我正在使用運行 OpenWRT 版本 Backfire 10.03.1-rc4 的路由器設定 IPv6。我使用 Hurricane Electric 的隧道代理程式創建了一條隧道,並將其設定在路由器上,然後使用 RADVD 來分發 IPv6 位址。
我的問題是,在網路上的電腦上,我只能使用瀏覽器存取 ipv6.google.com,但其他網站似乎會永遠加載,並且不會在任何瀏覽器中開啟。我可以很好地對它們進行 ping 和追蹤路由,但無法使用瀏覽器打開它們。
我可以使用路由器上的瀏覽器正常開啟任何網站。
停止路由器上的防火牆服務沒有幫助,因此這可能不是防火牆問題。
所有 AAAA 記錄都能很好地解析,因此這可能不是 DNS 問題。
網路上的電腦可以正常取得 IPv6 位址,因此這可能不是 radvd 問題。
類似的設定對於 SixXs 來說效果很好,但我在那裡的 PoP 遇到了問題,所以我決定轉向 HE。
以下是一些追蹤路由:
從客戶端計算機:
Tracing route to ipv6.he.net [2001:470:0:64::2]
over a maximum of 30 hops:
1 <1 ms 1 ms 1 ms 2001:470:1f0b:de5::1
2 62 ms 63 ms 62 ms andrejako-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1]
3 60 ms 60 ms 63 ms gige-g2-4.core1.fra1.he.net [2001:470:0:69::1]
4 63 ms 68 ms 68 ms 10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1]
5 84 ms 74 ms 76 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
6 146 ms 147 ms 151 ms 10gigabitethernet4-4.core1.nyc4.he.net [2001:470:0:128::1]
7 200 ms 198 ms 202 ms 10gigabitethernet5-3.core1.lax1.he.net [2001:470:0:10e::1]
8 219 ms * 210 ms 10gigabitethernet2-2.core1.fmt2.he.net [2001:470:0:18d::1]
9 221 ms 338 ms 209 ms gige-g4-18.core1.fmt1.he.net [2001:470:0:2d::1]
10 206 ms 210 ms 207 ms ipv6.he.net [2001:470:0:64::2]
Trace complete.
另一個來自客戶端計算機
Tracing route to whatismyipv6.com [2001:4870:a24f:2::90]
over a maximum of 30 hops:
1 7 ms 1 ms 1 ms 2001:470:1f0b:de5::1
2 69 ms 70 ms 63 ms AndrejaKo-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1]
3 57 ms 65 ms 58 ms gige-g2-4.core1.fra1.he.net [2001:470:0:69::1]
4 73 ms 74 ms 75 ms 10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1]
5 71 ms 74 ms 76 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
6 141 ms 149 ms 148 ms 10gigabitethernet2-3.core1.nyc4.he.net [2001:470:0:3e::1]
7 141 ms 147 ms 143 ms 10gigabitethernet1-2.core1.nyc1.he.net [2001:470:0:37::2]
8 144 ms 145 ms 142 ms 2001:504:1::a500:4323:1
9 226 ms 225 ms 218 ms 2001:4870:a240::2
10 220 ms 224 ms 219 ms 2001:4870:a240::2
11 219 ms 218 ms 220 ms 2001:4870:a24f::2
12 221 ms 222 ms 220 ms www.whatismyipv6.com [2001:4870:a24f:2::90]
Trace complete.
以下是路由器上的一些防火牆資訊:
root@OpenWrt:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
input_rule all -- 0.0.0.0/0 0.0.0.0/0
input all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
zone_wan_MSSFIX all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0
forward all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
output_rule all -- 0.0.0.0/0 0.0.0.0/0
output all -- 0.0.0.0/0 0.0.0.0/0
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
nat_reflection_fwd all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain nat_reflection_fwd (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:80
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain output_rule (1 references)
target prot opt source destination
Chain reject (7 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan (1 references)
target prot opt source destination
input_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_MSSFIX (0 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
forwarding_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan (2 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT 41 -- 0.0.0.0/0 0.0.0.0/0
input_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_MSSFIX (1 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_forward (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.1.2
forwarding_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
這是一些路由資訊:
root@OpenWrt:/# ip -f inet6 route
2001:470:1f0a:de5::/64 via :: dev 6in4-henet proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
2001:470:1f0b:de5::/64 dev br-lan proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev br-lan proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0.1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0.2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4-henet proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
default dev 6in4-henet metric 1024 mtu 1280 advmss 1220 hoplimit 0
我有運行 Windows 7 SP1 和 openSUSE 11.3 的計算機,它們都有相同的問題。
我還做了一個線關於這個問題在HE的論壇上,但似乎那裡的人不知道該怎麼辦。
答案1
OpenWRT 論壇上有幫助的人解決了這個問題。我需要設定 MTU 才能連接到 1280。