[hipl-users] Re: Problems with RVS

  • From: Paola Venuso <pa.venuso@xxxxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Mon, 14 Oct 2013 16:28:21 +0200

Hi,
I've just tried this and I've got destination unreachable error. So is this
a problem concernig only IPv6?
Il giorno 14/ott/2013 16:13, "Miika Komu" <mkomu@xxxxxxxxx> ha scritto:

> Hi,
>
> why don't try plain IPv6 connectivity locally (without Teredo) with
> 3ffe::x/64 addresses? So that we know if it's about IPv6 or something HIP
> related.
>
> On 10/14/2013 05:09 PM, Paola Venuso wrote:
>
>> Sorry, HIP over IPv6 didn't work.
>>
>> Il giorno 14/ott/2013 16:04, "Miika Komu" <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>> ha scritto:
>>
>>     Hi Paola,
>>
>>     what didn't work? Directly IPv6 or HIP-over-IPv6?
>>
>>     On 10/14/2013 04:58 PM, Paola Venuso wrote:
>>
>>         Hi Miika,
>>
>>         Yes, I did. But it didn't work.
>>
>>         Il giorno 14/ott/2013 15:40, "Miika Komu" <mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> ha scritto:
>>
>>              Hi Paola,
>>
>>              it seems that you got HIP working with IPv4 locators. Did
>>         you try
>>              with two locally configured IPv6 locators (3ffe::x/64)?
>>
>>              On 10/14/2013 02:13 PM, Paola Venuso wrote:
>>
>>                  Hi Miika,
>>
>>                  I checked and I think my site firewall isn't blocking
>>         Teredo
>>                  traffic.
>>                  Anyway this is the output:
>>
>>                  paola@ubuntu:~$ dig -t aaaa www.google.com
>>         <http://www.google.com>
>>                  <http://www.google.com> <http://www.google.com>
>>
>>                  ; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.google.com
>>         <http://www.google.com>
>>                  <http://www.google.com> <http://www.google.com>
>>                  ;; global options: +cmd
>>                  ;; Got answer:
>>                  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27694
>>                  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
>>         ADDITIONAL: 0
>>
>>                  ;; QUESTION SECTION:
>>                  ;www.google.com <http://www.google.com>
>>         <http://www.google.com> <http://www.google.com>.
>>                              IN    AAAA
>>
>>                  ;; ANSWER SECTION:
>>         www.google.com <http://www.google.com> <http://www.google.com>
>>         <http://www.google.com>.
>>                          300    IN    AAAA
>>                  2a00:1450:4002:804::1010
>>
>>                  ;; Query time: 165 msec
>>                  ;; SERVER: 127.0.0.53#53(127.0.0.53)
>>                  ;; WHEN: Mon Oct 14 03:22:40 2013
>>                  ;; MSG SIZE  rcvd: 60
>>
>>
>>                  paola@ubuntu:~$ ping6 2a00:1450:4010:c04::68
>>                  PING 2a00:1450:4010:c04::68(2a00:__**
>> __1450:4010:c04::68)
>>         56 data bytes
>>                  64 bytes from 2a00:1450:4010:c04::68: icmp_seq=1 ttl=55
>>         time=371 ms
>>                  64 bytes from 2a00:1450:4010:c04::68: icmp_seq=2 ttl=55
>>         time=110 ms
>>                  64 bytes from 2a00:1450:4010:c04::68: icmp_seq=3 ttl=55
>>         time=110 ms
>>                  ^C
>>                  --- 2a00:1450:4010:c04::68 ping statistics ---
>>                  3 packets transmitted, 3 received, 0% packet loss, time
>>         2004ms
>>                  rtt min/avg/max/mdev =
>>         110.529/197.440/371.075/122.__**__778 ms
>>
>>
>>
>>                  paola@ubuntu:~$ ip route get 2a00:1450:4010:c04::68
>>                  2a00:1450:4010:c04::68 from :: via
>>         2a00:1450:4010:c04::68 dev teredo
>>                  src 2001:0:53aa:64c:2cb6:3c14:____**4367:467f  metric 0
>>                        cache
>>
>>
>>                  I also tried with your test machine:
>>
>>                  paola@ubuntu:~$ ping6
>>         2001:0:53aa:64c:3026:52b2:____**ad4a:8b91
>>                  PING
>>
>>         2001:0:53aa:64c:3026:52b2:____**ad4a:8b91(2001:0:53aa:64c:____**
>> 3026:52b2:ad4a:8b91)
>>                  56 data bytes
>>                  64 bytes from 2001:0:53aa:64c:3026:52b2:____**ad4a:8b91:
>>         icmp_seq=1
>>                  ttl=64
>>                  time=243 ms
>>                  64 bytes from 2001:0:53aa:64c:3026:52b2:____**ad4a:8b91:
>>         icmp_seq=2
>>                  ttl=64
>>                  time=112 ms
>>                  ^C
>>                  --- 2001:0:53aa:64c:3026:52b2:____**ad4a:8b91 ping
>>         statistics ---
>>                  2 packets transmitted, 2 received, 0% packet loss, time
>>         1000ms
>>                  rtt min/avg/max/mdev = 112.229/177.819/243.410/65.591 ms
>>
>>
>>
>>
>>                  Then I tried in my network:
>>
>>                  - with eth0 I got only I1 packet
>>                  - with Teredo I got "destination unreachable" error
>>
>>                  And when I stopped ping6 there was 100% of packet loss.
>>         I also
>>                  tried to
>>                  edit manually the hosts files with different
>>         configuration but
>>                  the same
>>                  happened.
>>
>>                  Thanks,
>>
>>                  Paola
>>
>>
>>
>>                  2013/10/12 Miika Komu <mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>
>>                       Hi Paola,
>>
>>                       initially, Teredo traffic is forwarded through a
>>         Teredo
>>                  server to
>>                       guaranteee NAT traversal and then miredo software
>>         tries to
>>                  pinhole
>>                       the NAT. My guess is that your *site* firewall is
>>         blocking the
>>                       inital messages with the Teredo server. You can
>> double
>>                  check this as
>>                       follows:
>>
>>                       mkomu@bling:~$ dig -t aaaa www.google.com
>>         <http://www.google.com>
>>                  <http://www.google.com> <http://www.google.com>
>>
>>                       ; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.google.com
>>         <http://www.google.com>
>>                  <http://www.google.com> <http://www.google.com>
>>                       ;; global options: +cmd
>>                       ;; Got answer:
>>                       ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
>>         id: 12399
>>                       ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY:
>> 0,
>>                  ADDITIONAL: 0
>>
>>                       ;; QUESTION SECTION:
>>                       ;www.google.com <http://www.google.com>
>>         <http://www.google.com>
>>                  <http://www.google.com>.                        IN
>>                           AAAA
>>
>>                       ;; ANSWER SECTION:
>>         www.google.com <http://www.google.com> <http://www.google.com>
>>         <http://www.google.com>.
>>                           214     IN      AAAA
>>                           2a00:1450:4010:c03::93
>>
>>                       ;; Query time: 333 msec
>>                       ;; SERVER: 193.229.0.40#53(193.229.0.40)
>>                       ;; WHEN: Sat Oct 12 14:20:35 2013
>>                       ;; MSG SIZE  rcvd: 60
>>
>>                       mkomu@bling:~$ ping6 2a00:1450:4010:c04::68
>>                       PING
>>         2a00:1450:4010:c04::68(2a00:__**____1450:4010:c04::68) 56
>>                  data bytes
>>                       64 bytes from 2a00:1450:4010:c04::68: icmp_seq=1
>>         ttl=55
>>                  time=1363 ms
>>                       64 bytes from 2a00:1450:4010:c04::68: icmp_seq=2
>>         ttl=55
>>                  time=441 ms
>>                       ^C
>>                       --- 2a00:1450:4010:c04::68 ping statistics ---
>>                       2 packets transmitted, 2 received, 0% packet loss,
>>         time 1000ms
>>                       rtt min/avg/max/mdev =
>>         441.913/902.595/1363.277/460._**_____682
>>                  ms, pipe 2
>>                       mkomu@bling:~$ ip route get 2a00:1450:4010:c04::68
>>                       2a00:1450:4010:c04::68 from :: via
>>         2a00:1450:4010:c04::68
>>                  dev teredo
>>                       src 2001:0:53aa:64c:473:6a2c:ab19:**______60e3
>>  metric 0
>>
>>                       If this does not work for you, it probably means
>>         that the
>>                  firewall
>>                       your site is blocking Teredo. You can contact your
>>         site
>>                       administrator to open the UDP port 3544.
>>
>>                       You can also try the
>>                  2001:0:53aa:64c:3026:52b2:____**__ad4a:8b91 (my test
>>                       machine) which is actually behind a real NAT
>>         unlike the google
>>                       server. If you can reach google server, but not
>>         mine, it
>>                  most likely
>>                       means that either of us is using a
>>         p2p-incompatible NAT.
>>
>>                       You can also try e.g. 3ffe::x/64 address space for
>>         local
>>                  experiments
>>                       in your local LAN (or WLAN). Just configure it to
>>         the eth0
>>                  (or other
>>                       device) for two machines and try pinging each other.
>>
>>
>>                       On 10/11/2013 09:03 PM, Paola Venuso wrote:
>>
>>                           Hi Miika,
>>
>>                           I uncommented the line "Bindport 3545" in file
>>                  miredo.conf as I
>>                           read on
>>                           the man page of miredo and checked ufw files
>>         for rules
>>                  blocking IPv6
>>                           traffic (I uncommented two about forwarding,
>>         the others
>>                  about
>>                           enabling
>>                           this traffic were already uncommented). Then I
>>         tried
>>                  ping6 the
>>                           locators
>>                           and I got the message: unknown host.
>>                           Also I tried manual set up with IPv4-based
>>         locators, as you
>>                           wrote me,
>>                           and my host exchanged HIP UPDATE and I1, R1,
>>         I2, R2
>>                  packets with
>>                           another
>>                           host, with address193.167.187.149, that I
>>         don't know
>>                  but I guess
>>                           maybe
>>                           it's one of infrahip servers.
>>                           Anyway, I am not sure I checked correctly for
>>         rules
>>                  about IPv6
>>                           traffic.
>>                           What should I do about this? Could all this
>>         problems be
>>                           connected also
>>                           with virtual machine net configuration? It is
>>         NAT by
>>                  default,
>>                           but there
>>                           are some other options.
>>
>>                           Thanks for all the help you're giving to me.
>>
>>                           Paola
>>
>>
>>                           2013/10/11 Miika Komu <mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>>                           <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>
>>
>>
>>                                Hi Paola,
>>
>>                                it seems your installation is fine. Base
>>         on my own
>>                           experiences, I
>>                                think that a middlebox (firewall) is
>>         blocking your
>>                  IPv6
>>                           traffic (in
>>                                the case of Teredo it's UDP port 3544).
>>         Did you try to
>>                           ping6 the
>>                                routable addresses (locators)?
>>
>>                                I also recommend trying a manual set up
>> with
>>                  IPv4-based
>>                           locators as
>>                                follows:
>>
>>                                hipconf daemon rst all
>>                                hipconf daemon add map PEER_HIT
>>         PEER_IPV4_ADDRESS
>>                                ping6 PEER_HIT
>>
>>
>>                                On 10/10/2013 12:42 AM, Paola Venuso wrote:
>>
>>                                    Hi Miika,
>>
>>                                    hipd is running at the responder, the
>>         firewall
>>                  is not
>>                           blocking HIP
>>                                    traffic and I don't use redhat-based
>>         distro.
>>                                    This is the output of the commands
>>         from the
>>                  manual:
>>
>>                                    paola@ubuntu:~$ dpkg -l 'hipl*'
>>
>>         Desired=Unknown/Install/______**__Remove/Purge/Hold
>>                                    |
>>
>>
>>
>>         Status=Not/Inst/Conf-files/___**_____Unpacked/halF-conf/Half-_**
>> _inst/______trig-aWait/Trig-__**pend
>>
>>                                    |/ Err?=(none)/Reinst-required
>>         (Status,Err:
>>                  uppercase=bad)
>>                                    ||/ Nome           Versione
>>         Descrizione
>>
>>
>>
>>         +++-==============-===========**________===-==================**
>> ==__==__==__==__==============**====
>>
>>                                    ii  hipl-all       1.0.8-6429     HIP
>> for
>>                  Linux full
>>                           software bundle
>>                                    ii  hipl-daemon    1.0.8-6429     HIP
>> for
>>                  Linux IPsec key
>>                                    management and
>>                                    mobil
>>                                    ii  hipl-dnsproxy  1.0.8-6429     HIP
>> for
>>                  Linux name
>>                           lookup proxy
>>                                    ii  hipl-doc       1.0.8-6429     HIP
>>         for Linux
>>                           documentation
>>                                    ii  hipl-firewall  1.0.8-6429     HIP
>>         for Linux
>>                           multi-purpose
>>                                    firewall
>>                                    daemon
>>                                    un  hipl-minimal   <nessuna>
>>           (nessuna
>>                  descrizione
>>                           disponibile)
>>                                    un  hipl-tools     <nessuna>
>>           (nessuna
>>                  descrizione
>>                           disponibile)
>>                                    paola@ubuntu:~$ hipconf daemon get ha
>> all
>>                                    Sending user message 22 to HIPD on
>>         socket 3
>>                                    Sent 40 bytes
>>                                    Waiting to receive daemon info.
>>                                    240 bytes received from HIP daemon.
>>                                    HA is I1-SENT
>>                                       Shotgun mode is off.
>>                                       Broadcast mode is off.
>>                                       Local HIT:
>>                  2001:0012:421d:99a0:005d:d60f:**________73b0:4407
>>                                       Peer  HIT:
>>                  2001:001a:2a72:f01c:d98e:311c:**________c76a:57c4
>>
>>                                       Local LSI: 1.0.0.1
>>                                       Peer  LSI: 1.0.0.2
>>                                       Local IP:
>>                  2001:0000:53aa:064c:2cde:3e12:**________4367:467f
>>
>>                                       Local NAT traversal UDP port: 10500
>>                                       Peer  IP:
>>                  2001:0708:0140:0220:0000:0000:**________0000:0016
>>
>>                                       Peer  NAT traversal UDP port: 10500
>>                                       Peer  hostname:
>>
>>
>>
>>
>>         ------------------------------**________----------------------**
>> --__--__--__--__--------------**----__----__----__----__------**
>> ------__------__------__------
>>
>>
>>                                    paola@ubuntu:~$ uname -a
>>                                    Linux ubuntu 3.5.0-41-generic
>>                  #64~precise1-Ubuntu SMP
>>                           Thu Sep 12
>>                                    17:01:55 UTC 2013 i686 i686 i386
>>         GNU/Linux
>>                                    paola@ubuntu:~$ lsb_release -a
>>                                    No LSB modules are available.
>>                                    Distributor ID:    Ubuntu
>>                                    Description:    Ubuntu 12.04.3 LTS
>>                                    Release:    12.04
>>                                    Codename:    precise
>>
>>
>>
>>
>>         ------------------------------**________----------------------**
>> --__--__--__--__--------------**----__----__----__----__------**
>> ------__------__------__------
>>
>>
>>                                    paola@ubuntu:~$ cat /etc/hip/hipd.conf
>>                                    # Format of this file is as with
>>         hipconf, but
>>                  without
>>                           "hipconf
>>                                    daemon"
>>                                    prefix
>>                                    # add hi default    # add all four
>>         HITs (see
>>                  bug id 592127)
>>                                    # add map HIT IP    # preload some
>>         HIT-to-IP
>>                  mappings
>>                           to hipd
>>                                    # add service rvs   # the host acts
>>         as HIP
>>                  rendezvous
>>                           (also see
>>                                    relay.conf)
>>                                    # add server rvs [RVS-HIT]
>>         <RVS-IP-OR-HOSTNAME>
>>                           <lifetime-secs> #
>>                                    register to rendezvous server
>>                                    # add server relay [RELAY-HIT]
>>                  <RVS-IP-OR-HOSTNAME>
>>                                    <lifetime-secs> #
>>                                    register to relay server
>>                                    # add server full-relay [RELAY-HIT]
>>                  <RVS-IP-OR-HOSTNAME>
>>                                    <lifetime-secs>
>>                                    # register to relay server
>>                                    hit-to-ip on # resolve HITs to
>>         locators in
>>                  dynamic DNS zone
>>                                    # hit-to-ip set
>>         hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net**>
>>                  
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >
>>                           <http://hit-to-ip.infrahip.__**net__
>>         <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>
>>                                    <http://hit-to-ip.infrahip.___**_net__
>>                  <http://hit-to-ip.infrahip.__**net__
>>         <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>>
>>                           <http://hit-to-ip.infrahip.___**___net__
>>                           <http://hit-to-ip.infrahip.___**_net__
>>                  <http://hit-to-ip.infrahip.__**net__
>>         <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>>>.
>>
>>
>>                                    # resolve HITs to locators in dynamic
>>         DNS zone
>>                                    nsupdate on # send dynamic DNS updates
>>                                    # add server rvs hiprvs.infrahip.net
>>         <http://hiprvs.infrahip.net>
>>                  <http://hiprvs.infrahip.net>
>>                           <http://hiprvs.infrahip.net>
>>                                    <http://hiprvs.infrahip.net>
>>                           <http://hiprvs.infrahip.net> 50000
>>
>>
>>                                    # Register to free RVS at infrahip
>>                                    # heartbeat 10 # send ICMPv6 messages
>>         inside
>>                  HIP tunnels
>>                                    # locator on        # host sends all
>>         of its
>>                  locators in
>>                           base
>>                                    exchange
>>                                    # shotgun on # use all possible
>>         src/dst IP
>>                  combinations
>>                           to send
>>                                    I1/UPDATE
>>                                    # broadcast on # broadcast to LAN if no
>>                  matching IP
>>                           address found
>>                                    # opp normal|advanced|none
>>                                    # transform order 213 # crypto
>> preference
>>                  order (1=AES,
>>                           2=3DES,
>>                                    3=NULL)
>>                                    nat plain-udp       # use UDP
>>         capsulation (for
>>                  NATted
>>                           environments)
>>                                    #nat port local 11111 # change local
>>         default
>>                  UDP port
>>                                    #nat port peer 22222 # change local
>>         peer UDP port
>>                                    debug medium        # debug
>>         verbosity: all,
>>                  medium, low
>>                           or none
>>                                    default-hip-version 1 # default HIP
>>         version
>>                  number for
>>                           the I1
>>                                    message.
>>                                    (1=HIPv1, 2=HIPv2)
>>
>>
>>
>>
>>         ------------------------------**________----------------------**
>> --__--__--__--__--------------**----__----__----__----__------**
>> ------__------__------__------
>>
>>
>>                                    paola@ubuntu:~$ sudo iptables -L -n
>>                                    Chain INPUT (policy ACCEPT)
>>                                    target     prot opt source
>>                  destination
>>                                    HIPFW-INPUT  all  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     139  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     139  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     udp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>            udp
>>         spt:10500
>>                                    ACCEPT     esp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     icmpv6-- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     all  -- 1.0.0.0/8
>>         <http://1.0.0.0/8>
>>                  <http://1.0.0.0/8> <http://1.0.0.0/8>
>>                           <http://1.0.0.0/8>
>>                                    <http://1.0.0.0/8> 1.0.0.0/8
>>         <http://1.0.0.0/8>
>>                  <http://1.0.0.0/8> <http://1.0.0.0/8>
>>                           <http://1.0.0.0/8>
>>                                    <http://1.0.0.0/8>
>>
>>
>>                                    Chain FORWARD (policy ACCEPT)
>>                                    target     prot opt source
>>                  destination
>>                                    HIPFW-FORWARD  all  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>
>>
>>                                    Chain OUTPUT (policy ACCEPT)
>>                                    target     prot opt source
>>                  destination
>>                                    HIPFW-OUTPUT  all  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     139  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     udp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>            udp
>>         dpt:10500
>>                                    ACCEPT     esp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     icmpv6-- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>
>>                                    ACCEPT     all  -- 1.0.0.0/8
>>         <http://1.0.0.0/8>
>>                  <http://1.0.0.0/8> <http://1.0.0.0/8>
>>                           <http://1.0.0.0/8>
>>                                    <http://1.0.0.0/8> 1.0.0.0/8
>>         <http://1.0.0.0/8>
>>                  <http://1.0.0.0/8> <http://1.0.0.0/8>
>>                           <http://1.0.0.0/8>
>>                                    <http://1.0.0.0/8>
>>
>>
>>                                    Chain HIPFW-FORWARD (1 references)
>>                                    target     prot opt source
>>                  destination
>>
>>                                    Chain HIPFW-INPUT (1 references)
>>                                    target     prot opt source
>>                  destination
>>                                    NFQUEUE    udp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>            udp
>>         spt:10500
>>                  NFQUEUE num 0
>>                                    NFQUEUE    udp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>            udp
>>         dpt:10500
>>                  NFQUEUE num 0
>>                                    NFQUEUE    esp  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0>            NFQUEUE
>>         num 0
>>
>>
>>                                    Chain HIPFW-OUTPUT (1 references)
>>                                    target     prot opt source
>>                  destination
>>                                    NFQUEUE    all  -- 0.0.0.0/0
>>         <http://0.0.0.0/0>
>>                  <http://0.0.0.0/0> <http://0.0.0.0/0>
>>                           <http://0.0.0.0/0>
>>                                    <http://0.0.0.0/0> 1.0.0.0/8
>>         <http://1.0.0.0/8>
>>                  <http://1.0.0.0/8> <http://1.0.0.0/8>
>>                           <http://1.0.0.0/8>
>>                                    <http://1.0.0.0/8>            NFQUEUE
>>         num 0
>>
>>
>>
>>
>>
>>         ------------------------------**________----------------------**
>> --__--__--__--__--------------**----__----__----__----__------**
>> ------__------__------__------
>>
>>
>>
>>                                    paola@ubuntu:~$ sudo ip6tables -L -n
>>                                    Chain INPUT (policy ACCEPT)
>>                                    target     prot opt source
>>                  destination
>>                                    HIPFW-INPUT  all      ::/0
>>                ::/0
>>                                    ACCEPT     all      2001:10::/28
>>                  2001:10::/28
>>
>>                                    Chain FORWARD (policy ACCEPT)
>>                                    target     prot opt source
>>                  destination
>>                                    HIPFW-FORWARD  all      ::/0
>>                  ::/0
>>
>>                                    Chain OUTPUT (policy ACCEPT)
>>                                    target     prot opt source
>>                  destination
>>                                    HIPFW-OUTPUT  all      ::/0
>>                ::/0
>>                                    ACCEPT     all      2001:10::/28
>>                  2001:10::/28
>>
>>                                    Chain HIPFW-FORWARD (1 references)
>>                                    target     prot opt source
>>                  destination
>>
>>                                    Chain HIPFW-INPUT (1 references)
>>                                    target     prot opt source
>>                  destination
>>                                    NFQUEUE    esp      ::/0
>>              ::/0
>>                                    NFQUEUE num 1
>>                                    NFQUEUE    all      ::/0
>>                  2001:10::/28
>>                                    NFQUEUE num 1
>>
>>                                    Chain HIPFW-OUTPUT (1 references)
>>                                    target     prot opt source
>>                  destination
>>                                    NFQUEUE    udp      ::/0
>>                  2001:10::/28
>>                                    NFQUEUE num 1
>>                                    NFQUEUE    icmp     ::/0
>>                  2001:10::/28
>>                                    NFQUEUE num 1
>>                                    NFQUEUE    tcp      ::/0
>>                  2001:10::/28
>>                                    NFQUEUE num 1
>>                                    NFQUEUE    icmpv6    ::/0
>>                  2001:10::/28
>>                                    NFQUEUE num 1
>>
>>
>>
>>
>>         ------------------------------**________----------------------**
>> --__--__--__--__--------------**----__----__----__----__------**
>> ------__------__------__------
>>
>>
>>                                    paola@ubuntu:~$ ps axu | grep hip
>>                                    nobody    1002  0.0  0.1   4980  2004
>>         ?        S
>>                             14:21   0:00
>>                                    /usr/sbin/hipd -bkN
>>                                    nobody    1092  0.0  0.1   5116  1220
>>         ?        S
>>                             14:21   0:00
>>                                    /usr/sbin/hipfw -bklpFi
>>                                    root      1477  0.0  0.6  10860  6576
>>         ?        S
>>                             14:21   0:00
>>                                    python
>>                                    /usr/sbin/hipdnsproxy -k
>>                                    root      3144  0.0  0.0      0     0
>>         ?        Z
>>                             14:22   0:00
>>                                    [hipconf] <defunct>
>>                                    paola     3304  0.0  0.0   4412   832
>>         pts/0    S+
>>                           14:32   0:00
>>                                    grep
>>                                    --color=auto hip
>>
>>
>>
>>
>>         ------------------------------**________----------------------**
>> --__--__--__--__--------------**----__----__----__----__------**
>> ------__------__------__------
>>
>>
>>                                    paola@ubuntu:~$ ps axu | grep dns
>>                                    root      1477  0.0  0.6  10860  6576
>>         ?        S
>>                             14:21   0:00
>>                                    python
>>                                    /usr/sbin/hipdnsproxy -k
>>                                    nobody    2155  0.0  0.1   5400  1388
>>         ?        S
>>                             14:21   0:00
>>                                    /usr/sbin/dnsmasq --no-resolv
>>         --keep-in-foreground
>>                           --no-hosts
>>                                    --bind-interfaces
>>
>>
>>
>>         --pid-file=/var/run/sendsigs._**_______omit.d/network-manager.**
>> ________dnsmasq.pid
>>                                    --listen-address=127.0.0.1
>>
>>         --conf-file=/var/run/nm-dns-__**______dnsmasq.conf
>>                                    --cache-size=0 --proxy-dnssec
>>         --enable-dbus
>>
>>         --conf-dir=/etc/________**NetworkManager/dnsmasq.d
>>
>>                                    paola     3307  0.0  0.0   4412   836
>>         pts/0    S+
>>                           14:32   0:00
>>                                    grep
>>                                    --color=auto dns
>>
>>
>>                                    Thanks a lot,
>>
>>                                    Paola
>>
>>
>>                                    2013/10/9 Miika Komu <mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                           <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>>>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                           <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>>>>
>>                                    <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>>                           <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>         <mailto:mkomu@xxxxxxxxx>>
>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>
>>
>>
>>                                         Hi Paola,
>>
>>                                         please provide some more
>>         information as
>>                  instructed
>>                           in the
>>                                    manual:
>>
>>         
>> http://hipl.hiit.fi/hipl/_____**<http://hipl.hiit.fi/hipl/__________manual/HOWTO.html#quick>
>
> ...

Other related posts: