It can't work on NETGEAR WNDR4300 ( using OpenWrt Chaos Calmer 15.05.1 )

[wang20150419]

v6brouter can't work on my router wndr4300( CC 15.05.1). the clients can get ipv6 address ,but it can't access ipv6 website. I use 6relayd, the clients can access ipv6 website , but it is not stable. I use NAT6 mothod, it's work welll. but ipv6 address of the client is not real ipv6 address. how to solve this problem?

[cvmiller]

I am sorry you are having problems with v6brouter. I have a few troubleshooting questions:

1. Are you using the firewall option '-F'? If so, please provide the following command output: ip6tables -L

2. Please provide the following command outputs: ip addr ip -6 route brctl show ebtables -L ebtabls -t broute -L

3. If you do a traceroute (or tracert from windows)from a client to the IPv6 website, what does that output look like? Is it blocked at the v6brouter

Hopefully with the information you provide we can figure out what is wrong with v6brouter.

[wang20150419]

setting of V6Brouter:

WAN_DEV=eth1 BRIDGE=br-lan BRIDGE_IP6=2001:xxx:xxxx:4202:6a1:xxxx:feba:1

* ifconfig output **** br-lan Link encap:Ethernet HWaddr 06:A1:51:XX:XX:XX inet addr:172.16.16.1 Bcast:172.16.16.255 Mask:255.255.255.0 inet6 addr: fe80::4a1:xxxx:feba:6bd4/64 Scope:Link inet6 addr: 2001:xxx:xxxx:4202:6a1:xxxx:feba:1/64 Scope:Global inet6 addr: 2001:xxx:xxxx:4202:4a1:xxxx:feba:6bd4/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13449 errors:0 dropped:22 overruns:0 frame:0 TX packets:20860 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1799777 (1.7 MiB) TX bytes:12992764 (12.3 MiB)

eth0 Link encap:Ethernet HWaddr 06:A1:51:XX:XX:XX inet6 addr: fe80::4a1:xxxx:feba:6bd4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2377 errors:0 dropped:2 overruns:0 frame:0 TX packets:3178 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:198992 (194.3 KiB) TX bytes:288103 (281.3 KiB) Interrupt:4

eth0.1 Link encap:Ethernet HWaddr 06:A1:51:XX:XX:XX UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2348 errors:0 dropped:0 overruns:0 frame:0 TX packets:3170 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:154084 (150.4 KiB) TX bytes:273562 (267.1 KiB)

eth1 Link encap:Ethernet HWaddr 04:A1:51:BA:6B:D5 inet addr:xxx.xxx.137.141 Bcast:xxx.xxx.137.255 Mask:255.255.255.0 inet6 addr: fe80::6a1:xxxx:feba:6bd5/64 Scope:Link inet6 addr: 2001:xxx:xxxx:4202:6a1:xxxx:feba:6bd5/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:49329 errors:0 dropped:21 overruns:0 frame:0 TX packets:10896 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14961559 (14.2 MiB) TX bytes:1767201 (1.6 MiB) Interrupt:5

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:615 errors:0 dropped:0 overruns:0 frame:0 TX packets:615 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:60472 (59.0 KiB) TX bytes:60472 (59.0 KiB)

wlan0 Link encap:Ethernet HWaddr 04:A1:51:XX:XX:XX inet6 addr: fe80::6a1:xxxx:feba:6bd4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7366 errors:0 dropped:0 overruns:0 frame:0 TX packets:7972 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1210943 (1.1 MiB) TX bytes:2744420 (2.6 MiB)

wlan1 Link encap:Ethernet HWaddr 04:A1:51:BA:6B:D6 inet6 addr: fe80::6a1:xxxx:feba:6bd6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5747 errors:0 dropped:0 overruns:0 frame:0 TX packets:9365 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:707356 (690.7 KiB) TX bytes:9028963 (8.6 MiB)

* end of ifconfig **

* ip6tables -L *** target prot opt source destination delegate_input all anywhere anywhere

Chain FORWARD (policy DROP) target prot opt source destination delegate_forward all anywhere anywhere

Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all anywhere anywhere

Chain MINIUPNPD (2 references) target prot opt source destination

Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all anywhere anywhere / user chain for forwarding / ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all anywhere anywhere zone_wan_forward all anywhere anywhere reject all anywhere anywhere

Chain delegate_input (1 references) target prot opt source destination ACCEPT all anywhere anywhere input_rule all anywhere anywhere / user chain for input / ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN zone_lan_input all anywhere anywhere zone_wan_input all anywhere anywhere

Chain delegate_output (1 references) target prot opt source destination ACCEPT all anywhere anywhere output_rule all anywhere anywhere / user chain for output / ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all anywhere anywhere zone_wan_output all anywhere anywhere

Chain forwarding_lan_rule (1 references) target prot opt source destination

Chain forwarding_rule (1 references) target prot opt source destination ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED ACCEPT ipv6-icmp anywhere anywhere mark match 0x10 ACCEPT tcp anywhere anywhere mark match 0x10 tcp dpt:ssh DROP all anywhere anywhere mark match 0x10 ACCEPT ipv6-icmp anywhere anywhere mark match 0x10 ACCEPT tcp anywhere anywhere mark match 0x10 tcp dpt:ssh DROP all anywhere anywhere mark match 0x10 ACCEPT ipv6-icmp anywhere anywhere mark match 0x10 ACCEPT tcp anywhere anywhere mark match 0x10 tcp dpt:ssh DROP all anywhere anywhere mark match 0x10

Chain forwarding_wan_rule (1 references) target prot opt source destination

Chain input_lan_rule (1 references) target prot opt source destination

Chain input_rule (1 references) target prot opt source destination

Chain input_wan_rule (1 references) target prot opt source destination

Chain output_lan_rule (1 references) target prot opt source destination

Chain output_rule (1 references) target prot opt source destination

Chain output_wan_rule (1 references) target prot opt source destination

Chain reject (3 references) target prot opt source destination REJECT tcp anywhere anywhere reject-with tcp-reset REJECT all anywhere anywhere reject-with icmp6-port-unreachable

Chain syn_flood (1 references) target prot opt source destination RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all anywhere anywhere

Chain zone_lan_dest_ACCEPT (4 references) target prot opt source destination ACCEPT all anywhere anywhere

Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all anywhere anywhere / user chain for forwarding / zone_wan_dest_ACCEPT all anywhere anywhere / forwarding lan -> wan / zone_lan_dest_ACCEPT all anywhere anywhere

Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all anywhere anywhere / user chain for input / zone_lan_src_ACCEPT all anywhere anywhere

Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all anywhere anywhere / user chain for output / zone_lan_dest_ACCEPT all anywhere anywhere

Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all anywhere anywhere

Chain zone_wan_dest_ACCEPT (2 references) target prot opt source destination ACCEPT all anywhere anywhere

Chain zone_wan_dest_REJECT (1 references) target prot opt source destination reject all anywhere anywhere

Chain zone_wan_forward (1 references) target prot opt source destination MINIUPNPD all anywhere anywhere MINIUPNPD all anywhere anywhere forwarding_wan_rule all anywhere anywhere / user chain for forwarding / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 / Allow-ICMPv6-Forward / zone_lan_dest_ACCEPT esp anywhere anywhere / @rule[7] / zone_lan_dest_ACCEPT udp anywhere anywhere udp dpt:isakmp / @rule[8] / zone_wan_dest_REJECT all anywhere anywhere

Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all anywhere anywhere / user chain for input / ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client / Allow-DHCPv6 / ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 130 code 0 / Allow-MLD / ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 131 code 0 / Allow-MLD / ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 132 code 0 / Allow-MLD / ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 143 code 0 / Allow-MLD / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement limit: avg 1000/sec burst 5 / Allow-ICMPv6-Input / zone_wan_src_REJECT all anywhere anywhere

Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all anywhere anywhere / user chain for output / zone_wan_dest_ACCEPT all anywhere anywhere

Chain zone_wan_src_REJECT (1 references) target prot opt source destination reject all anywhere anywhere * end of ip6tables -L **

* ip addr **** 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 06:a1:51:XX:XX:XX brd ff:ff:ff:ff:ff:ff inet6 fe80::4a1:xxxx:feba:6bd4/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000 link/ether 04:a1:51:ba:6b:d5 brd ff:ff:ff:ff:ff:ff inet xxx.xxx.137.141/24 brd xxx.xxx.137.255 scope global eth1 valid_lft forever preferred_lft forever inet6 2001:xxx:xxxx:4202:6a1:xxxx:feba:6bd5/64 scope global noprefixroute dynamic valid_lft 2591253sec preferred_lft 604053sec inet6 fe80::6a1:xxxx:feba:6bd5/64 scope link valid_lft forever preferred_lft forever 4: sit0@NONE: mtu 1480 qdisc noop state DOWN group default link/sit 0.0.0.0 brd 0.0.0.0 7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 06:a1:51:XX:XX:XX brd ff:ff:ff:ff:ff:ff inet 172.16.16.1/24 brd 172.16.16.255 scope global br-lan valid_lft forever preferred_lft forever inet6 2001:xxx:xxxx:4202:4a1:xxxx:feba:6bd4/64 scope global mngtmpaddr dynamic valid_lft 2591832sec preferred_lft 604632sec inet6 2001:xxx:xxxx:4202:6a1:xxxx:feba:1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4a1:xxxx:feba:6bd4/64 scope link valid_lft forever preferred_lft forever 8: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default link/ether 06:a1:51:XX:XX:XX brd ff:ff:ff:ff:ff:ff 9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000 link/ether 04:a1:51:XX:XX:XX brd ff:ff:ff:ff:ff:ff inet6 fe80::6a1:xxxx:feba:6bd4/64 scope link valid_lft forever preferred_lft forever 10: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000 link/ether 04:a1:51:ba:6b:d6 brd ff:ff:ff:ff:ff:ff inet6 fe80::6a1:xxxx:feba:6bd6/64 scope link valid_lft forever preferred_lft forever * end of ip addr ****

* ip -6 route ***** default from 2001:xxx:xxxx:4202::/64 via fe80::1614:4bff:fe7d:4cbd dev eth1 proto static metric 512 2001:xxx:xxxx:4202::/64 dev eth1 proto static metric 256 2001:xxx:xxxx:4202::/64 dev br-lan proto kernel metric 256 unreachable fd91:6353:f76f::/48 dev lo proto static metric 2147483647 error -128 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev wlan1 proto kernel metric 256 fe80::/64 dev wlan0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev br-lan proto kernel metric 256 default via fe80::1614:4bff:fe7d:4cbd dev br-lan proto ra metric 1024 expires 1739sec hoplimit 64 * end of ip -6 route ***

* brctl show *** bridge name bridge id STP enabled interfaces br-lan 7fff.06a151ba6bd4 no eth0.1 wlan1 wlan0 eth1 * end of brctl show ****

* ebtables -L **** Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 1, policy: ACCEPT -p IPv6 -i eth1 -j mark --mark-set 0x10 --mark-target CONTINUE

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT * end of ebtables -L**

* ebtables -t broute -L ** Bridge table: broute

Bridge chain: BROUTING, entries: 1, policy: ACCEPT -p ! IPv6 -i eth1 -j DROP * end of ebtables -t broute -L ***

* router traceroute **** traceroute ipv6.google.com traceroute to ipv6.google.com (2404:6800:4005:80b::2003), 30 hops max, 38 byte packets 1traceroute: sendto: Address family not supported by protocol * end of router traceroute *****

[cvmiller]

Thanks for the detailed output. I see a couple of things which don't seem quite right.

In your ip6tables, I see multiple duplicate entries which seems like a bug in v6brouter script:

Chain forwarding_rule (1 references) target prot opt source destination ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED ACCEPT ipv6-icmp anywhere anywhere mark match 0x10 ACCEPT tcp anywhere anywhere mark match 0x10 tcp dpt:ssh DROP all anywhere anywhere mark match 0x10 ACCEPT ipv6-icmp anywhere anywhere mark match 0x10 ACCEPT tcp anywhere anywhere mark match 0x10 tcp dpt:ssh DROP all anywhere anywhere mark match 0x10 ACCEPT ipv6-icmp anywhere anywhere mark match 0x10 ACCEPT tcp anywhere anywhere mark match 0x10 tcp dpt:ssh DROP all anywhere anywhere mark match 0x10

Can you tell me what version of v6brouter you are using? Latest is 2.0.1.

I don't think that will cause you problem, though.

I see what appears to be STP enabled on your bridge:

bridge name bridge id STP enabled interfaces br-lan 7fff.06a151ba6bd4 no eth0.1 wlan1 wlan0 eth1

Unless you know you have loops in your network, I would recommend disabling STP, as it will block ports, even though they appear to be "up". This may be causing your problem.

Please disable STP on your bridge, and run the latest v6brouter again.

[wang20150419]

my v6brouter version is 2.0.1 how to disabling STP ? I run "brctl stp br-lan off", and then run "v6brouter -E -F", but I still can't access ipv6 website.

[cvmiller]

Just to check STP, can you run 'brctl show' again.

I don't see the problem in your firewall, but you may want to try running v6brouter without the firewall to see if that clears your connectivity problem. Run 'v6brouter -R" to remove the v6brouter rules, and then run "v6brouter -E" to re-enable.

If you still can't connect, then I suggest running 'tcpdump" on the router WAN & LAN interface while ping6-ing from the client so that we can debug the problem. Please store the pcap files and attach to this issue.

[cvmiller]

Are you still experiencing this issue? If so, can you please provide the requested information (above). Thanks.

[cvmiller]

Closing.