Open GoogleCodeExporter opened 9 years ago
And syslog related to dnsmasq is:
Jul 30 12:45:17 dnsmasq[396]: started, version 2.68 cachesize 1000
Jul 30 12:45:17 dnsmasq[396]: compile time options: IPv6 GNU-getopt no-RTC
no-DBus no-i18n no-IDN DHCP DHCPv6 no-scripts TFTP no-conntrack no-ipset no-auth
Jul 30 12:45:17 dnsmasq-dhcp[396]: DHCP, IP range 192.168.1.100 --
192.168.1.250, lease time 1d
Jul 30 12:45:17 dnsmasq-dhcp[396]: DHCPv6, static leases only on ::, lease time
10m
Jul 30 12:45:17 dnsmasq-dhcp[396]: DHCP, sockets bound exclusively to interface
br0
Jul 30 12:45:17 dnsmasq[396]: read /etc/hosts - 4 addresses
Jul 30 12:45:17 dnsmasq[396]: read /etc/storage/dnsmasq/hosts - 0 addresses
Jul 30 12:45:18 kernel: Ralink HW NAT v2.50.7 Module Enabled, ASIC: RT3883,
REV: 0105, FoE Size: 16384
Jul 30 12:45:18 RT-N56U: Hardware NAT/Routing: Enabled, IPoE/PPPoE offload
[WAN]<->[LAN/WLAN]
Jul 30 12:45:18 RT-N56U: Hardware NAT/Routing: IPv4 UDP flow offload - OFF
Jul 30 12:45:18 RT-N56U: Hardware NAT/Routing: IPv6 routes offload - OFF
Jul 30 12:45:18 kernel: eth3: ===> VirtualIF_open
Jul 30 12:45:18 dnsmasq[396]: read /etc/hosts - 4 addresses
Jul 30 12:45:18 dnsmasq[396]: read /etc/storage/dnsmasq/hosts - 0 addresses
Jul 30 12:45:18 dnsmasq[396]: using nameserver 2001:470:20::2#53
Jul 30 12:45:18 dnsmasq[396]: using nameserver 8.8.8.8#53
Jul 30 12:45:18 DHCP WAN Client: starting on eth3 ...
Jul 30 12:45:19 kernel: br0: port 4(rai1) entering forwarding state
Jul 30 12:45:19 kernel: br0: port 3(rai0) entering forwarding state
Jul 30 12:45:19 kernel: br0: port 2(ra0) entering forwarding state
Jul 30 12:45:19 kernel: br0: port 1(eth2) entering forwarding state
Jul 30 12:45:20 DHCPv6 WAN Client: starting on wan (eth3) ...
Jul 30 12:45:20 dhcp6c[443]: started
Jul 30 12:45:20 DHCP WAN Client: bound (eth3), IP: 192.168.2.11, GW:
192.168.2.1, lease time: 7200
Jul 30 12:45:20 RT-N56U: WAN up (eth3)
Jul 30 12:45:20 dnsmasq[396]: read /etc/hosts - 4 addresses
Jul 30 12:45:20 dnsmasq[396]: read /etc/storage/dnsmasq/hosts - 0 addresses
Jul 30 12:45:20 dnsmasq[396]: using nameserver 2001:470:20::2#53
Jul 30 12:45:20 dnsmasq[396]: using nameserver 8.8.8.8#53
Jul 30 12:45:21 dropbear[465]: Running in background
Jul 30 12:45:25 kernel: icmpv6_send: no reply to icmp error
Original comment by DOSSTO...@gmail.com
on 30 Jul 2014 at 4:51
The site you use for access is on WAN or LAN side?
There is no NAT in v6 but firewall still required. See ip6tables rules.
Original comment by d...@soulblader.com
on 3 Aug 2014 at 7:52
The site is ipv6.google.com and ftp.ipv6.heanet.ie, both are on WAN side.
and I did not set ip6tables rules, they all keep default, rules are here:
/home/root # ip6tables-save
# Generated by ip6tables-save v1.4.16.3 on Mon Aug 4 10:53:51 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [24:1700]
:OUTPUT ACCEPT [52:6458]
:logaccept - [0:0]
:logdrop - [0:0]
:maclist - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 ! --icmpv6-type 128 -j ACCEPT
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -d ff00::/8 -j ACCEPT
-A INPUT -p udp -m udp --dport 546 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT "
--log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence
--log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Mon Aug 4 10:53:51 2014
Original comment by DOSSTO...@gmail.com
on 4 Aug 2014 at 3:16
[deleted comment]
[deleted comment]
Yes, sorry, haven't understood you correctly.
It seems you're trying to set wrong default gateway.
On the router look for WAN address:
# ip -o -f inet6 addr show eth3
xxxx:xxxx:xxxx:xxxx:xxmm:mmmm (m - last 3 octets of eth3 mac address)
look for lan address on the same network:
# ip -o -f inet6 addr show br0
It should be the same, except mac address part (br0 mac address). This address
should set it as a default gateway on local machine.
ip address on local machine should be the same as above, except mac address
part (interface on local machine)
Original comment by d...@soulblader.com
on 4 Aug 2014 at 6:28
Thanks for the reply, I tried some different configurations, and messed the
results with configurations.
What I set now is:
IPv6 Connection Type: Native DHCPv6
WAN Connection Type: IPoE: Automatic IP
Get WAN IPv6 Address From Source: Stateless: Router Advertisement
Get DNSv6 Servers Automatically? Yes
Get LAN IPv6 Address via DHCPv6 (IA-PD)? Yes
Enable LAN Router Advertisement? Yes
Enable LAN DHCPv6 Server (Stateless only)? Yes
and the ip commands is:
/home/root # ip -o -f inet6 addr show eth3
3: eth3 inet6 2001:250:401:8025:4216:7eff:feMM:MMMM/64 scope global dynamic
\ valid_lft 2591858sec preferred_lft 604658sec
3: eth3 inet6 fe80::4216:7eff:feMM:MMMM/64 scope link \ valid_lft
forever preferred_lft forever
/home/root # ip -o -f inet6 addr show br0
7: br0 inet6 fe80::4216:7eff:feMM:MMMM/64 scope link \ valid_lft
forever preferred_lft forever
What local machine get its address is:
Link-local IPv6 Address . . . . . : fe80::dcc0:e21e:1452:952b%42
Which is the br0(LAN side) cannot get the same prefix like eth3(WAN side).
Something like my ISP doesn't support Prefix Delegation, if I disabled IA-PD, I
have to manually set the address, but the router seems confused with the same
prefix.
Original comment by DOSSTO...@gmail.com
on 5 Aug 2014 at 3:00
Not quite correct...
Local machine doesn't get an address: fe80::dcc0:e21e:1452:952b%42, but it set
it itself.
(http://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-re
gistry.xhtml#iana-ipv6-special-registry-1). It is required by protocol for
neighborhood discovery etc..
It seems there should be at least another address on br0 scope global. And then
on local machine from the same network.
A default route on local machine can be fe80::4216:7eff:feMM:MMMM%42 (not sure
about zone indices in Windows)
Original comment by d...@soulblader.com
on 5 Aug 2014 at 7:35
Thanks for the reply.
I contacted my network provider, they said the network use SLAAC, GATEWAY have
a /64 scope, and use RA to announce the /64prefix, after combining self
generated remaining 64bit address, WAN got its IPv6 address.
Also, I asked some people that also use this network, the solution they have is
either bridge WAN+LAN and ebtables filter IPv6 traffic, or use packages that
have NDP. ebtables seems not a good choice since I haven't found broute
chain... I'll download ndppd package and have a look.
Original comment by DOSSTO...@gmail.com
on 6 Aug 2014 at 1:13
Tried wide-dhcpv6 packages, isc-dhcp-relay-ipv6, none of them seems working(LAN
got nothing)
isc-dhcp-relay-ipv6 always report I need one lower and one upper stream even if
I give it through commandline options.
ndppd, is working in someway, I have to first set static to my
WAN: PREFIX:1/96
GW: PREFIX::1
and set LAN: PREFIX:4321::1/64, enable RA, but not DHCPv6 Server.
and start ndppd.
The disadvantage is obvious: anyone with LAN prefix that on WAN side is
inaccessible, anyone with WAN prefix but in LAN side is also inaccessible. And,
the gateway of LAN's clients should be set to PREFIX:4321::1 not PREFIX::1
reference is :
http://blog.asxzy.net/blog/2011/12/23/three-ways-to-make-ipv6-gateway-openwrt/
(in Chinese)
BTW, is that possible to intergrate ndppd when compile the firmware, or if I
want to add some softwares in firmware, which files should I change?
Original comment by DOSSTO...@gmail.com
on 9 Aug 2014 at 4:06
Issue 1315 has been merged into this issue.
Original comment by d...@soulblader.com
on 17 Aug 2014 at 11:49
Original issue reported on code.google.com by
DOSSTO...@gmail.com
on 30 Jul 2014 at 4:41