Set up tunnel to HE.net and now only ipv6.google.com works, but other sites ping fine.
Posted
by
AndrejaKo
on Super User
See other posts from Super User
or by AndrejaKo
Published on 2011-02-26T17:37:26Z
Indexed on
2011/02/26
23:27 UTC
Read the original article
Hit count: 324
I'm setting up IPv6 using my router which is running OpenWRT, version Backfire 10.03.1-rc4. I made a tunnel using Hurricane Electric's tunnel broker and set it up on the router and I'm using RADVD to hand out IPv6 addresses.
My problem is that on computers on the network, I can only access ipv6.google.com using a browser, but other sites seem to be loading forever and won't open in any browser. I can ping and traceroute to them fine, but can't open them with a browser.
I can open any site normally with a browser from the router.
Stopping firewall service on the router doesn't help, so it's probably not a firewall issue.
All AAAA records resolve fine, so it's probably not a DNS issue.
Computers on the network get their IPv6 addresses fine, so it's probably not a radvd issue.
Similar setup worked fine for SixXs, but I'm having problems with my PoP there, so I decided to move to HE.
Here are some traceroutes:
From a client computer:
Tracing route to ipv6.he.net [2001:470:0:64::2]
over a maximum of 30 hops:
1 <1 ms 1 ms 1 ms 2001:470:1f0b:de5::1
2 62 ms 63 ms 62 ms andrejako-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1]
3 60 ms 60 ms 63 ms gige-g2-4.core1.fra1.he.net [2001:470:0:69::1]
4 63 ms 68 ms 68 ms 10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1]
5 84 ms 74 ms 76 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
6 146 ms 147 ms 151 ms 10gigabitethernet4-4.core1.nyc4.he.net [2001:470:0:128::1]
7 200 ms 198 ms 202 ms 10gigabitethernet5-3.core1.lax1.he.net [2001:470:0:10e::1]
8 219 ms * 210 ms 10gigabitethernet2-2.core1.fmt2.he.net [2001:470:0:18d::1]
9 221 ms 338 ms 209 ms gige-g4-18.core1.fmt1.he.net [2001:470:0:2d::1]
10 206 ms 210 ms 207 ms ipv6.he.net [2001:470:0:64::2]
Trace complete.
and another from a cliet computer
Tracing route to whatismyipv6.com [2001:4870:a24f:2::90]
over a maximum of 30 hops:
1 7 ms 1 ms 1 ms 2001:470:1f0b:de5::1
2 69 ms 70 ms 63 ms AndrejaKo-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1]
3 57 ms 65 ms 58 ms gige-g2-4.core1.fra1.he.net [2001:470:0:69::1]
4 73 ms 74 ms 75 ms 10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1]
5 71 ms 74 ms 76 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
6 141 ms 149 ms 148 ms 10gigabitethernet2-3.core1.nyc4.he.net [2001:470:0:3e::1]
7 141 ms 147 ms 143 ms 10gigabitethernet1-2.core1.nyc1.he.net [2001:470:0:37::2]
8 144 ms 145 ms 142 ms 2001:504:1::a500:4323:1
9 226 ms 225 ms 218 ms 2001:4870:a240::2
10 220 ms 224 ms 219 ms 2001:4870:a240::2
11 219 ms 218 ms 220 ms 2001:4870:a24f::2
12 221 ms 222 ms 220 ms www.whatismyipv6.com [2001:4870:a24f:2::90]
Trace complete.
Here's some firewall info on the router:
root@OpenWrt:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
input_rule all -- 0.0.0.0/0 0.0.0.0/0
input all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
zone_wan_MSSFIX all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0
forward all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
output_rule all -- 0.0.0.0/0 0.0.0.0/0
output all -- 0.0.0.0/0 0.0.0.0/0
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
nat_reflection_fwd all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain nat_reflection_fwd (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:80
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain output_rule (1 references)
target prot opt source destination
Chain reject (7 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan (1 references)
target prot opt source destination
input_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_MSSFIX (0 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
forwarding_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan (2 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT 41 -- 0.0.0.0/0 0.0.0.0/0
input_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_MSSFIX (1 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_forward (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.1.2
forwarding_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Here's some routing info:
root@OpenWrt:/# ip -f inet6 route
2001:470:1f0a:de5::/64 via :: dev 6in4-henet proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
2001:470:1f0b:de5::/64 dev br-lan proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev br-lan proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0.1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0.2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4-henet proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
default dev 6in4-henet metric 1024 mtu 1280 advmss 1220 hoplimit 0
I have computers running windows 7 SP1 and openSUSE 11.3 and all of them have same problem.
I also made a thread about this on HE's forum, but it seems that people there are out of ideas what to do.
© Super User or respective owner