Hi Paolo,it seems so. If you're using e.g. virtualbox, there seems to be some advice available at various forums:
https://www.google.com/search?client=ubuntu&channel=fs&q=ipv6+virtualbox+destination+unreachable+error&ie=utf-8&oe=utf-8 On 10/14/2013 05:28 PM, Paola Venuso wrote:
Hi, I've just tried this and I've got destination unreachable error. So is this a problem concernig only IPv6? Il giorno 14/ott/2013 16:13, "Miika Komu" <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> ha scritto: Hi, why don't try plain IPv6 connectivity locally (without Teredo) with 3ffe::x/64 addresses? So that we know if it's about IPv6 or something HIP related. On 10/14/2013 05:09 PM, Paola Venuso wrote: Sorry, HIP over IPv6 didn't work. Il giorno 14/ott/2013 16:04, "Miika Komu" <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> ha scritto: Hi Paola, what didn't work? Directly IPv6 or HIP-over-IPv6? On 10/14/2013 04:58 PM, Paola Venuso wrote: Hi Miika, Yes, I did. But it didn't work. Il giorno 14/ott/2013 15:40, "Miika Komu" <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> ha scritto: Hi Paola, it seems that you got HIP working with IPv4 locators. Did you try with two locally configured IPv6 locators (3ffe::x/64)? On 10/14/2013 02:13 PM, Paola Venuso wrote: Hi Miika, I checked and I think my site firewall isn't blocking Teredo traffic. Anyway this is the output: paola@ubuntu:~$ dig -t aaaa www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com> ; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27694 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com>. IN AAAA ;; ANSWER SECTION: www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com>. 300 IN AAAA 2a00:1450:4002:804::1010 ;; Query time: 165 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Oct 14 03:22:40 2013 ;; MSG SIZE rcvd: 60 paola@ubuntu:~$ ping6 2a00:1450:4010:c04::68 PING 2a00:1450:4010:c04::68(2a00:______1450:4010:c04::68) 56 data bytes 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=1 ttl=55 time=371 ms 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=2 ttl=55 time=110 ms 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=3 ttl=55 time=110 ms ^C --- 2a00:1450:4010:c04::68 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 110.529/197.440/371.075/122.______778 ms paola@ubuntu:~$ ip route get 2a00:1450:4010:c04::68 2a00:1450:4010:c04::68 from :: via 2a00:1450:4010:c04::68 dev teredo src 2001:0:53aa:64c:2cb6:3c14:______4367:467f metric 0 cache I also tried with your test machine: paola@ubuntu:~$ ping6 2001:0:53aa:64c:3026:52b2:______ad4a:8b91 PING 2001:0:53aa:64c:3026:52b2:______ad4a:8b91(2001:0:53aa:64c:______3026:52b2:ad4a:8b91) 56 data bytes 64 bytes from 2001:0:53aa:64c:3026:52b2:______ad4a:8b91: icmp_seq=1 ttl=64 time=243 ms 64 bytes from 2001:0:53aa:64c:3026:52b2:______ad4a:8b91: icmp_seq=2 ttl=64 time=112 ms ^C --- 2001:0:53aa:64c:3026:52b2:______ad4a:8b91 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 112.229/177.819/243.410/65.591 ms Then I tried in my network: - with eth0 I got only I1 packet - with Teredo I got "destination unreachable" error And when I stopped ping6 there was 100% of packet loss. I also tried to edit manually the hosts files with different configuration but the same happened. Thanks, Paola 2013/10/12 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>> Hi Paola, initially, Teredo traffic is forwarded through a Teredo server to guaranteee NAT traversal and then miredo software tries to pinhole the NAT. My guess is that your *site* firewall is blocking the inital messages with the Teredo server. You can double check this as follows: mkomu@bling:~$ dig -t aaaa www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com> ; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12399 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com>. IN AAAA ;; ANSWER SECTION: www.google.com <http://www.google.com> <http://www.google.com> <http://www.google.com> <http://www.google.com>. 214 IN AAAA 2a00:1450:4010:c03::93 ;; Query time: 333 msec ;; SERVER: 193.229.0.40#53(193.229.0.40) ;; WHEN: Sat Oct 12 14:20:35 2013 ;; MSG SIZE rcvd: 60 mkomu@bling:~$ ping6 2a00:1450:4010:c04::68 PING 2a00:1450:4010:c04::68(2a00:________1450:4010:c04::68) 56 data bytes 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=1 ttl=55 time=1363 ms 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=2 ttl=55 time=441 ms ^C --- 2a00:1450:4010:c04::68 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 441.913/902.595/1363.277/460.________682 ms, pipe 2 mkomu@bling:~$ ip route get 2a00:1450:4010:c04::68 2a00:1450:4010:c04::68 from :: via 2a00:1450:4010:c04::68 dev teredo src 2001:0:53aa:64c:473:6a2c:ab19:________60e3 metric 0 If this does not work for you, it probably means that the firewall your site is blocking Teredo. You can contact your site administrator to open the UDP port 3544. You can also try the 2001:0:53aa:64c:3026:52b2:________ad4a:8b91 (my test machine) which is actually behind a real NAT unlike the google server. If you can reach google server, but not mine, it most likely means that either of us is using a p2p-incompatible NAT. You can also try e.g. 3ffe::x/64 address space for local experiments in your local LAN (or WLAN). Just configure it to the eth0 (or other device) for two machines and try pinging each other. On 10/11/2013 09:03 PM, Paola Venuso wrote: Hi Miika, I uncommented the line "Bindport 3545" in file miredo.conf as I read on the man page of miredo and checked ufw files for rules blocking IPv6 traffic (I uncommented two about forwarding, the others about enabling this traffic were already uncommented). Then I tried ping6 the locators and I got the message: unknown host. Also I tried manual set up with IPv4-based locators, as you wrote me, and my host exchanged HIP UPDATE and I1, R1, I2, R2 packets with another host, with address193.167.187.149, that I don't know but I guess maybe it's one of infrahip servers. Anyway, I am not sure I checked correctly for rules about IPv6 traffic. What should I do about this? Could all this problems be connected also with virtual machine net configuration? It is NAT by default, but there are some other options. Thanks for all the help you're giving to me. Paola 2013/10/11 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>> Hi Paola, it seems your installation is fine. Base on my own experiences, I think that a middlebox (firewall) is blocking your IPv6 traffic (in the case of Teredo it's UDP port 3544). Did you try to ping6 the routable addresses (locators)? I also recommend trying a manual set up with IPv4-based locators as follows: hipconf daemon rst all hipconf daemon add map PEER_HIT PEER_IPV4_ADDRESS ping6 PEER_HIT On 10/10/2013 12:42 AM, Paola Venuso wrote: Hi Miika, hipd is running at the responder, the firewall is not blocking HIP traffic and I don't use redhat-based distro. This is the output of the commands from the manual: paola@ubuntu:~$ dpkg -l 'hipl*' Desired=Unknown/Install/__________Remove/Purge/Hold | Status=Not/Inst/Conf-files/__________Unpacked/halF-conf/Half-____inst/______trig-aWait/Trig-____pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Nome Versione Descrizione +++-==============-===========__________===-==================__==__==__==__==__==============__==== ii hipl-all 1.0.8-6429 HIP for Linux full software bundle ii hipl-daemon 1.0.8-6429 HIP for Linux IPsec key management and mobil ii hipl-dnsproxy 1.0.8-6429 HIP for Linux name lookup proxy ii hipl-doc 1.0.8-6429 HIP for Linux documentation ii hipl-firewall 1.0.8-6429 HIP for Linux multi-purpose firewall daemon un hipl-minimal <nessuna> (nessuna descrizione disponibile) un hipl-tools <nessuna> (nessuna descrizione disponibile) paola@ubuntu:~$ hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 240 bytes received from HIP daemon. HA is I1-SENT Shotgun mode is off. Broadcast mode is off. Local HIT: 2001:0012:421d:99a0:005d:d60f:__________73b0:4407 Peer HIT: 2001:001a:2a72:f01c:d98e:311c:__________c76a:57c4 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 2001:0000:53aa:064c:2cde:3e12:__________4367:467f Local NAT traversal UDP port: 10500 Peer IP: 2001:0708:0140:0220:0000:0000:__________0000:0016 Peer NAT traversal UDP port: 10500 Peer hostname: ------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------ paola@ubuntu:~$ uname -a Linux ubuntu 3.5.0-41-generic #64~precise1-Ubuntu SMP Thu Sep 12 17:01:55 UTC 2013 i686 i686 i386 GNU/Linux paola@ubuntu:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.3 LTS Release: 12.04 Codename: precise ------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------ paola@ubuntu:~$ cat /etc/hip/hipd.conf # Format of this file is as with hipconf, but without "hipconf daemon" prefix # add hi default # add all four HITs (see bug id 592127) # add map HIT IP # preload some HIT-to-IP mappings to hipd # add service rvs # the host acts as HIP rendezvous (also see relay.conf) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous server # add server relay [RELAY-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to relay server # add server full-relay [RELAY-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to relay server hit-to-ip on # resolve HITs to locators in dynamic DNS zone # hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net> <http://hit-to-ip.infrahip.net__> <http://hit-to-ip.infrahip.__net__ <http://hit-to-ip.infrahip.net__>> <http://hit-to-ip.infrahip.____net__ <http://hit-to-ip.infrahip.__net__ <http://hit-to-ip.infrahip.net__>>> <http://hit-to-ip.infrahip.______net__ <http://hit-to-ip.infrahip.____net__ <http://hit-to-ip.infrahip.__net__ <http://hit-to-ip.infrahip.net__>>>> <http://hit-to-ip.infrahip.________net__ <http://hit-to-ip.infrahip.______net__ <http://hit-to-ip.infrahip.____net__ <http://hit-to-ip.infrahip.__net__ <http://hit-to-ip.infrahip.net__>>>>>. # resolve HITs to locators in dynamic DNS zone nsupdate on # send dynamic DNS updates # add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> 50000 # Register to free RVS at infrahip # heartbeat 10 # send ICMPv6 messages inside HIP tunnels # locator on # host sends all of its locators in base exchange # shotgun on # use all possible src/dst IP combinations to send I1/UPDATE # broadcast on # broadcast to LAN if no matching IP address found # opp normal|advanced|none # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) nat plain-udp # use UDP capsulation (for NATted environments) #nat port local 11111 # change local default UDP port #nat port peer 22222 # change local peer UDP port debug medium # debug verbosity: all, medium, low or none default-hip-version 1 # default HIP version number for the I1 message. (1=HIPv1, 2=HIPv2) ------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------ paola@ubuntu:~$ sudo iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT 139 -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT 139 -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> udp spt:10500 ACCEPT esp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT icmpv6-- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT all -- 1.0.0.0/8 <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> 1.0.0.0/8 <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT 139 -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> udp dpt:10500 ACCEPT esp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT icmpv6-- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> ACCEPT all -- 1.0.0.0/8 <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> 1.0.0.0/8 <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination NFQUEUE udp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> udp spt:10500 NFQUEUE num 0 NFQUEUE udp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> udp dpt:10500 NFQUEUE num 0 NFQUEUE esp -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> NFQUEUE num 0 Chain HIPFW-OUTPUT (1 references) target prot opt source destination NFQUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> <http://1.0.0.0/8> NFQUEUE num 0 ------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------ paola@ubuntu:~$ sudo ip6tables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT all ::/0 ::/0 ACCEPT all 2001:10::/28 2001:10::/28 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD all ::/0 ::/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all ::/0 ::/0 ACCEPT all 2001:10::/28 2001:10::/28 Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination NFQUEUE esp ::/0 ::/0 NFQUEUE num 1 NFQUEUE all ::/0 2001:10::/28 NFQUEUE num 1 Chain HIPFW-OUTPUT (1 references) target prot opt source destination NFQUEUE udp ::/0 2001:10::/28 NFQUEUE num 1 NFQUEUE icmp ::/0 2001:10::/28 NFQUEUE num 1 NFQUEUE tcp ::/0 2001:10::/28 NFQUEUE num 1 NFQUEUE icmpv6 ::/0 2001:10::/28 NFQUEUE num 1 ------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------ paola@ubuntu:~$ ps axu | grep hip nobody 1002 0.0 0.1 4980 2004 ? S 14:21 0:00 /usr/sbin/hipd -bkN nobody 1092 0.0 0.1 5116 1220 ? S 14:21 0:00 /usr/sbin/hipfw -bklpFi root 1477 0.0 0.6 10860 6576 ? S 14:21 0:00 python /usr/sbin/hipdnsproxy -k root 3144 0.0 0.0 0 0 ? Z 14:22 0:00 [hipconf] <defunct> paola 3304 0.0 0.0 4412 832 pts/0 S+ 14:32 0:00 grep --color=auto hip ------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------ paola@ubuntu:~$ ps axu | grep dns root 1477 0.0 0.6 10860 6576 ? S 14:21 0:00 python /usr/sbin/hipdnsproxy -k nobody 2155 0.0 0.1 5400 1388 ? S 14:21 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.__________omit.d/network-manager.__________dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/nm-dns-__________dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus --conf-dir=/etc/__________NetworkManager/dnsmasq.d paola 3307 0.0 0.0 4412 836 pts/0 S+ 14:32 0:00 grep --color=auto dns Thanks a lot, Paola 2013/10/9 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>> Hi Paola, please provide some more information as instructed in the manual: http://hipl.hiit.fi/hipl/_______ <http://hipl.hiit.fi/hipl/__________manual/HOWTO.html#quick> ...