Hello all,
i have played arround to get ipv6 running in my LAN, and now i have problem with the lan port connection
my configuration is:
openwrt on linksys wrt 1200acs (v2)
wan and wan6 -> zone wan
lan1...4 radio0, radio 1 -> zone Lan
see config bolow ...
now i have strange problem:
--- whats working
every device connected via wifi, on 2ghz or 5 ghz working fine !!!
ipv4 connection fine,
ipv6 connection also quite fine, im getting 16/20 points on ipv6 test
the 4 missing points are from:
Your router or firewall is filtering ICMPv6 messages sent to your computer. An IPv6 host that cannot receive ICMP messages may encounter problems like some web pages loading partially or not at all.
--- whats not working
every device connected via lan (im only using lan1, there is a big switch behind lan1) im getting no connection to anywhere. Not on ipv4 neither on ipv6!
form linux machine connected via lan:
#>ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether ec:a8:6b:fe:09:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.201/16 brd 192.168.255.255 scope global dynamic eno1
valid_lft 230sec preferred_lft 230sec
inet6 2axx:xxxx:xxxx:aaaa::451/128 scope global dynamic
valid_lft 42646sec preferred_lft 42646sec
inet6 2axx:xxxx:xxxx:bbbb::451/128 scope global dynamic
valid_lft 42646sec preferred_lft 42646sec
inet6 fe80::eea8:6bff:fefe:980/64 scope link
valid_lft forever preferred_lft forever
3: br-9db5b1f91c0e: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:f8:e9:02:82 brd ff:ff:ff:ff:ff:ff
inet 172.26.0.1/16 brd 172.26.255.255 scope global br-9db5b1f91c0e
valid_lft forever preferred_lft forever
4: br-b83bb6f5fe3d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:bb:b8:b1:3f brd ff:ff:ff:ff:ff:ff
inet 172.27.0.1/16 brd 172.27.255.255 scope global br-b83bb6f5fe3d
valid_lft forever preferred_lft forever
inet6 fe80::42:bbff:feb8:b13f/64 scope link
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:c7:da:56:6d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
7: veth52691a0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-b83bb6f5fe3d state UP group default
link/ether 12:fb:cc:2d:1b:2d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::10fb:ccff:fe2d:1b2d/64 scope link
valid_lft forever preferred_lft forever
so prefix delegation looks like working.
also dns lookups looks like it working:
#>Server: 192.168.10.200
Address: 192.168.10.200#53
Non-authoritative answer:
Name: www.google.de
Address: 142.251.36.227
Name: www.google.de
Address: 2a00:1450:4016:80b::2003
also icmp:
#>ping -4 www.google.com
PING www.google.com (142.251.36.196) 56(84) bytes of data.
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=1 ttl=117 time=15.1 ms
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=2 ttl=117 time=7.96 ms
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=3 ttl=117 time=9.26 ms
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=4 ttl=117 time=8.38 ms
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=5 ttl=117 time=10.2 ms
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=6 ttl=117 time=11.6 ms
64 bytes from muc12s12-in-f4.1e100.net (142.251.36.196): icmp_seq=7 ttl=117 time=8.79 ms
#>ping -6 www.google.com
PING www.google.com(muc11s27-in-x04.1e100.net (2a00:1450:4016:80c::2004)) 56 data bytes
64 bytes from muc11s27-in-x04.1e100.net (2a00:1450:4016:80c::2004): icmp_seq=1 ttl=118 time=17.4 ms
64 bytes from muc11s27-in-x04.1e100.net (2a00:1450:4016:80c::2004): icmp_seq=2 ttl=118 time=9.41 ms
64 bytes from muc11s27-in-x04.1e100.net (2a00:1450:4016:80c::2004): icmp_seq=3 ttl=118 time=9.60 ms
64 bytes from muc11s27-in-x04.1e100.net (2a00:1450:4016:80c::2004): icmp_seq=4 ttl=118 time=9.05 ms
64 bytes from muc11s27-in-x04.1e100.net (2a00:1450:4016:80c::2004): icmp_seq=5 ttl=118 time=8.46 ms
but tcp/ip does not:
#> curl -4 www.google.com -> hangs (no response - timeout)
#> curl -6 www.google.com -> hangs (no response - timeout)
connection inside the Lan zone working ...
i.e. ssh from wifi device to lan device and back working
thats happen on all lan connected devices.
i have no clue where to search atm ...
my configs:
#>cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '192.168.10.200'
option netmask '255.255.0.0'
config device
option name 'wan'
option macaddr '62:38:e0:10:b1:bf'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option hostname '*'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
#> cat /etc/config/dhcp
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option domain 'HBergerNet.Local'
option local '/lan/'
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option dhcpv4 'server'
option start '2815'
option limit '100'
option ra 'hybrid'
option dhcpv6 'hybrid'
list ra_flags 'managed-config'
option ra_slaac '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wan6'
option interface 'wan6'
option dhcpv6 'relay'
list ra_flags 'none'
config domain
option name 'ldap_s1'
option ip '192.168.10.201'
config host
option name 'RBNetGearSwitch1'
option dns '1'
option mac '00:1E:2A:CE:02:A3'
option ip '192.168.10.155'
... tons of config host entries -> static leases
#>cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option name 'https'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_ip '192.168.10.201'
option dest_port '443'
list proto 'tcp'
list proto 'udp'