News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  IPv6
linktree Topic: [SOLVED] IPv6 does not work for LAN-Clients, but does for the firewall
Pages: [1]
Topic: [SOLVED] IPv6 does not work for LAN-Clients, but does for the firewall  (Read 2576 times)
« on: December 19, 2011, 16:25:00 »
maybeapreacher *
Posts: 32
Dear Community,

I am running an ALIX-Board (AMD Geode) with m0n0wall Version 1.8.0b478.
Just today I recieved my eMail that my tunnel and my subnet from sixxs was approved. yeah :-)

So, my subnet is 2001:xxxx:yyyy:zzz::/64
After I entered the credentials and set up everything, my m0nowall started the IPv6 tunnel, got the Gateway and her own IP right:
Gateway: 2001:xxxx:yyyy:zzz::1/64
WAN: 2001:xxxx:yyyy:zzz::2/64
LAN: 2001:xxxx:yyyy:zzz::3/64

My clients, a Mac with 10.7.2 and a PC with Windows 7 SP1, cannot connect to IPv6-Servers on the internet.
They get correct IPv6-Adresses, Gateway and DNS.
Both of them can ping each other, can ping the m0n0wall and can ask the m0n0wall-DNS-Server with the IPv6 address.

When the Mac does an nslookup on the v6 address, it gets the answer "can't find ipv6.google.com: no answer".
Windows gets the correct IP-address.
Neither can ping6 that address.

From the m0n0wall interface I can ping any IPv6-Address using the WAN-Interface, but not using the LAN-Interface.

For the IPv4 and IPv6-rules I allowed anything from LAN to anyything.

What seems to be the problems?

Thanks for any help!

- maybe
« Last Edit: December 19, 2011, 17:23:26 by maybeapreacher »
« Reply #1 on: December 19, 2011, 16:44:10 »
Fred Grayson *****
Posts: 994
Quote from: maybeapreacher on December 19, 2011, 16:25:00
Gateway: 2001:xxxx:yyyy:zzz::1/64
WAN: 2001:xxxx:yyyy:zzz::2/64
LAN: 2001:xxxx:yyyy:zzz::3/64


I'm not familiar with how sixxs does things and it's hard to say for sure because you have obfuscated the IPs, but if you did that consistently, then your WAN and LAN belong to the same network, and that shouldn't work.

Have you seen this:

http://www.sixxs.net/wiki/Configuring_MonoWall

I have a tunnel from Hurricane Electric, and like every other IP router I've ever dealt with, the LAN and WAN must belong to different networks.

You can get tunnels from HE without jumping thru a lot hoops or waiting for approvals. If they have a POP near you you might want to give them a try.

http://www.tunnelbroker.net/
« Last Edit: December 19, 2011, 16:54:38 by fredg »
--
Google is your friend and Bob's your uncle.
« Reply #2 on: December 19, 2011, 17:23:05 »
maybeapreacher *
Posts: 32
thanks for the quick answer.

just before I read your post a co-worker helped me out and I saw the flaw. Indeed I used the same network, which does not work and which is not my prefix, but the ISPs prefix for his ipv6-customers.

I misread an information in the eMails, and did not check, there was the problem.

After I changed it to the correct prefix everything now works just fine!

Thanks again,

- maybe
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines