1: ICMP6, echo request, seq 44, length 40
18:35:52.246140 IP6 2001:41d0:2:9133::1 > 2001:5c0:1502:f900:1d0:deb4:6ce2:e807: ICMP6, echo reply, seq 44, length 40

Code:

root@saladfingerz:~# ip -6 route
2001:41d0:2:9133::/64 dev eth0  proto kernel  metric 256
2001:41d0:2:91ff:ff:ff:ff:ff dev eth0  metric 1024
2001:41d0:2:9100::/56 dev eth0  proto kernel  metric 256  expires 2591863sec
fe80::/64 dev eth0  proto kernel  metric 256
default via fe80::8a43:e1ff:fe11:c23c dev eth0  proto ra  metric 1024  expires 1663sec

Myatu

25-03-2013, 07:20

Right, so your config looks fine and you don't have an IPv6 firewall setup. Could you verify with ip -6 route that it does indeed use the default gateway specified?

You can also perform a check with tcpdump, ie tcpdump -i eth0 icmp6, which should show ICMP6 echo requests and replies (in order) when you perform a ping6 on another terminal.

cyclo

25-03-2013, 00:10

Code:

root@saladfingerz:~# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Code:

root@saladfingerz:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere             tcp dpt:ftp state NEW recent: UPDATE seconds: 60 hit_count: 4 name: DEFAULT side: source
           tcp  --  anywhere             anywhere             tcp dpt:ftp state NEW recent: SET name: DEFAULT side: source
DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 60 hit_count: 4 name: DEFAULT side: source
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
DROP       all  --  80.63.56.147         anywhere
DROP       all  --  c-75-73-75-86.hsd1.mn.comcast.net  anywhere
DROP       all  --  5.199.132.164        anywhere
DROP       all  --  113.85.224.159.triolan.net  anywhere
DROP       all  --  ge-3-3-0-core-as12455.orange.co.ke  anywhere
DROP       all  --  202.113.65.229       anywhere
DROP       all  --  216.83.60.76         anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain syn-flood (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             limit: avg 10/sec burst 50
DROP       all  --  anywhere             anywhere

alex

24-03-2013, 19:29

Originally Posted by cyclo

I have a few rules in iptables, but there's nothing in there that blocks pings, or anything related to IPv6

have you check firewall for ipv6? I had similar issue.

cyclo

24-03-2013, 17:49

I have a few rules in iptables, but there's nothing in there that blocks pings, or anything related to IPv6

Myatu

23-03-2013, 11:03

Are you using a firewall? Ensure that is configured properly for IPv6, and that the firewall allows for pings (ICMP).

wii89

21-03-2013, 10:28

That config looks ok

cyclo

19-03-2013, 14:36

This is the ip6 part of the config:

Code:

iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0

Abdurrahman

19-03-2013, 11:59

Hi cyclo,

Can you show me the network interfaces file? It seems strange, because it should be configured by default on Debian 7.

cyclo

19-03-2013, 10:45

I am having issues with ip6 not working. If I try ping6 google.com for example I don't receive any replies.

Code:

root@***:/var/log# ping6 google.com
PING google.com(par03s02-in-x0e.1e100.net) 56 data bytes
^C
--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3022ms

I'm a complete noob when it comes to ip6 and I have no idea where to start looking. ifconfig does shows an ip6 address added, and it matches the one in the manager.

The server is a SP32G running debian 7