Hi,

I have added an IPV6 address to my Ubuntu 10.04 linode.

For some reason, the autoconfigure doesn't seem to be working:

eth0      Link encap:Ethernet  HWaddr f2:3c:91:96:68:a5  
          inet addr:109.74.203.220  Bcast:109.74.203.255  Mask:255.255.255.0
          inet6 addr: fe80::f03c:91ff:fe96:68a5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2262622 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1636599 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:344687175 (344.6 MB)  TX bytes:2219432293 (2.2 GB)
          Interrupt:44

My /etc/network/interfaces is:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.up.rules

# The primary network interface
auto eth0
iface eth0 inet dhcp

Do I need to modify the interfaces file to get the autoconfiguration working? I have a Fedora Linode too - the IPV6 address was added with no problem.

Thanks,

Dan

Do you have any type of firewall helper (ufw for example)?

What does "sysctl -a | grep net.ipv6.conf.eth0" show?

-Tim

Nope, no firewall helper, just the iptables.up.rules file that is mentioned in interfaces. It would be ip6tables for IPV6, right? In any case the firewall shouldn't stop the IP address being assigned, right?

Output from sysctl:

dan@block-shape:~$ sudo sysctl -a | grep net.ipv6.conf.eth0
error: "Invalid argument" reading key "fs.binfmt_misc.register"
error: permission denied on key 'net.ipv4.route.flush'
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.router_solicitations = 3
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.use_tempaddr = 0
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.regen_max_retry = 5
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.proxy_ndp = 0
net.ipv6.conf.eth0.accept_source_route = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.accept_dad = 1
net.ipv6.conf.eth0.force_tllao = 0
error: permission denied on key 'net.ipv6.route.flush'

Thanks.

Question #1: Did you reboot your Linode after you added the IPv6 address?

Enabling IPv6 within the Linode Manager forces a reboot.

Exactly. I have also restarted networking.

Well, with sysctl it looks like you should be good. Just to cover the bases what does this show:

ip6tables-save

-Tim

As far as I'm aware, it should be the default config. This is what I get:

dan@block-shape:~$ sudo ip6tables-save 
[sudo] password for dan: 
# Generated by ip6tables-save v1.4.4 on Mon Apr 16 04:20:40 2012
*security
:INPUT ACCEPT [8:832]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:832]
COMMIT
# Completed on Mon Apr 16 04:20:40 2012
# Generated by ip6tables-save v1.4.4 on Mon Apr 16 04:20:40 2012
*raw
:PREROUTING ACCEPT [30940:3217060]
:OUTPUT ACCEPT [63:4612]
COMMIT
# Completed on Mon Apr 16 04:20:40 2012
# Generated by ip6tables-save v1.4.4 on Mon Apr 16 04:20:40 2012
*mangle
:PREROUTING ACCEPT [30940:3217060]
:INPUT ACCEPT [30937:3216872]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [63:4612]
:POSTROUTING ACCEPT [8:832]
COMMIT
# Completed on Mon Apr 16 04:20:40 2012
# Generated by ip6tables-save v1.4.4 on Mon Apr 16 04:20:40 2012
*filter
:INPUT DROP [30929:3216040]
:FORWARD DROP [0:0]
:OUTPUT DROP [55:3780]
-A INPUT -i lo -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
COMMIT
# Completed on Mon Apr 16 04:20:40 2012

I just noticed this in syslog:

Apr 16 03:35:06 block-shape kernel: eth0: no IPv6 routers present

Is this something I can fix?

I've never seen that error before. Which datacenter are you in?

London

You're dropping everything in the filter table so you never see the router advertisements. The quick fix is to allow all IPv6 traffic by changing the policy to ACCEPT. You can also set up rules to allow only the traffic you need, but that's more complicated.

-James

OK, I think I've got it now, thanks.

-A INPUT -j ACCEPT

for ip6tables worked and I got the IPV6 address.

Do you know which rules I need specifically?

I added these:

-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT

and removed the 'accept all' rule, but I lost my address again.

If it's any help, I just got things working on mine by borrowing the ICMP6 rules from here:

www.cert.org/downloads/IPv6/ip6tables_rules.txt