I am using Open Wrt on Netgear R6220. I am using for load Balancing with 2 different ISP fibre connections. The IPv4 works fine and Internet is live. While the IPv6 shows No Internet access on my PC's network adapter properties. While when I connect the PC directly to the Fibre ONT-Router, the IPv6 also shows Internet access.
Thanks @vgaetera for the quick response. I am unable to assign metric to the wan6 and wanc6 interfaces
root@OpenWrt:~# uci show network.wan6
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
Perhaps I should rephrase my problem. I believe that the probable reason for IPv6 not working on my Open Wrt router is that I am not able to assign a Metric value to the IPv6 interfaces. This can be seen in my mwan3 Interface table.
So, @vgaetera @trendy or anyone, I would we very thankful if someone could help me with assigning metric values to my IPv6 interfaces.
Thanks
uci set network.wan6.metric="10"
uci set network.wanb6.metric="20"
uci set network.wanc6.metric="30"
uci commit network
/etc/init.d/network restart
1 Like
Thanks for the reply. So. if I am getting it right, the IPv6 interfaces (wan6, wanb6, wanc6) would have the same metric as the corresponding IPv4 interfaces (wan, wanb and wanc respectively). I'll try that and get back.
Hello again. I was able to assign metric values as suggested by @vgaetera . It reflects in the mwan3 interface list.
I am able to ping Opnewrt.org through IPv6. But my PC still shows No Internet access for IPv6 connectivity.
1 Like
Hello again. I tried the instructions on this page. I don't know whether I have been able to do it correctly. But, still nothing changed. PC still shows no internet access for IPv6.
1 Like
Collect the diagnostics and post it to pastebin.com redacting the private parts:
ubus call system board; uci show network; uci show dhcp; uci show firewall; \
ip address show; ip route show table all; ip -6 rule show; ip6tables-save -c
1 Like
Your NAT6 table is empty, try the simplified method:
https://openwrt.org/docs/guide-user/network/ipv6/ipv6.nat6#nat6_simplified
1 Like
I did it as per the guide.
root@OpenWrt:~# cat << "EOF" > /etc/firewall.nat6
> sed -e "/\s[DS]NAT\s/d;/\s--match-set\s\S*/s//\06/" \
> ip6tables-restore -T nat
> EOF
root@OpenWrt:~# cat << "EOF" >> /etc/sysupgrade.conf
> /etc/firewall.nat6
> EOF
root@OpenWrt:~# uci -q delete firewall.nat6
root@OpenWrt:~# uci set firewall.nat6="include"
root@OpenWrt:~# uci set firewall.nat6.path="/etc/firewall.nat6"
root@OpenWrt:~# uci set firewall.nat6.reload="1"
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart
Warning: Option @zone[1].masq6 is unknown
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 nat table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Redirect 'Linphone'
* Forward 'lan' -> 'wan'
* Forward 'wan' -> 'lan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Redirect 'Linphone'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 raw table
* Zone 'lan'
- Using automatic conntrack helper attachment
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Forward 'lan' -> 'wan'
* Forward 'wan' -> 'lan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Flushing conntrack: 2001:4490:4409:5503:7ea9:6bff:fe37:282e
* Flushing conntrack: 2001:4490:4409:5209:7ea9:6bff:fe37:282e
* Flushing conntrack: 2001:4490:4409:5503:7ea9:6bff:fe37:282e
* Flushing conntrack: 2001:4490:4409:5209:7ea9:6bff:fe37:282e
* Flushing conntrack: 2001:4490:4409:5503:7ea9:6bff:fe37:282e
* Flushing conntrack: 2001:4490:4409:5209:7ea9:6bff:fe37:282e
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/etc/firewall.nat6'
sed: unrecognized option: T
BusyBox v1.30.1 () multi-call binary.
Usage: sed [-i[SFX]] [-nrE] [-f FILE]... [-e CMD]... [FILE]...
or: sed [-i[SFX]] [-nrE] CMD [FILE]...
-e CMD Add CMD to sed commands to be executed
-f FILE Add FILE contents to sed commands to be executed
-i[SFX] Edit files in-place (otherwise sends to stdout)
Optionally back files up, appending SFX
-n Suppress automatic printing of pattern space
-r,-E Use extended regex syntax
If no -e or -f, the first non-option argument is the sed command string.
Remaining arguments are input files (stdin if none).
! Failed with exit code 1
Something doesn't seem right here.
1 Like
iptables-save -t nat
What is the output?
Here.
root@OpenWrt:~# iptables-save -t nat
# Generated by iptables-save v1.8.3 on Sat May 15 01:50:29 2021
*nat
:PREROUTING ACCEPT [13182:2005680]
:INPUT ACCEPT [1873:128489]
:OUTPUT ACCEPT [9485:787749]
:POSTROUTING ACCEPT [6:674]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.3 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.4 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.3 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.4 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.187/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.29.13/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.4.4/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.100.2/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.100.4/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -s 192.168.4.1/32 -p udp -m udp --dport 21 -m mac --mac-source B4:6E:08:93:57:C2 -m comment --comment "!fw3: Linphone" -j DNAT --to-destination 192.168.0.187:21
COMMIT
# Completed on Sat May 15 01:50:29 2021
1 Like
You've missed the second line and the pipes.
Copy-paste the entire block of code as-is.
Thanks and Sorry.
I have done as you asked . I again checked for the output of `iptables-save -t nat.
Here is the entire operation`:
root@OpenWrt:~# cat << "EOF" > /etc/firewall.nat6
> iptables-save -t nat \
> | sed -e "/\s[DS]NAT\s/d;/\s--match-set\s\S*/s//\06/" \
> | ip6tables-restore -T nat
> EOF
root@OpenWrt:~# iptables-save -t nat
# Generated by iptables-save v1.8.3 on Sun May 16 01:49:23 2021
*nat
:PREROUTING ACCEPT [26429:4332880]
:INPUT ACCEPT [3335:232512]
:OUTPUT ACCEPT [21743:1801646]
:POSTROUTING ACCEPT [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.3 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.4 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.3 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.4 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.187/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.29.13/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.4.4/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.100.2/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_lan_prerouting -s 192.168.0.0/24 -d 192.168.100.4/32 -p udp -m udp --dport 21 -m comment --comment "!fw3: Linphone (reflection)" -j DNAT --to-destination 192.168.0.187:21
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -s 192.168.4.1/32 -p udp -m udp --dport 21 -m mac --mac-source B4:6E:08:93:57:C2 -m comment --comment "!fw3: Linphone" -j DNAT --to-destination 192.168.0.187:21
COMMIT
# Completed on Sun May 16 01:49:23 2021
1 Like
If the issue persists, disable source routing:
uci set network.wan6.sourcefilter="0"
uci set network.wanb6.sourcefilter="0"
uci set network.wanc6.sourcefilter="0"
uci commit network
/etc/init.d/network restart
Also check NAT6 table:
ip6tables-save -c -t nat
I have done that. Still it does not seem to have worked.
Here' s the output of ip6tables-save -c -t nat
root@OpenWrt:~# ip6tables-save -c -t nat
# Generated by ip6tables-save v1.8.3 on Mon May 17 02:21:17 2021
*nat
:PREROUTING ACCEPT [1142:95532]
:INPUT ACCEPT [49:4479]
:OUTPUT ACCEPT [139:13683]
:POSTROUTING ACCEPT [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[1142:95532] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule ch ain" -j prerouting_rule
[1126:92740] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_pre routing
[0:0] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
[0:0] -A PREROUTING -i eth0.3 -m comment --comment "!fw3" -j zone_wan_prerouting
[16:2792] -A PREROUTING -i eth0.4 -m comment --comment "!fw3" -j zone_wan_prerou ting
[1194:89735] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[0:0] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouti ng
[1007:74140] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_po strouting
[187:15595] -A POSTROUTING -o eth0.3 -m comment --comment "!fw3" -j zone_wan_pos trouting
[0:0] -A POSTROUTING -o eth0.4 -m comment --comment "!fw3" -j zone_wan_postrouti ng
[0:0] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[1126:92740] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prero uting rule chain" -j prerouting_lan_rule
[1194:89735] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan post routing rule chain" -j postrouting_wan_rule
[1194:89735] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[16:2792] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouti ng rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Mon May 17 02:21:17 2021
1 Like
The rest is likely related to the mwan3 settings which I'm not familiar with.
Perhaps @trendy has some idea how to proceed.
1 Like