Hi,
I've just tried this and I've got destination unreachable error. So is
this a problem concernig only IPv6?
Il giorno 14/ott/2013 16:13, "Miika Komu" <mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>> ha scritto:
Hi,
why don't try plain IPv6 connectivity locally (without Teredo) with
3ffe::x/64 addresses? So that we know if it's about IPv6 or
something HIP related.
On 10/14/2013 05:09 PM, Paola Venuso wrote:
Sorry, HIP over IPv6 didn't work.
Il giorno 14/ott/2013 16:04, "Miika Komu" <mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> ha scritto:
Hi Paola,
what didn't work? Directly IPv6 or HIP-over-IPv6?
On 10/14/2013 04:58 PM, Paola Venuso wrote:
Hi Miika,
Yes, I did. But it didn't work.
Il giorno 14/ott/2013 15:40, "Miika Komu"
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> ha scritto:
Hi Paola,
it seems that you got HIP working with IPv4
locators. Did
you try
with two locally configured IPv6 locators
(3ffe::x/64)?
On 10/14/2013 02:13 PM, Paola Venuso wrote:
Hi Miika,
I checked and I think my site firewall isn't
blocking
Teredo
traffic.
Anyway this is the output:
paola@ubuntu:~$ dig -t aaaa www.google.com
<http://www.google.com>
<http://www.google.com>
<http://www.google.com> <http://www.google.com>
; <<>> DiG 9.8.1-P1 <<>> -t aaaa
www.google.com <http://www.google.com>
<http://www.google.com>
<http://www.google.com> <http://www.google.com>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 27694
;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com <http://www.google.com>
<http://www.google.com>
<http://www.google.com> <http://www.google.com>.
IN AAAA
;; ANSWER SECTION:
www.google.com <http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>.
300 IN AAAA
2a00:1450:4002:804::1010
;; Query time: 165 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 14 03:22:40 2013
;; MSG SIZE rcvd: 60
paola@ubuntu:~$ ping6 2a00:1450:4010:c04::68
PING
2a00:1450:4010:c04::68(2a00:______1450:4010:c04::68)
56 data bytes
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=1 ttl=55
time=371 ms
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=2 ttl=55
time=110 ms
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=3 ttl=55
time=110 ms
^C
--- 2a00:1450:4010:c04::68 ping statistics ---
3 packets transmitted, 3 received, 0% packet
loss, time
2004ms
rtt min/avg/max/mdev =
110.529/197.440/371.075/122.______778 ms
paola@ubuntu:~$ ip route get
2a00:1450:4010:c04::68
2a00:1450:4010:c04::68 from :: via
2a00:1450:4010:c04::68 dev teredo
src 2001:0:53aa:64c:2cb6:3c14:______4367:467f
metric 0
cache
I also tried with your test machine:
paola@ubuntu:~$ ping6
2001:0:53aa:64c:3026:52b2:______ad4a:8b91
PING
2001:0:53aa:64c:3026:52b2:______ad4a:8b91(2001:0:53aa:64c:______3026:52b2:ad4a:8b91)
56 data bytes
64 bytes from
2001:0:53aa:64c:3026:52b2:______ad4a:8b91:
icmp_seq=1
ttl=64
time=243 ms
64 bytes from
2001:0:53aa:64c:3026:52b2:______ad4a:8b91:
icmp_seq=2
ttl=64
time=112 ms
^C
--- 2001:0:53aa:64c:3026:52b2:______ad4a:8b91 ping
statistics ---
2 packets transmitted, 2 received, 0% packet
loss, time
1000ms
rtt min/avg/max/mdev =
112.229/177.819/243.410/65.591 ms
Then I tried in my network:
- with eth0 I got only I1 packet
- with Teredo I got "destination unreachable"
error
And when I stopped ping6 there was 100% of
packet loss.
I also
tried to
edit manually the hosts files with different
configuration but
the same
happened.
Thanks,
Paola
2013/10/12 Miika Komu <mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>
Hi Paola,
initially, Teredo traffic is forwarded
through a
Teredo
server to
guaranteee NAT traversal and then miredo
software
tries to
pinhole
the NAT. My guess is that your *site*
firewall is
blocking the
inital messages with the Teredo server.
You can double
check this as
follows:
mkomu@bling:~$ dig -t aaaa www.google.com
<http://www.google.com>
<http://www.google.com>
<http://www.google.com> <http://www.google.com>
; <<>> DiG 9.8.1-P1 <<>> -t aaaa
www.google.com <http://www.google.com>
<http://www.google.com>
<http://www.google.com> <http://www.google.com>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR,
id: 12399
;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com <http://www.google.com>
<http://www.google.com>
<http://www.google.com>
<http://www.google.com>. IN
AAAA
;; ANSWER SECTION:
www.google.com <http://www.google.com> <http://www.google.com>
<http://www.google.com>
<http://www.google.com>.
214 IN AAAA
2a00:1450:4010:c03::93
;; Query time: 333 msec
;; SERVER: 193.229.0.40#53(193.229.0.40)
;; WHEN: Sat Oct 12 14:20:35 2013
;; MSG SIZE rcvd: 60
mkomu@bling:~$ ping6 2a00:1450:4010:c04::68
PING
2a00:1450:4010:c04::68(2a00:________1450:4010:c04::68) 56
data bytes
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=1
ttl=55
time=1363 ms
64 bytes from 2a00:1450:4010:c04::68:
icmp_seq=2
ttl=55
time=441 ms
^C
--- 2a00:1450:4010:c04::68 ping
statistics ---
2 packets transmitted, 2 received, 0%
packet loss,
time 1000ms
rtt min/avg/max/mdev =
441.913/902.595/1363.277/460.________682
ms, pipe 2
mkomu@bling:~$ ip route get
2a00:1450:4010:c04::68
2a00:1450:4010:c04::68 from :: via
2a00:1450:4010:c04::68
dev teredo
src
2001:0:53aa:64c:473:6a2c:ab19:________60e3 metric 0
If this does not work for you, it
probably means
that the
firewall
your site is blocking Teredo. You can
contact your
site
administrator to open the UDP port 3544.
You can also try the
2001:0:53aa:64c:3026:52b2:________ad4a:8b91
(my test
machine) which is actually behind a real NAT
unlike the google
server. If you can reach google server,
but not
mine, it
most likely
means that either of us is using a
p2p-incompatible NAT.
You can also try e.g. 3ffe::x/64 address
space for
local
experiments
in your local LAN (or WLAN). Just
configure it to
the eth0
(or other
device) for two machines and try pinging
each other.
On 10/11/2013 09:03 PM, Paola Venuso wrote:
Hi Miika,
I uncommented the line "Bindport
3545" in file
miredo.conf as I
read on
the man page of miredo and checked
ufw files
for rules
blocking IPv6
traffic (I uncommented two about
forwarding,
the others
about
enabling
this traffic were already
uncommented). Then I
tried
ping6 the
locators
and I got the message: unknown host.
Also I tried manual set up with
IPv4-based
locators, as you
wrote me,
and my host exchanged HIP UPDATE and
I1, R1,
I2, R2
packets with
another
host, with address193.167.187.149, that I
don't know
but I guess
maybe
it's one of infrahip servers.
Anyway, I am not sure I checked
correctly for
rules
about IPv6
traffic.
What should I do about this? Could
all this
problems be
connected also
with virtual machine net
configuration? It is
NAT by
default,
but there
are some other options.
Thanks for all the help you're giving
to me.
Paola
2013/10/11 Miika Komu
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>
Hi Paola,
it seems your installation is
fine. Base
on my own
experiences, I
think that a middlebox (firewall) is
blocking your
IPv6
traffic (in
the case of Teredo it's UDP port
3544).
Did you try to
ping6 the
routable addresses (locators)?
I also recommend trying a manual
set up with
IPv4-based
locators as
follows:
hipconf daemon rst all
hipconf daemon add map PEER_HIT
PEER_IPV4_ADDRESS
ping6 PEER_HIT
On 10/10/2013 12:42 AM, Paola
Venuso wrote:
Hi Miika,
hipd is running at the
responder, the
firewall
is not
blocking HIP
traffic and I don't use
redhat-based
distro.
This is the output of the
commands
from the
manual:
paola@ubuntu:~$ dpkg -l 'hipl*'
Desired=Unknown/Install/__________Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/__________Unpacked/halF-conf/Half-____inst/______trig-aWait/Trig-____pend
|/ Err?=(none)/Reinst-required
(Status,Err:
uppercase=bad)
||/ Nome Versione
Descrizione
+++-==============-===========__________===-==================__==__==__==__==__==============__====
ii hipl-all
1.0.8-6429 HIP for
Linux full
software bundle
ii hipl-daemon
1.0.8-6429 HIP for
Linux IPsec key
management and
mobil
ii hipl-dnsproxy
1.0.8-6429 HIP for
Linux name
lookup proxy
ii hipl-doc
1.0.8-6429 HIP
for Linux
documentation
ii hipl-firewall
1.0.8-6429 HIP
for Linux
multi-purpose
firewall
daemon
un hipl-minimal <nessuna>
(nessuna
descrizione
disponibile)
un hipl-tools <nessuna>
(nessuna
descrizione
disponibile)
paola@ubuntu:~$ hipconf
daemon get ha all
Sending user message 22 to
HIPD on
socket 3
Sent 40 bytes
Waiting to receive daemon info.
240 bytes received from HIP
daemon.
HA is I1-SENT
Shotgun mode is off.
Broadcast mode is off.
Local HIT:
2001:0012:421d:99a0:005d:d60f:__________73b0:4407
Peer HIT:
2001:001a:2a72:f01c:d98e:311c:__________c76a:57c4
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP:
2001:0000:53aa:064c:2cde:3e12:__________4367:467f
Local NAT traversal UDP
port: 10500
Peer IP:
2001:0708:0140:0220:0000:0000:__________0000:0016
Peer NAT traversal UDP
port: 10500
Peer hostname:
------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------
paola@ubuntu:~$ uname -a
Linux ubuntu 3.5.0-41-generic
#64~precise1-Ubuntu SMP
Thu Sep 12
17:01:55 UTC 2013 i686 i686 i386
GNU/Linux
paola@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu
12.04.3 LTS
Release: 12.04
Codename: precise
------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------
paola@ubuntu:~$ cat
/etc/hip/hipd.conf
# Format of this file is as with
hipconf, but
without
"hipconf
daemon"
prefix
# add hi default # add
all four
HITs (see
bug id 592127)
# add map HIT IP #
preload some
HIT-to-IP
mappings
to hipd
# add service rvs # the
host acts
as HIP
rendezvous
(also see
relay.conf)
# add server rvs [RVS-HIT]
<RVS-IP-OR-HOSTNAME>
<lifetime-secs> #
register to rendezvous server
# add server relay [RELAY-HIT]
<RVS-IP-OR-HOSTNAME>
<lifetime-secs> #
register to relay server
# add server full-relay
[RELAY-HIT]
<RVS-IP-OR-HOSTNAME>
<lifetime-secs>
# register to relay server
hit-to-ip on # resolve HITs to
locators in
dynamic DNS zone
# hit-to-ip set
hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>
<http://hit-to-ip.infrahip.net__>
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>
<http://hit-to-ip.infrahip.______net__
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>>
<http://hit-to-ip.infrahip.________net__
<http://hit-to-ip.infrahip.______net__
<http://hit-to-ip.infrahip.____net__
<http://hit-to-ip.infrahip.__net__
<http://hit-to-ip.infrahip.net__>>>>>.
# resolve HITs to locators
in dynamic
DNS zone
nsupdate on # send dynamic
DNS updates
# add server rvs
hiprvs.infrahip.net <http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net>
<http://hiprvs.infrahip.net> 50000
# Register to free RVS at
infrahip
# heartbeat 10 # send ICMPv6
messages
inside
HIP tunnels
# locator on # host
sends all
of its
locators in
base
exchange
# shotgun on # use all possible
src/dst IP
combinations
to send
I1/UPDATE
# broadcast on # broadcast
to LAN if no
matching IP
address found
# opp normal|advanced|none
# transform order 213 #
crypto preference
order (1=AES,
2=3DES,
3=NULL)
nat plain-udp # use UDP
capsulation (for
NATted
environments)
#nat port local 11111 #
change local
default
UDP port
#nat port peer 22222 #
change local
peer UDP port
debug medium # debug
verbosity: all,
medium, low
or none
default-hip-version 1 #
default HIP
version
number for
the I1
message.
(1=HIPv1, 2=HIPv2)
------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------
paola@ubuntu:~$ sudo
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source
destination
HIPFW-INPUT all --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT 139 -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT 139 -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT udp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
udp
spt:10500
ACCEPT esp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT icmpv6--
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT all -- 1.0.0.0/8
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> 1.0.0.0/8
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
Chain FORWARD (policy ACCEPT)
target prot opt source
destination
HIPFW-FORWARD all --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
Chain OUTPUT (policy ACCEPT)
target prot opt source
destination
HIPFW-OUTPUT all --
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT 139 -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT udp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
udp
dpt:10500
ACCEPT esp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT icmpv6--
0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
ACCEPT all -- 1.0.0.0/8
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> 1.0.0.0/8
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
Chain HIPFW-FORWARD (1
references)
target prot opt source
destination
Chain HIPFW-INPUT (1 references)
target prot opt source
destination
NFQUEUE udp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
udp
spt:10500
NFQUEUE num 0
NFQUEUE udp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
udp
dpt:10500
NFQUEUE num 0
NFQUEUE esp -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0>
NFQUEUE
num 0
Chain HIPFW-OUTPUT (1
references)
target prot opt source
destination
NFQUEUE all -- 0.0.0.0/0
<http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
<http://0.0.0.0/0>
<http://0.0.0.0/0> 1.0.0.0/8
<http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8> <http://1.0.0.0/8>
<http://1.0.0.0/8>
<http://1.0.0.0/8>
NFQUEUE
num 0
------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------
paola@ubuntu:~$ sudo
ip6tables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source
destination
HIPFW-INPUT all ::/0
::/0
ACCEPT all 2001:10::/28
2001:10::/28
Chain FORWARD (policy ACCEPT)
target prot opt source
destination
HIPFW-FORWARD all ::/0
::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source
destination
HIPFW-OUTPUT all ::/0
::/0
ACCEPT all 2001:10::/28
2001:10::/28
Chain HIPFW-FORWARD (1
references)
target prot opt source
destination
Chain HIPFW-INPUT (1 references)
target prot opt source
destination
NFQUEUE esp ::/0
::/0
NFQUEUE num 1
NFQUEUE all ::/0
2001:10::/28
NFQUEUE num 1
Chain HIPFW-OUTPUT (1
references)
target prot opt source
destination
NFQUEUE udp ::/0
2001:10::/28
NFQUEUE num 1
NFQUEUE icmp ::/0
2001:10::/28
NFQUEUE num 1
NFQUEUE tcp ::/0
2001:10::/28
NFQUEUE num 1
NFQUEUE icmpv6 ::/0
2001:10::/28
NFQUEUE num 1
------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------
paola@ubuntu:~$ ps axu |
grep hip
nobody 1002 0.0 0.1
4980 2004
? S
14:21 0:00
/usr/sbin/hipd -bkN
nobody 1092 0.0 0.1
5116 1220
? S
14:21 0:00
/usr/sbin/hipfw -bklpFi
root 1477 0.0 0.6
10860 6576
? S
14:21 0:00
python
/usr/sbin/hipdnsproxy -k
root 3144 0.0 0.0
0 0
? Z
14:22 0:00
[hipconf] <defunct>
paola 3304 0.0 0.0
4412 832
pts/0 S+
14:32 0:00
grep
--color=auto hip
------------------------------__________----------------------__--__--__--__--__--------------__----__----__----__----__------__------__------__------__------
paola@ubuntu:~$ ps axu |
grep dns
root 1477 0.0 0.6
10860 6576
? S
14:21 0:00
python
/usr/sbin/hipdnsproxy -k
nobody 2155 0.0 0.1
5400 1388
? S
14:21 0:00
/usr/sbin/dnsmasq --no-resolv
--keep-in-foreground
--no-hosts
--bind-interfaces
--pid-file=/var/run/sendsigs.__________omit.d/network-manager.__________dnsmasq.pid
--listen-address=127.0.0.1
--conf-file=/var/run/nm-dns-__________dnsmasq.conf
--cache-size=0 --proxy-dnssec
--enable-dbus
--conf-dir=/etc/__________NetworkManager/dnsmasq.d
paola 3307 0.0 0.0
4412 836
pts/0 S+
14:32 0:00
grep
--color=auto dns
Thanks a lot,
Paola
2013/10/9 Miika Komu
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>>
Hi Paola,
please provide some more
information as
instructed
in the
manual:
http://hipl.hiit.fi/hipl/_______
<http://hipl.hiit.fi/hipl/__________manual/HOWTO.html#quick>
...
