IPv6 config... grmpf!
Hello *,
I have a real IPv6 /64 block and want to use it on my Hetzner Server. IPv4: 78.47.247.21 and use the IPv6: 2a01:04f8:0d12:1300::2 for the connectivity. So, I have setup the pig with --[ command 'ssh mail.tamay-dogan.net "cat /etc/network/interfaces"' ]-- auto eth0 iface eth0 inet static address 78.47.247.21 broadcast 78.47.247.31 netmask 255.255.255.240 gateway 78.47.247.17 up route add -net 78.47.247.16 netmask 255.255.255.240 gw 78.47.247.17 eth0 iface eth0 inet6 static address 2a01:04f8:0d12:1300:0000:0000:0000:0002 netmask 64 gateway 2a01:04f8:0d12:1300:0000:0000:0000:0001 up ip -6 route add 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 down ip -6 route del 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 up ip -6 route add default 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 down ip -6 route del default 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 ------------------------------------------------------------------------ --[ command 'dig ANY mail.tamay-dogan.net' ]--------------------------- ;; Truncated, retrying in TCP mode. mail.tamay-dogan.net. 3600 IN A 78.47.247.21 mail.tamay-dogan.net. 3600 IN RRSIG A 5 3 3600 20120821071637 20120722070052 6642 tamay-dogan.net. TJtmxzw7t+0UEuqKcaU0fQneRson576Jp5YKv1smztNwxQlRZY c9KcXj 9KvdxUpjzyv2sbNknxyHdeZHFexF++I9qDS/jPnWZO7Zcw4m7aVAAbFn bT30x2WrclmmGI+4EJqHX5yBL1kWxS3KQm0GvFD4XtVXeZTfr6 Lll+Bm 504= mail.tamay-dogan.net. 3600 IN AAAA 2a01:4f8:d12:1300::2 mail.tamay-dogan.net. 3600 IN RRSIG AAAA 5 3 3600 20120821071637 20120722070052 6642 tamay-dogan.net. QoCxQlXyCQlQaFWOZznVY9sNCGD6Rzggn/tmV4Lqy77fq69CAX8hwial 96UwmqFibEbsAW54Gx3JqeZCDd7ztcVhAjCnWTgzSdAljVOp7n KcmWsb bhZZpAulSJE8ijOYDU9HKbMDYL3WOaDW9T3z3yZOcHoQl6lBkZ apgDJN 6/A= mail.tamay-dogan.net. 86400 IN NSEC myspace.tamay-dogan.net. A AAAA RRSIG NSEC mail.tamay-dogan.net. 86400 IN RRSIG NSEC 5 3 86400 20120821071637 20120722070052 6642 tamay-dogan.net. g9DZhkxFmVFrfnaRdqeX5hOONChIhPuiYOCGO22sAwvnh/oyVCsC9yXC OgTuF65XlYTylmwTd5cQzifF+D1rIZbMmFJ0RaZViWxquMok3M oSOQVe XMH33l/jrpBB1P8d6MldunIy0qOZLKzYGXfMB73wNpUAF5ZK2SOWhcUX NW4= tamay-dogan.net. 3600 IN NS dns1.tamay-dogan.net. tamay-dogan.net. 3600 IN NS dns2.tamay-dogan.net. tamay-dogan.net. 3600 IN NS dns3.tamay-dogan.net. dns1.tamay-dogan.net. 3600 IN A 78.47.104.44 dns2.tamay-dogan.net. 3600 IN A 217.147.94.23 dns3.tamay-dogan.net. 3600 IN A 78.47.247.21 ------------------------------------------------------------------------ Which should be OK. However, nothing is working. Any suggestions? OK, since I have enough traffic free on the server (I use less then 5%) I wan to setup my own IPv6 Tunnel Broker, where I have found a HOWTO on the internet how to do this, becuase I wan to use a VPN to 4 MobilOffice without passing any traffic over foreign services which track down the whole network and I have some servers, which must be reachable from time to time from the Internet. so I want to setup VPNs from the MobilOffices to the Server using 1) 2a01:4f8:d12:1300::1:0-ffff 2) 2a01:4f8:d12:1300::2:0-ffff 3) 2a01:4f8:d12:1300::3:0-ffff 4) 2a01:4f8:d12:1300::4:0-ffff but first I must get the server running. Thanks, Greetings and nice Weekend Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4michelle@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
IPv6 config... grmpf!
On Fri, 10 Aug 2012, Michelle Konzack wrote:
I have a real IPv6 /64 block and want to use it on my Hetzner Server. [- Cut -] mail.tamay-dogan.net. 3600 IN AAAA 2a01:4f8:d12:1300::2 [- Cut -] Which should be OK. However, nothing is working. It looks like someone turn off ping replies, but other than that, it seems fine to me... $ traceroute6 -n 2a01:4f8:d12:1300::2 traceroute to 2a01:4f8:d12:1300::2 (2a01:4f8:d12:1300::2), 30 hops max, 80 byte packets 1 2001:470:28:8b2:7374:6465:7272:ff 0.331 ms 0.299 ms 0.284 ms 2 2001:470:27:8b2::1 31.474 ms 33.445 ms 35.688 ms 3 2001:470:0:11e::1 35.717 ms 35.717 ms 35.857 ms 4 2001:470:0:22f::1 60.849 ms 61.055 ms 61.045 ms 5 2001:7f8:1::a502:4940:1 64.532 ms 64.547 ms 64.655 ms 6 2a01:4f8:0:1::12:3 70.907 ms 71.286 ms 72.013 ms 7 2a01:4f8:0:d0:2:d:12:1 73.498 ms 63.750 ms 68.598 ms 8 * * * 9 2a01:4f8:d12:1300::2 66.107 ms 63.010 ms 63.594 ms What errors do you get? -- Povl Ole -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/alpine.DEB.2.00.1208101847010.31523@noget.stderr.d k.localdomain |
IPv6 config... grmpf!
On Fri, 10 Aug 2012, Povl Ole Haarlev Olsen wrote:
On Fri, 10 Aug 2012, Michelle Konzack wrote: I have a real IPv6 /64 block and want to use it on my Hetzner Server. [- Cut -] mail.tamay-dogan.net. 3600 IN AAAA 2a01:4f8:d12:1300::2 [- Cut -] Which should be OK. However, nothing is working. It looks like someone turn off ping replies, but other than that, it seems fine to me... I did some more tests. It looks like your mail-server isn't listening on IPv6: $ telnet 2a01:4f8:d12:1300::2 smtp Trying 2a01:4f8:d12:1300::2... telnet: Unable to connect to remote host: Connection refused But your webserver is: $ telnet 2a01:4f8:d12:1300::2 www Trying 2a01:4f8:d12:1300::2... Connected to 2a01:4f8:d12:1300::2. Escape character is '^]'. GET /IPv6-test HTTP/1.0 HTTP/1.1 404 Not Found Date: Fri, 10 Aug 2012 17:01:11 GMT Server: Apache/2.2.16 (Debian) ... <address>Apache/2.2.16 (Debian) Server at mail.tamay-dogan.net Port 80</address> </body></html> Connection closed by foreign host. -- Povl Ole -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/alpine.DEB.2.00.1208101907090.31523@noget.stderr.d k.localdomain |
IPv6 config... grmpf!
Hello Povl Ole Haarlev Olsen,
Am 2012-08-10 18:56:17, hacktest Du folgendes herunter: > It looks like someone turn off ping replies, but other than that, it > seems fine to me... > > $ traceroute6 -n 2a01:4f8:d12:1300::2 > traceroute to 2a01:4f8:d12:1300::2 (2a01:4f8:d12:1300::2), 30 hops max, 80 byte packets > 1 2001:470:28:8b2:7374:6465:7272:ff 0.331 ms 0.299 ms 0.284 ms > 2 2001:470:27:8b2::1 31.474 ms 33.445 ms 35.688 ms > 3 2001:470:0:11e::1 35.717 ms 35.717 ms 35.857 ms > 4 2001:470:0:22f::1 60.849 ms 61.055 ms 61.045 ms > 5 2001:7f8:1::a502:4940:1 64.532 ms 64.547 ms 64.655 ms > 6 2a01:4f8:0:1::12:3 70.907 ms 71.286 ms 72.013 ms > 7 2a01:4f8:0:d0:2:d:12:1 73.498 ms 63.750 ms 68.598 ms > 8 * * * > 9 2a01:4f8:d12:1300::2 66.107 ms 63.010 ms 63.594 ms OK... It seems, I can not get th IPv6 on my @office network running. > What errors do you get? "no route to host" Are the ports 993/587/25 or 80/443 accessibel via IPv6? Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4michelle@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
IPv6 config... grmpf!
Hello Povl Ole Haarlev Olsen,
Am 2012-08-10 19:10:56, hacktest Du folgendes herunter: > I did some more tests. > > It looks like your mail-server isn't listening on IPv6: > > $ telnet 2a01:4f8:d12:1300::2 smtp > Trying 2a01:4f8:d12:1300::2... > telnet: Unable to connect to remote host: Connection refused This sounds not very good... > But your webserver is: > > $ telnet 2a01:4f8:d12:1300::2 www > Trying 2a01:4f8:d12:1300::2... > Connected to 2a01:4f8:d12:1300::2. > Escape character is '^]'. > GET /IPv6-test HTTP/1.0 > > HTTP/1.1 404 Not Found > Date: Fri, 10 Aug 2012 17:01:11 GMT > Server: Apache/2.2.16 (Debian) > ... > <address>Apache/2.2.16 (Debian) Server at mail.tamay-dogan.net Port 80</address> > </body></html> > Connection closed by foreign host. OK, it semms, good. Then I have to find out, why "courier" does not like IPv6. Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4michelle@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
IPv6 config... grmpf!
Hi Michelle,
On Fri, Aug 10, 2012 at 11:25:18PM +0200, Michelle Konzack wrote: > Am 2012-08-10 18:56:17, hacktest Du folgendes herunter: > > What errors do you get? > > "no route to host" A traceroute6 or mtr output from you would be useful at this point. > Are the ports 993/587 No. > 25 or 80/443 accessibel via IPv6? Yes. Cheers, Andy |
IPv6 config... grmpf!
Hello Andy Smith,
Am 2012-08-10 21:54:49, hacktest Du folgendes herunter: > Hi Michelle, > > "no route to host" > A traceroute6 or mtr output from you would be useful at this point. I know, but it seems, I have problems in my network with IPv6. Hmm, I have setup my workstation using ond of the IPs from the /64 block of my Server-Hoster and now I need to make a VPN connection to my server to let IPv6 traffic go out via my server and not my IPv4 DSL box > > Are the ports 993/587 > No. This should now work... There where three additional setings which I have overseen. :-/ > > 25 or 80/443 accessibel via IPv6? > Yes. OK Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4michelle@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
IPv6 config... grmpf!
Hi Michelle,
On Sat, Aug 11, 2012 at 12:30:56AM +0200, Michelle Konzack wrote: > Am 2012-08-10 21:54:49, hacktest Du folgendes herunter: > > Hi Michelle, > > > "no route to host" > > A traceroute6 or mtr output from you would be useful at this point. > > I know, but it seems, I have problems in my network with IPv6. I honestly don't know how you expect anyone to help you debug why you receive "no route to host" when you provide no debug information. All we can agree is that yes, you have problems in your network. > > > Are the ports 993/587 > > No. > > This should now work... There where three > additional setings which I have overseen. :-/ Yes, they seem to be open now. Cheers, Andy |
IPv6 config... grmpf!
On Sat, 11 Aug 2012, Michelle Konzack wrote:
Am 2012-08-10 21:54:49, hacktest Du folgendes herunter: "no route to host" A traceroute6 or mtr output from you would be useful at this point. I know, but it seems, I have problems in my network with IPv6. You could try a traceroute6 from your server to ipv6.google.com or you could use Hurricane Electric's Looking Glass at http://lg.he.net/ to do a traceroute from one of their routers to your server. Unfortunately that looking glass service doesn't provide a way to test if a port on your server is open or not, but the ping and traceroute tests are a good starting point. If anyone knows a good looking glass service with a port test, I would like to know. Thanks in advance... -- Povl Ole -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/alpine.DEB.2.00.1208111635380.31523@noget.stderr.d k.localdomain |
IPv6 config... grmpf!
Hello Povl Ole Haarlev Olsen,
Am 2012-08-11 16:41:16, hacktest Du folgendes herunter: > You could try a traceroute6 from your server to ipv6.google.com or > you could use Hurricane Electric's Looking Glass at > http://lg.he.net/ to do a traceroute from one of their routers to > your server. My first Server <mail.tamay-dogan.net> seems to work now with IPv6 properly. Unfortunately, the second Server <dns1.tamay-dogan.net> currently not. I hope I can resolv this problem this weekend. However, while I use for the Server the IPv6 from <2a01:4f8:d12:1300:::0:0> to <2a01:4f8:d12:1300:::0:ffff> I have configured my <intranet1.tamay-dogan.net> subnet to use <2a01:4f8:d12:1300:::1:0> to <2a01:4f8:d12:1300:::1:ffff> but I can not establish connections between my my workstations and servers: --[ '/etc/bind/masters/net/tamay-dogan/net.tanmay-dogan.intranet1' ]-- @ 3600 IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1344640689 14400 3600 604800 86400 ) NS dns1.tamay-dogan.net. NS dns2.tamay-dogan.net. NS dns3.tamay-dogan.net. NS dns.intranet1.tamay-dogan.net. MX 10 samba.intranet1.tamay-dogan.net. intranet1.tamay-dogan.net. TXT "v=spf1 a mx ~all" www.intranet1.tamay-dogan.net. IN CNAME vserver09.tamay-dogan.net. router.intranet1.tamay-dogan.net. IN A 192.168.0.1 router.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0001 easybox-o2.intranet1.tamay-dogan.net. IN A 192.168.0.2 easybox-ortel.intranet1.tamay-dogan.net. IN A 192.168.0.3 easybox-bouygues.intranet1.tamay-dogan.net. IN A 192.168.0.4 dns.intranet1.tamay-dogan.net. IN A 192.168.0.11 dns.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0011 samba.intranet1.tamay-dogan.net. IN A 192.168.0.12 samba.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0012 work1.intranet1.tamay-dogan.net. IN A 192.168.0.13 work1.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0013 backup.intranet1.tamay-dogan.net. IN A 192.168.0.14 backup.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0014 admin.intranet1.tamay-dogan.net. IN A 192.168.0.15 admin.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0015 asterisk.intranet1.tamay-dogan.net. IN A 192.168.0.16 asterisk.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0016 pgsql.intranet1.tamay-dogan.net. IN A 192.168.0.18 pgsql.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0018 work2.intranet1.tamay-dogan.net. IN A 192.168.0.19 work2.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0019 onlinestore.intranet1.tamay-dogan.net. IN A 192.168.0.20 onlinestore.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0020 cups.intranet1.tamay-dogan.net. IN A 192.168.0.50 cups.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0050 fs3700.intranet1.tamay-dogan.net. IN A 192.168.0.51 fs3700.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0051 fs1030d.intranet1.tamay-dogan.net. IN A 192.168.0.52 fs1030d.intranet1.tamay-dogan.net. IN AAAA 2a01:04f8:0d12:1300:0000:0000:0001:0052 $include /etc/bind/master/net/tamay-dogan/Kintranet1.tamay-dogan.net.+005+55290.key $include /etc/bind/master/net/tamay-dogan/Kintranet1.tamay-dogan.net.+005+40822.key ------------------------------------------------------------------------ Is there something missing? On my Workstation it looks like: --[ '/etc/network/interfaces' ]----------------------------------------- auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.0.13 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 192.168.0.11 dns-search intranet1.tamay-dogan.net iface eth0 inet6 static address 2a01:04f8:0d12:1300:0000:0000:0001:0013 netmask 64 gateway 2a01:04f8:0d12:1300:0000:0000:0000:0001 dns-nameservers 2a01:04f8:0d12:1300:0000:0000:0001:0011 dns-search intranet1.tamay-dogan.net up ip -6 route add 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 down ip -6 route del 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 up ip -6 route add default 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 down ip -6 route del default 2a01:04f8:0d12:1300:0000:0000:0000:0001 dev eth0 ------------------------------------------------------------------------ Same on the <dns1>, <samba> and <cups> server and <work2> workstation and of course, with there own rigth IPs. If I get my local network running with IPv6, I will continue to setup the VPN between the <mail> server which then will be act like an IPv6 Broker and as Gateway... > Unfortunately that looking glass service doesn't provide a way to > test if a port on your server is open or not, but the ping and > traceroute tests are a good starting point. > > If anyone knows a good looking glass service with a port test, I > would like to know. Thanks in advance... You are not alone. I have some problems with "nmap" and IPv6. Do I need special options to check an IPv6? Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4michelle@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ |
| All times are GMT. The time now is 07:33 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.