closer and closer to proof of concept but still not there
Dave Taht
dave.taht at gmail.com
Thu Mar 22 06:15:38 UTC 2012
On Wed, Mar 21, 2012 at 10:47 PM, Dave Taht <dave.taht at gmail.com> wrote:
> I failed to route through to anywhere via sd-cpe2.
now I killed myself entirely on pinging anywhere....
> I have a feeling the default ipv6 /etc/firewall.user rules need
> revision. Or that I messed up the rules fiddling with sdctl. Or I do
> indeed need to apply the encapsulation patch...
diagnosis at least partially incorrect, see further below
> I don't want to reboot the box, so I'm leaving cruithne up and online
> at 172.28.1.17, connected to sd-cpe2 and going to bed.
I ended up rebooting sd-cpe2
/root/setup6 ge00 2001:db8:0:1::3 2001:db8:0:1::1 2001:db8::1
did setup the tunnel, did get ge00 on the right interface, but ping
anywhere no workie
>
> accessing the sd-cpe2 itself from inside on that ip, was very
> herky-jerky... no cpu was visibly being used
>
> However, it was interesting that a dmesg hung here, at exactly 2050
> characters, and stayed that way for a long time.
The herky-jerky problem was actually pilot error. cruithne has a bad
ethernet port
when plugged into the dock, it negotiates 1000Mbit, but fails to work
properly at that speed.
(so for future reference if you reboot cruithne, a:
ethtool -s eth0 advertise 0x008
is needed AFTER you connect to a wire)
(I never use this thing wired. I did just stick this command in if.up.d/ethtool)
>
> 0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP
> SPT=67 DPT=67 LEN=308
This second problem is caused by the default firewall rules being
'deny' on all but a few ports,
of which 67 was one...
> [55429.035156] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55431.019531] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=124 TC=0 HOPLIMIT=64
> FLOWLBL=0 PROTO=4
And this one, due to default firewall rules being deny on all but a
few protocols, proto 4
now unblocked
> [55435.050781] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=124 TC=0 HOPLIMIT=64
> FLOWLBL=0 PROTO=4
> [55436.066406] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=124 TC=0 HOPLIMIT=64
> FLOWLBL=0 PROTO=4
> [55442.023437] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55442.042968] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55442.058593] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55449.875000] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55449.890625] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55449.910156] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=348 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=UDP SPT=67 DPT=67 LEN=308
> [55456.085937] IN= OUT=ge00
> SRC=2001:0db8:0000:0001:0000:0000:0000:0003
> DST=2001:0db8:0000:0001:0000:0000:0000:0001 LEN=124 TC=0 HOPLIMIT=64
> FLOWLBL=0 PROTO=4
> [55457.101562] IN= OUT=g
>
>
> --
> Dave Täht
> SKYPE: davetaht
> US Tel: 1-239-829-5608
> http://www.bufferbloat.net
--
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
More information about the sdcpe-devel
mailing list