[rlug] Webserver pe IPv6

Mihai Osian mihai.osian at gmail.com
Tue Dec 31 17:08:24 EET 2019 

   Salut,

   Am un home server pe care vreau sa il fac vizibil pe ipv6 (din motiv 
de prea mult timp liber de sarbatori). Serverul e situat in spatele unui 
router Asus RT-AC68U cu firmware Asuswrt-Merlin. Am configurat atat 
routerul cat si serverul dupa puterile mele, rezultatul fiind ceva de 
genul (copy-paste din ce raporteaza routerul):

    IPv6 Connection Type: Native with DHCP-PD
    *WAN IPv6 Address: 2a02:181f:zzz:d0b3*
    WAN IPv6 Gateway: fe80::217:10ff:fe87:a589
    *LAN IPv6 Address: 2a02:1807:xxx:yyy::1/56*
    LAN IPv6 link-local Address: fe80::e23f:49ff:fe24:68a8/64
    DHCP-PD: Enabled
    *LAN IPv6 Prefix: 2a02:1807:xxx:yyy::/56*

Partea cu 2a02:1807:xxx:yyy::/56 e obtinuta prin DHCP6 si corespunde cu 
ce mi-a comunicat ISP-ul ca ar fi adresa mea statica IPv6.*
*


Serverul in sine e o mashina virtuala (bsd jail) care ruleaza pe FreeBSD 
si e configurat static:

    root at erebus:/ # ifconfig
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
             inet6 ::1 prefixlen 128
             inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
             inet 127.0.0.1 netmask 0xff000000
             nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
             groups: lo
    epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
    mtu 1500
             options=8<VLAN_MTU>
             ether 08:62:66:2d:5e:24
             hwaddr 02:9d:d0:00:09:0b
             inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
    *        inet6 2a02:1807:xxx:yyy::3 prefixlen 56*
             nd6 options=1<PERFORMNUD>
             media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
             status: active
             groups: epair

Baiul este ca routerul nu pare sa faca forward la pachetele din 
exterior. Folosind http://nl.traceroute6.net, ping6 imi zice asa:

    2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes
     From *2a02:181f:zzz:d0b3* icmp_seq=2 Destination unreachable:
    Address unreachable
     From *2a02:181f:zzz:d0b3* icmp_seq=3 Destination unreachable:
    Address unreachable
     From *2a02:181f:zzz:d0b3* icmp_seq=5 Destination unreachable:
    Address unreachable

    --- 2a02:1807:xxx:yyy::3 ping statistics ---
    5 packets transmitted, 0 received, +3 errors, 100% packet loss, time
    4000ms

Adresa 2a02:181f:zzz:d0b3 e routerul insusi (IP-ul extern). Pot sa fac 
ping6 cu succes de la router la server, de la statia mea de lucru la 
server, de la server la orice adresa ipv6 interna/externa, dar nu din 
exterior la server. Deci pare sa fie ceva legat de forwarding. Routerul 
are un firewall ipv6 pe care l-am inspectat atat din gui cat si din 
linia de comanda (ip6tables) si pare ok - are forwarding la adresa ipv6 
a serverului meu.


Ce ma nelamureste cu adevarat este urmatoarea chestie:

1. ma conectez la router si dau din linia de comanda ping6 la serverul meu:

    admin at RT-AC68U-68A8:/proc/sys/net/ipv6/conf# ping6 2a02:1807:xxx:yyy::3
    PING 2a02:1807:xxx:yyy::3 (2a02:1807:xxx:yyy::3): 56 data bytes
    64 bytes from 2a02:1807:xxx:yyy::3: seq=0 ttl=64 time=5.275 ms
    64 bytes from 2a02:1807:xxx:yyy::3: seq=1 ttl=64 time=0.472 ms

2. opresc ping6 de pe router

3. in decurs de cateva secunde, ma duc la http://nl.traceroute6.net, dau 
ping6 la serverul meu si functioneaza:

    PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes

    64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=1 ttl=53 time=20.5 ms
    64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=2 ttl=54 time=20.9 ms
    64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=3 ttl=54 time=21.7 ms
      

Am verificat si cu alte tool-uri online si porturile porturile 80 si 443 
(http/https) sunt de asemenea accesibile.

4. Insa nici ping6 nici http-ul nu functioneaza pentru mult timp - in 
decurs de 10 secunde situatia revine la "Destination unreachable: 
Address unreachable".


Am inspectat /proc/sys/net/ipv6/conf/*/forwarding de pe router si toate 
interfetele au forwarding pe 1, cu exceptia interfetei WAN, care e pe 0. 
Daca o pun pe 1:

     admin at RT-AC68U-68A8:/proc/sys/net/ipv6/conf# echo 1 > ./eth0/forwarding

atunci http://nl.traceroute6.net zice scurt:

    PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes

    --- 2a02:1807:xxx:yyy::3 ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4000ms


Nu ma pricep la IPv6. Stie cineva sa imi dea un indiciu ce am configurat 
aiurea ? Routerul e un embedded Linux, pot sa verific din linia de 
comanda toate setarile.

Multumesc,
Mihai

More information about the RLUG mailing list