Forum » Omrežja in internet » Linux SIT tunel, ICMP protocol 41 port 0 unreachable
Linux SIT tunel, ICMP protocol 41 port 0 unreachable
NoName ::
torej... mam ene težave, pa nism prepričan ali so distro/kernel based al težava zarad tagiranih vlanov... ne izključujem možnosti, da sm js kje zamučkal...
sit tunel med dvema kištama:
A - centos 5.7 eth0 ip 1.1.1.1
B - centos 6 eth0.2 ip 2.2.2.2 (vlan tagiran promet)
konfiguracija A:
iptables -I INPUT -s 2.2.2.2 -j ACCEPT
ip6tables -I INPUT -j ACCEPT
ip tunnel add test6 mode sit remote 2.2.2.2 local 1.1.1.1 dev eth0
ip link set test6 up
ip -6 a 2001::1/64 dev test6
konfiguracija B:
iptables -I INPUT -s 1.1.1.1 -j ACCEPT
ip6tables -I INPUT -j ACCEPT
ip tunnel add test6 mode sit remote 1.1.1.1 local 2.2.2.2 dev eth0.2
ip link set test6 up
ip -6 a 2001::2/64 dev test6
problem pa je, da mi tunel ne deluje zaradi tega, ker B vrača ICMP protocol 41 port 0 unreachable, kar se lepo vidi v primeru pinganja ter tcpdumpanja...
tcpdump na A s filtrom 'proto 41 or icmp and host 2.2.2.2'
ping B > A
18:18:15.307007 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto: IPv6 (41), length: 124) 2.2.2.2 > 1.1.1.1: IP6 (hlim 64, next-header: ICMPv6 (58), length: 64) 2001::2 > 2001::1: [icmp6 sum ok] ICMP6, echo request, length 64, seq 62
18:18:15.307027 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: IPv6 (41), length: 124) 1.1.1.1 > 2.2.2.2: IP6 (hlim 64, next-header: ICMPv6 (58), length: 64) 2001::1 > 2001::2: [icmp6 sum ok] ICMP6, echo reply, length 64, seq 62
18:18:15.355523 IP (tos 0xc0, ttl 63, id 17154, offset 0, flags [none], proto: ICMP (1), length: 152) 2.2.2.2 > 1.1.1.1: ICMP 2.2.2.2 protocol 41 port 0 unreachable, length 132
ping A > B
18:35:44.712166 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: IPv6 (41), length: 124) 1.1.1.1 > 2.2.2.2: IP6 (hlim 64, next-header: ICMPv6 (58), length: 64) 2001::1 > 2001::2: [icmp6 sum ok] ICMP6, echo request, length 64, seq 0
18:35:44.761041 IP (tos 0xc0, ttl 63, id 18184, offset 0, flags [none], proto: ICMP (1), length: 152) 2.2.2.2 > 1.1.1.1: ICMP 2.2.2.2 protocol 41 port 0 unreachable, length 132
kakšna ideja?
sit tunel med dvema kištama:
A - centos 5.7 eth0 ip 1.1.1.1
B - centos 6 eth0.2 ip 2.2.2.2 (vlan tagiran promet)
konfiguracija A:
iptables -I INPUT -s 2.2.2.2 -j ACCEPT
ip6tables -I INPUT -j ACCEPT
ip tunnel add test6 mode sit remote 2.2.2.2 local 1.1.1.1 dev eth0
ip link set test6 up
ip -6 a 2001::1/64 dev test6
konfiguracija B:
iptables -I INPUT -s 1.1.1.1 -j ACCEPT
ip6tables -I INPUT -j ACCEPT
ip tunnel add test6 mode sit remote 1.1.1.1 local 2.2.2.2 dev eth0.2
ip link set test6 up
ip -6 a 2001::2/64 dev test6
problem pa je, da mi tunel ne deluje zaradi tega, ker B vrača ICMP protocol 41 port 0 unreachable, kar se lepo vidi v primeru pinganja ter tcpdumpanja...
tcpdump na A s filtrom 'proto 41 or icmp and host 2.2.2.2'
ping B > A
18:18:15.307007 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto: IPv6 (41), length: 124) 2.2.2.2 > 1.1.1.1: IP6 (hlim 64, next-header: ICMPv6 (58), length: 64) 2001::2 > 2001::1: [icmp6 sum ok] ICMP6, echo request, length 64, seq 62
18:18:15.307027 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: IPv6 (41), length: 124) 1.1.1.1 > 2.2.2.2: IP6 (hlim 64, next-header: ICMPv6 (58), length: 64) 2001::1 > 2001::2: [icmp6 sum ok] ICMP6, echo reply, length 64, seq 62
18:18:15.355523 IP (tos 0xc0, ttl 63, id 17154, offset 0, flags [none], proto: ICMP (1), length: 152) 2.2.2.2 > 1.1.1.1: ICMP 2.2.2.2 protocol 41 port 0 unreachable, length 132
ping A > B
18:35:44.712166 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: IPv6 (41), length: 124) 1.1.1.1 > 2.2.2.2: IP6 (hlim 64, next-header: ICMPv6 (58), length: 64) 2001::1 > 2001::2: [icmp6 sum ok] ICMP6, echo request, length 64, seq 0
18:35:44.761041 IP (tos 0xc0, ttl 63, id 18184, offset 0, flags [none], proto: ICMP (1), length: 152) 2.2.2.2 > 1.1.1.1: ICMP 2.2.2.2 protocol 41 port 0 unreachable, length 132
kakšna ideja?
I can see dumb people...They're all around us... Look, they're even on this forum!
Vredno ogleda ...
Tema | Ogledi | Zadnje sporočilo | |
---|---|---|---|
Tema | Ogledi | Zadnje sporočilo | |
» | DNS problemOddelek: Omrežja in internet | 1084 (768) | čuhalev |
» | nf_conntrack in TIME_WAITOddelek: Pomoč in nasveti | 1075 (640) | jedateruk |
» | dolžina ethernet paketaOddelek: Omrežja in internet | 4975 (4506) | AndrejO |
» | IPv6 tunnelbrokerOddelek: Omrežja in internet | 1329 (1068) | boogie_xlr |
» | SIOL TV dela samo 5 minut (IGMP snooping)Oddelek: Omrežja in internet | 2680 (2416) | bulekk |