Set up tunnel to HE.net and now only ipv6.google.com works, but other sites ping fine.

Posted by AndrejaKo on Super User See other posts from Super User or by AndrejaKo
Published on 2011-02-26T17:37:26Z Indexed on 2011/02/26 23:27 UTC
Read the original article Hit count: 324

Filed under:
|
|
|
|

I'm setting up IPv6 using my router which is running OpenWRT, version Backfire 10.03.1-rc4. I made a tunnel using Hurricane Electric's tunnel broker and set it up on the router and I'm using RADVD to hand out IPv6 addresses.

My problem is that on computers on the network, I can only access ipv6.google.com using a browser, but other sites seem to be loading forever and won't open in any browser. I can ping and traceroute to them fine, but can't open them with a browser.

I can open any site normally with a browser from the router.

Stopping firewall service on the router doesn't help, so it's probably not a firewall issue.

All AAAA records resolve fine, so it's probably not a DNS issue.

Computers on the network get their IPv6 addresses fine, so it's probably not a radvd issue.

Similar setup worked fine for SixXs, but I'm having problems with my PoP there, so I decided to move to HE.

Here are some traceroutes:

From a client computer:

Tracing route to ipv6.he.net [2001:470:0:64::2]
over a maximum of 30 hops:

  1    <1 ms     1 ms     1 ms  2001:470:1f0b:de5::1 
  2    62 ms    63 ms    62 ms  andrejako-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1] 
  3    60 ms    60 ms    63 ms  gige-g2-4.core1.fra1.he.net [2001:470:0:69::1] 
  4    63 ms    68 ms    68 ms  10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1] 
  5    84 ms    74 ms    76 ms  10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1] 
  6   146 ms   147 ms   151 ms  10gigabitethernet4-4.core1.nyc4.he.net [2001:470:0:128::1] 
  7   200 ms   198 ms   202 ms  10gigabitethernet5-3.core1.lax1.he.net [2001:470:0:10e::1] 
  8   219 ms     *      210 ms  10gigabitethernet2-2.core1.fmt2.he.net [2001:470:0:18d::1] 
  9   221 ms   338 ms   209 ms  gige-g4-18.core1.fmt1.he.net [2001:470:0:2d::1] 
 10   206 ms   210 ms   207 ms  ipv6.he.net [2001:470:0:64::2] 

Trace complete.

and another from a cliet computer

Tracing route to whatismyipv6.com [2001:4870:a24f:2::90]
over a maximum of 30 hops:

  1     7 ms     1 ms     1 ms  2001:470:1f0b:de5::1 
  2    69 ms    70 ms    63 ms  AndrejaKo-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1] 
  3    57 ms    65 ms    58 ms  gige-g2-4.core1.fra1.he.net [2001:470:0:69::1] 
  4    73 ms    74 ms    75 ms  10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1] 
  5    71 ms    74 ms    76 ms  10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1] 
  6   141 ms   149 ms   148 ms  10gigabitethernet2-3.core1.nyc4.he.net [2001:470:0:3e::1] 
  7   141 ms   147 ms   143 ms  10gigabitethernet1-2.core1.nyc1.he.net [2001:470:0:37::2] 
  8   144 ms   145 ms   142 ms  2001:504:1::a500:4323:1 
  9   226 ms   225 ms   218 ms  2001:4870:a240::2 
 10   220 ms   224 ms   219 ms  2001:4870:a240::2 
 11   219 ms   218 ms   220 ms  2001:4870:a24f::2 
 12   221 ms   222 ms   220 ms  www.whatismyipv6.com [2001:4870:a24f:2::90] 

Trace complete.

Here's some firewall info on the router:

root@OpenWrt:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
syn_flood  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02
input_rule  all  --  0.0.0.0/0            0.0.0.0/0
input      all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
zone_wan_MSSFIX  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
forwarding_rule  all  --  0.0.0.0/0            0.0.0.0/0
forward    all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
output_rule  all  --  0.0.0.0/0            0.0.0.0/0
output     all  --  0.0.0.0/0            0.0.0.0/0

Chain forward (1 references)
target     prot opt source               destination
zone_lan_forward  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_forward  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain forwarding_lan (1 references)
target     prot opt source               destination

Chain forwarding_rule (1 references)
target     prot opt source               destination
nat_reflection_fwd  all  --  0.0.0.0/0            0.0.0.0/0

Chain forwarding_wan (1 references)
target     prot opt source               destination

Chain input (1 references)
target     prot opt source               destination
zone_lan   all  --  0.0.0.0/0            0.0.0.0/0
zone_wan   all  --  0.0.0.0/0            0.0.0.0/0
zone_wan   all  --  0.0.0.0/0            0.0.0.0/0

Chain input_lan (1 references)
target     prot opt source               destination

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan (1 references)
target     prot opt source               destination

Chain nat_reflection_fwd (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.0/24       192.168.1.2         tcp dpt:80

Chain output (1 references)
target     prot opt source               destination
zone_lan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0

Chain output_rule (1 references)
target     prot opt source               destination

Chain reject (7 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 25/sec burst 50
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan (1 references)
target     prot opt source               destination
input_lan  all  --  0.0.0.0/0            0.0.0.0/0
zone_lan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_ACCEPT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_DROP (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_MSSFIX (0 references)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain zone_lan_REJECT (1 references)
target     prot opt source               destination
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_forward (1 references)
target     prot opt source               destination
zone_wan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0
forwarding_lan  all  --  0.0.0.0/0            0.0.0.0/0
zone_lan_REJECT  all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan (2 references)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:68
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     41   --  0.0.0.0/0            0.0.0.0/0
input_wan  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_REJECT  all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_ACCEPT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_DROP (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_MSSFIX (1 references)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain zone_wan_REJECT (2 references)
target     prot opt source               destination
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_forward (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.2
forwarding_wan  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_REJECT  all  --  0.0.0.0/0            0.0.0.0/0

Here's some routing info:

root@OpenWrt:/# ip -f inet6 route
2001:470:1f0a:de5::/64 via :: dev 6in4-henet  proto kernel  metric 256  mtu 1280 advmss 1220 hoplimit 0
2001:470:1f0b:de5::/64 dev br-lan  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev br-lan  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0.1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0.2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4-henet  proto kernel  metric 256  mtu 1280 advmss 1220 hoplimit 0
default dev 6in4-henet  metric 1024  mtu 1280 advmss 1220 hoplimit 0

I have computers running windows 7 SP1 and openSUSE 11.3 and all of them have same problem.

I also made a thread about this on HE's forum, but it seems that people there are out of ideas what to do.

© Super User or respective owner

Related posts about windows-7

Related posts about linux