6bone access from behind NAT
Dan Perry
dap23@cornell.edu
Thu, 6 Dec 2001 11:18:33 -0500
Hi all,
I'm trying (unsuccessfully) to connect a small network of
windows 2000 machines to the 6bone. Originally, I had one machine
running the standard Windows NAT service, and that server had one NIC
connected directly to the DSL line, and the other to the private
network. I had that server running as a 6to4 router, and everything
worked fine. However, I've since replaced that server with a common
hardware cable/DSL router. I've configured that new router to forward
all incoming packets to the old server. The old server current has one
NIC now.
I've been trying to use freenet6's tunnel broker service to
connect to the 6bone. At first this failed as the server had a private
IP. However, I changed the tspc.conf file to include the external IP
provided by my ISP as the v4 address used for the tunnel. After doing
this, the tunnel seems to set itself up properly. However, I'm not
able to ping anything but the server, or any other machine with IPv6 on
my private network. Can anyone point out something that I need to do
in order to get this to work?
Here are some outputs from the command line on the server I'm trying to
create a 6to4 router on:
C:\>ping6 www.6bone.net
Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data:
Request timed out.
Request timed out.
C:\>ping6 perr2187.tsps1.freenet6.net
Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes
of data:
Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms
Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms
C:\>ipv6 if
Interface 4 (site 1): Local Area Connection
uses Neighbor Discovery
sends Router Advertisements
forwards packets
link-level address: 00-01-02-72-e1-4a
preferred address fe80::201:2ff:fe72:e14a, infinite/infinite
multicast address ff02::1, 1 refs, not reportable
multicast address ff02::1:ff72:e14a, 1 refs, last reporter
multicast address ff02::2, 1 refs, last reporter
multicast address ff05::2, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 128
reachable time 23500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 3 (site 1): 6-over-4 Virtual Interface
uses Neighbor Discovery
sends Router Advertisements
forwards packets
link-level address: 192.168.50.1
preferred address fe80::c0a8:3201, infinite/infinite
multicast address ff02::1, 1 refs, not reportable
multicast address ff02::1:ffa8:3201, 1 refs, last reporter
multicast address ff02::2, 1 refs, last reporter
multicast address ff05::2, 1 refs, last reporter
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 15500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 2 (site 0): Tunnel Pseudo-Interface
does not use Neighbor Discovery
forwards packets
link-level address: 0.0.0.0
preferred address 2002:ac1f:2aef::ac1f:2aef, infinite/infinite
preferred address 3ffe:b80:2:2f4e::2, infinite/infinite
preferred address 2002:c0a8:3201::c0a8:3201, infinite/infinite
preferred address ::192.168.50.1, infinite/infinite
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 0ms (base 0ms)
retransmission interval 0ms
DAD transmits 0
Interface 1 (site 0): Loopback Pseudo-Interface
does not use Neighbor Discovery
link-level address:
preferred address ::1, infinite/infinite
link MTU 1500 (true link MTU 1500)
current hop limit 1
reachable time 0ms (base 0ms)
retransmission interval 0ms
DAD transmits 0
C:\>ipv6 rt
::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2
pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime
infinite)
As you can probably tell, I'm relatively new to IPv6, but any comments
or suggestions would be greatly appreciated.
Thanks,
Dan