[rlug] Webserver pe IPv6

Petru Rațiu rpetre at gmail.com
Tue Dec 31 17:52:57 EET 2019 

De ip6tables n-ai zis nimic...

On Tue, 31 Dec 2019, 17:15 Mihai Osian, <mihai.osian at gmail.com> wrote:

>    Salut,
>
>    Am un home server pe care vreau sa il fac vizibil pe ipv6 (din motiv
> de prea mult timp liber de sarbatori). Serverul e situat in spatele unui
> router Asus RT-AC68U cu firmware Asuswrt-Merlin. Am configurat atat
> routerul cat si serverul dupa puterile mele, rezultatul fiind ceva de
> genul (copy-paste din ce raporteaza routerul):
>
>     IPv6 Connection Type: Native with DHCP-PD
>     *WAN IPv6 Address: 2a02:181f:zzz:d0b3*
>     WAN IPv6 Gateway: fe80::217:10ff:fe87:a589
>     *LAN IPv6 Address: 2a02:1807:xxx:yyy::1/56*
>     LAN IPv6 link-local Address: fe80::e23f:49ff:fe24:68a8/64
>     DHCP-PD: Enabled
>     *LAN IPv6 Prefix: 2a02:1807:xxx:yyy::/56*
>
> Partea cu 2a02:1807:xxx:yyy::/56 e obtinuta prin DHCP6 si corespunde cu
> ce mi-a comunicat ISP-ul ca ar fi adresa mea statica IPv6.*
> *
>
>
> Serverul in sine e o mashina virtuala (bsd jail) care ruleaza pe FreeBSD
> si e configurat static:
>
>     root at erebus:/ # ifconfig
>     lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>     options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>              inet6 ::1 prefixlen 128
>              inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>              inet 127.0.0.1 netmask 0xff000000
>              nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>              groups: lo
>     epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
>     mtu 1500
>              options=8<VLAN_MTU>
>              ether 08:62:66:2d:5e:24
>              hwaddr 02:9d:d0:00:09:0b
>              inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
>     *        inet6 2a02:1807:xxx:yyy::3 prefixlen 56*
>              nd6 options=1<PERFORMNUD>
>              media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
>              status: active
>              groups: epair
>
> Baiul este ca routerul nu pare sa faca forward la pachetele din
> exterior. Folosind http://nl.traceroute6.net, ping6 imi zice asa:
>
>     2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes
>      From *2a02:181f:zzz:d0b3* icmp_seq=2 Destination unreachable:
>     Address unreachable
>      From *2a02:181f:zzz:d0b3* icmp_seq=3 Destination unreachable:
>     Address unreachable
>      From *2a02:181f:zzz:d0b3* icmp_seq=5 Destination unreachable:
>     Address unreachable
>
>     --- 2a02:1807:xxx:yyy::3 ping statistics ---
>     5 packets transmitted, 0 received, +3 errors, 100% packet loss, time
>     4000ms
>
> Adresa 2a02:181f:zzz:d0b3 e routerul insusi (IP-ul extern). Pot sa fac
> ping6 cu succes de la router la server, de la statia mea de lucru la
> server, de la server la orice adresa ipv6 interna/externa, dar nu din
> exterior la server. Deci pare sa fie ceva legat de forwarding. Routerul
> are un firewall ipv6 pe care l-am inspectat atat din gui cat si din
> linia de comanda (ip6tables) si pare ok - are forwarding la adresa ipv6
> a serverului meu.
>
>
> Ce ma nelamureste cu adevarat este urmatoarea chestie:
>
> 1. ma conectez la router si dau din linia de comanda ping6 la serverul meu:
>
>     admin at RT-AC68U-68A8:/proc/sys/net/ipv6/conf# ping6
> 2a02:1807:xxx:yyy::3
>     PING 2a02:1807:xxx:yyy::3 (2a02:1807:xxx:yyy::3): 56 data bytes
>     64 bytes from 2a02:1807:xxx:yyy::3: seq=0 ttl=64 time=5.275 ms
>     64 bytes from 2a02:1807:xxx:yyy::3: seq=1 ttl=64 time=0.472 ms
>
> 2. opresc ping6 de pe router
>
> 3. in decurs de cateva secunde, ma duc la http://nl.traceroute6.net, dau
> ping6 la serverul meu si functioneaza:
>
>     PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes
>
>     64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=1 ttl=53 time=20.5 ms
>     64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=2 ttl=54 time=20.9 ms
>     64 bytes from 2a02:1807:xxx:yyy::3: icmp_seq=3 ttl=54 time=21.7 ms
>
>
> Am verificat si cu alte tool-uri online si porturile porturile 80 si 443
> (http/https) sunt de asemenea accesibile.
>
> 4. Insa nici ping6 nici http-ul nu functioneaza pentru mult timp - in
> decurs de 10 secunde situatia revine la "Destination unreachable:
> Address unreachable".
>
>
> Am inspectat /proc/sys/net/ipv6/conf/*/forwarding de pe router si toate
> interfetele au forwarding pe 1, cu exceptia interfetei WAN, care e pe 0.
> Daca o pun pe 1:
>
>      admin at RT-AC68U-68A8:/proc/sys/net/ipv6/conf# echo 1 >
> ./eth0/forwarding
>
> atunci http://nl.traceroute6.net zice scurt:
>
>     PING 2a02:1807:xxx:yyy::3(2a02:1807:xxx:yyy::3) 56 data bytes
>
>     --- 2a02:1807:xxx:yyy::3 ping statistics ---
>     5 packets transmitted, 0 received, 100% packet loss, time 4000ms
>
>
> Nu ma pricep la IPv6. Stie cineva sa imi dea un indiciu ce am configurat
> aiurea ? Routerul e un embedded Linux, pot sa verific din linia de
> comanda toate setarile.
>
> Multumesc,
> Mihai
>
>
>
>
>
>
>
>
>
> _______________________________________________
> RLUG mailing list
> RLUG at lists.lug.ro
> http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro
>

More information about the RLUG mailing list