TomatoUSB IPv6 routing from WAN to LAN not working

Discussion in 'Tomato Firmware' started by DrPizza, Jun 12, 2011.

  1. DrPizza

    DrPizza Networkin' Nut Member


    I'm using Tomato Firmware v1.28.7475 MIPSR2-Toastman-RT K26 USB VPN on a Netgear WNR3500L.

    I have a Hurricane Electric 6in4 tunnel.

    I've configured this as a static 6in4 tunnel as follows:

    routed prefix: 2001:470:1f09:106::
    prefix length: 64
    router IP address: default
    enabled router advertisements: yes
    tunnel remote endpoint:
    tunnel client ipv6 address: 2001:470:1f08:106::2/64

    With this machines on my LAN get an IP address in the 2001:470:1f09:106::/64 range, and external IPv6 connectivity seems fine and dandy.

    What isn't working, however, is inbound connectivity. Any attempt to connect to servers on my LAN results in failures. The last hop on a traceroute is my Hurricane Electric client IPv6 address. Beyond that, nothing.

    Does anyone have any suggestions on what I might do to remedy this?
  2. Mysteron

    Mysteron Networkin' Nut Member

    A traceroute from HE's looking glass can be a bit hit an miss, depending on the router you choose, but I don't have any problems getting to any PC on my LAN. Have you forwarded the appropriate ports for the services you're trying to reach?
  3. Toastman

    Toastman Super Moderator Staff Member Member

    I don't know anything about ipv6. But just to post some thoughts, what were you connecting to? If traceroute or ping, does the router respond at ipv6 level to ICMP/trace/pings? If it is another protocol, is it running on the router, is a port listening for it to give a reply? If it is on a client or server, does a port need to be forwarded to that client?

    I have experimented and maybe connected to Google, but nothing more. It apparently responds. Other servers don't. Really, I have no idea if I can actually use the tunnel for anything useful. It would be nice if someone who is ipv6 savvy could write something on what to expect, how to use it to get experience with ipv6, what services if any are available, how to tell if you are actually using ipv6 or not - this sort of basic stuff. Interestingly, ipv6 day came and went, not a mention in the news, no apparent difference in the way ISP's respond to it, was it all much ado about nothing? Just curious ...
  4. DrPizza

    DrPizza Networkin' Nut Member

    OK, so, it turns out that firewall blocks all traffic directed at the subnet. You can use the misleadingly labelled "port forwarding" to unblock UDP and TCP access to the subnet.

    However, what I would like to do is unfirewall the subnet completely. Actually, I'd like to create an unfirewalled /112 and leave the rest protected. Does anyone who understands ip6tables know how I might achieve this?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice