Hello
I have an IPv6 PD from my upstream and a getting the correct address on my clients on lan.
But cannot ping the upstream router from lan, I can ping it from the wan (eth 0.2)
It seems like the Lan is not forwarding to the wan correctly when using IPv6 PD
Here are my pings
From wan:
root@OpenWrt:~# ping 2602:XXXX:1::5
PING 2602:XXXX:1::5 (2602:XXXX:1::5): 56 data bytes
64 bytes from 2602:XXXX:1::5: seq=0 ttl=62 time=1.829 ms
64 bytes from 2602:XXXX:1::5: seq=1 ttl=63 time=1.057 ms
64 bytes from 2602:XXXX:1::5: seq=2 ttl=63 time=1.122 ms
^C
--- 2602:XXXX:1::5 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.057/1.336/1.829 ms
root@OpenWrt:~# ping -I eth0.2 2602:XXXX:1::5
PING 2602:XXXX:1::5 (2602:XXXX:1::5): 56 data bytes
64 bytes from 2602:XXXX:1::5: seq=0 ttl=63 time=1.211 ms
64 bytes from 2602:XXXX:1::5: seq=1 ttl=63 time=1.005 ms
64 bytes from 2602:XXXX:1::5: seq=2 ttl=63 time=1.083 ms
64 bytes from 2602:XXXX:1::5: seq=3 ttl=63 time=1.080 ms
^C
--- 2602:XXXX:1::5 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.005/1.094/1.211 ms
root@OpenWrt:~#
From br-lan:
root@OpenWrt:~# ping -I br-lan 2602:XXXX:1::5
PING 2602:XXXX:1::5 (2602:XXXX:1::5): 56 data bytes
ping: sendto: Permission denied
From Client:
C:\Users\username>ping 2602:XXXX:1::5 -t
Pinging 2602:XXXX:1::5 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
what may be wrong?
Thanks
Here is wan6 ifstatus:
root@OpenWrt:~# ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 1254,
"l3_device": "eth0.2",
"proto": "dhcpv6",
"device": "eth0.2",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
],
"ipv6-prefix": [
{
"address": "2602:XXXX:1001::",
"mask": 56,
"preferred": 232026,
"valid": 257946,
"class": "wan6",
"assigned": {
"lan": {
"address": "2602:XXXX:1001::",
"mask": 64
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"valid": 2591959,
"source": "::/0"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::4a8f:5aff:fe12:4f72",
"metric": 512,
"valid": 1759,
"source": "2602:XXXX:1001::/56"
}
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
}
}
dhcp output:
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'server'
option ra_management '1'
option dhcpv6 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
Here is lan ifstatus:
root@OpenWrt:~# ifstatus lan
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 1375,
"l3_device": "br-lan",
"proto": "static",
"device": "br-lan",
"updated": [
"addresses"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "192.168.1.1",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
{
"address": "2602:XXXX:1001::",
"mask": 64,
"preferred": 231911,
"valid": 257831,
"local-address": {
"address": "2602:XXXX:1001::1",
"mask": 64
}
},
{
"address": "fd10:255e:6822::",
"mask": 64,
"local-address": {
"address": "fd10:255e:6822::1",
"mask": 64
}
}
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
}
}
firewall :
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option dest 'wan'
option src 'lan'
option target 'ACCEPT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
route:
router total ifconfig:
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 78:A3:51:62:70:CA
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2602:XXXX:1001::1/64 Scope:Global
inet6 addr: fe80::7aa3:51ff:fe62:70ca/64 Scope:Link
inet6 addr: fd10:255e:6822::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32574 errors:0 dropped:0 overruns:0 frame:0
TX packets:29525 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2741502 (2.6 MiB) TX bytes:3140019 (2.9 MiB)
eth0 Link encap:Ethernet HWaddr 78:A3:51:62:70:CA
inet6 addr: fe80::7aa3:51ff:fe62:70ca/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33430 errors:0 dropped:2 overruns:0 frame:0
TX packets:30089 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3410200 (3.2 MiB) TX bytes:3551520 (3.3 MiB)
Interrupt:22
eth0.1 Link encap:Ethernet HWaddr 78:A3:51:62:70:CA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32576 errors:0 dropped:1 overruns:0 frame:0
TX packets:29525 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2741691 (2.6 MiB) TX bytes:3140019 (2.9 MiB)
eth0.2 Link encap:Ethernet HWaddr 78:A3:51:62:70:CB
inet6 addr: fe80::7aa3:51ff:fe62:70cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:345 errors:0 dropped:48 overruns:0 frame:0
TX packets:495 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31262 (30.5 KiB) TX bytes:163245 (159.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:460 errors:0 dropped:0 overruns:0 frame:0
TX packets:460 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36922 (36.0 KiB) TX bytes:36922 (36.0 KiB)
Luci output for ifconfig:
WAN6
eth0.2
Protocol: DHCPv6 client
Uptime: 0h 1m 16s
MAC: 78:A3:51:62:70:CB
RX: 2.82 KB (29 Pkts.)
TX: 10.93 KB (42 Pkts.)
IPv6-PD: 2602:XXXX:1001::/56
LAN
br-lan
Protocol: Static address
Uptime: 0h 29m 25s
MAC: 78:A3:51:62:70:CA
RX: 3.28 MB (38664 Pkts.)
TX: 3.94 MB (35622 Pkts.)
IPv4: 192.168.1.1/24
IPv6: 2602:XXXX:1001::1/64
IPv6: fd10:255e:6822::1/64
client ipconfig:
Ethernet adapter Ethernet 4:
Connection-specific DNS Suffix . : lan
IPv6 Address. . . . . . . . . . . : 2602:XXXX:1001::516
IPv6 Address. . . . . . . . . . . : 2602:XXXX:1001:0:9cXX:XXXX:XX93:2906
IPv6 Address. . . . . . . . . . . : fd10:255e:6822::516
IPv6 Address. . . . . . . . . . . : fd10:255e:6822:0:9cXX:XXXX:XX93:2906
Temporary IPv6 Address. . . . . . : 2602:XXXX:1001:0:5d60:f7b9:90a8:8c19
Temporary IPv6 Address. . . . . . : fd10:255e:6822:0:5d60:f7b9:90a8:8c19
Link-local IPv6 Address . . . . . : fe80::9cXX:XXXX:XX93:2906%19
IPv4 Address. . . . . . . . . . . : 192.168.1.220
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : ::
fe80::7aa3:51ff:fe62:70ca%19
192.168.1.1
and device and software if needed:
System
Hostname OpenWrt
Model ZBT-WG2626
Architecture MediaTek MT7621 ver:1 eco:3
Firmware Version OpenWrt 19.07.6 r11278-8055e38794 / LuCI openwrt-19.07 branch git-21.018.57536-6ba9740
Thanks again.