ping6 오류 "작업이 허용되지 않습니다"

ping6 오류 "작업이 허용되지 않습니다"

내 게이트웨이나 다른 게이트웨이를 ping6할 수 없습니다. 루프백을 성공적으로 ping6할 수 있었지만 그게 전부였습니다.

[\u@r2d2:/root] # ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:19f0:7000:8945:5400:ff:fe05:3dab --> 2404:6800:400a:805::200e
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
^C
--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss


[\u@r2d2:/root] # netstat -rn
Routing tables


Internet:
Destination Gateway Flags Netif Expire
default 107.191.60.1 UGS vtnet0
107.191.60.0/24 link#1 U vtnet0
107.191.60.48 link#1 UHS lo0
127.0.0.1 link#2 UH lo0
169.254.0.0/16 56:00:00:05:3d:ab US vtnet0


Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
default 56:00:00:05:3d:ab US vtnet0
::1 link#2 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:19f0:7000:8945::/64 link#1 U vtnet0
2001:19f0:7000:8945::64 link#1 UHS lo0
2001:19f0:7000:8945:5400:ff:fe05:3dab link#1 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%vtnet0/64 link#1 U vtnet0
fe80::5400:ff:fe05:3dab%vtnet0 link#1 UHS lo0
fe80::%lo0/64 link#2 U lo0
fe80::1%lo0 link#2 UHS lo0
fe80::%tun0/64 link#4 U tun0
fe80::5029:5a67:f95a:a47e%tun0 link#4 UHS lo0
ff01::%vtnet0/32 fe80::5400:ff:fe05:3dab%vtnet0 U vtnet0
ff01::%lo0/32 ::1 U lo0
ff01::%tun0/32 fe80::5029:5a67:f95a:a47e%tun0 U tun0
ff02::/16 ::1 UGRS lo0
ff02::%vtnet0/32 fe80::5400:ff:fe05:3dab%vtnet0 U vtnet0
ff02::%lo0/32 ::1 U lo0
ff02::%tun0/32 fe80::5029:5a67:f95a:a47e%tun0 U tun0


[\u@r2d2:/root] # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether 56:00:00:05:3d:ab
inet6 fe80::5400:ff:fe05:3dab%vtnet0 prefixlen 64 scopeid 0x1
inet6 2001:19f0:7000:8945:5400:ff:fe05:3dab prefixlen 64 autoconf
inet 107.191.60.48 netmask 0xffffff00 broadcast 107.191.60.255
inet6 2001:19f0:7000:8945::64 prefixlen 64
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=100<PROMISC> metric 0 mtu 33160
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::5029:5a67:f95a:a47e%tun0 prefixlen 64 scopeid 0x4
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 1054

[\u@r2d2:/root] # cat /etc/rc.conf| curl -F 'sprunge=<-' http://sprunge.us
[http://sprunge.us/GDFg][1]


[\u@r2d2:/root] # service ipfw onestop
sysctl: unknown oid 'net.inet.ip.fw.enable': No such file or directory
sysctl: unknown oid 'net.inet6.ip6.fw.enable': No such file or directory


[\u@r2d2:/root] # route add -inet6 default -iface vtnet0
route: writing to routing socket: File exists
add net default: gateway vtnet0 fib 0: route already in table 

연결/IPv6 주소가 한때 유효했지만 오랫동안 확인되지 않았습니다.

그러나 ipv6 트래픽의 tcpdump는 회선에 도착하는 다른 IPv6 트래픽을 "표시"합니다.

17:12:37.632743 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::5400:ff:fe05:3dab > fe80::fc00:ff:fe05:3dab: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is r2d2.ex-mailer.com, Flags [router, solicited]
17:12:38.795797 IP6 (hlim 56, next-header UDP (17) payload length: 57) 2001:19f0:ac00:102:5054:ff:fea9:125.44215 > r2d2.ex-mailer.com.domain: [udp sum ok] 65322% [1au] NS? e-shadowsecurity.net. ar: . OPT UDPsize=1232 OK (49)
17:12:40.294209 IP6 (hlim 56, next-header UDP (17) payload length: 65) 2001:19f0:ac00:102:5054:ff:fea9:125.34231 > r2d2.ex-mailer.com.domain: [udp sum ok] 21702% [1au] AAAA? spartan.e-shadowsecurity.net. ar: . OPT UDPsize=4096 OK (57)
17:12:40.300451 IP6 (hlim 56, next-header UDP (17) payload length: 57) 2001:19f0:ac00:102:5054:ff:fea9:125.31739 > r2d2.ex-mailer.com.domain: [udp sum ok] 8695% [1au] NS? e-shadowsecurity.net. ar: . OPT UDPsize=4096 OK (49)
17:12:41.798625 IP6 (hlim 56, next-header UDP (17) payload length: 65) 2001:19f0:ac00:102:5054:ff:fea9:125.45150 > r2d2.ex-mailer.com.domain: [udp sum ok] 32270% [1au] AAAA? spartan.e-shadowsecurity.net. ar: . OPT UDPsize=1232 OK (57)
17:12:42.638938 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5400:ff:fe05:3dab > fe80::fc00:ff:fe05:3dab: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::fc00:ff:fe05:3dab

고쳐 쓰다:

[\u@r2d2:/root] # /etc/rc.d/netif restart && /etc/rc.d/routing restart
Stopping Network: lo0 vtnet0.
lo0: flags=8048<LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 56:00:00:05:3d:ab
        inet6 fe80::5400:ff:fe05:3dab%vtnet0 prefixlen 64 scopeid 0x1 
        inet6 2001:19f0:7000:8945:5400:ff:fe05:3dab prefixlen 64 autoconf 
        inet6 2001:19f0:7000:8945::64 prefixlen 64 
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
Starting Network: lo0 vtnet0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 56:00:00:05:3d:ab
        inet6 fe80::5400:ff:fe05:3dab%vtnet0 prefixlen 64 scopeid 0x1 
        inet6 2001:19f0:7000:8945:5400:ff:fe05:3dab prefixlen 64 autoconf 
        inet 107.191.60.48 netmask 0xffffff00 broadcast 107.191.60.255 
        inet6 2001:19f0:7000:8945::64 prefixlen 64 
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
route: writing to routing socket: No such process
delete net 169.254.0.0: gateway vtnet0 fib 0: not in table
route: writing to routing socket: No such process
delete net default: gateway 107.191.60.1 fib 0: not in table
delete net fe80::: gateway ::1
delete net ff02::: gateway ::1
delete net ::ffff:0.0.0.0: gateway ::1
delete net ::0.0.0.0: gateway ::1
add net 169.254.0.0: gateway vtnet0
add net default: gateway 107.191.60.1
Additional inet routing options: gateway=YES.
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Additional inet6 routing options: gateway=YES.




[\u@r2d2:/root] # rtsol -D vtnet0
checking if vtnet0 is ready...
vtnet0 is ready
set timer for vtnet0 to 1s
New timer is 1s
timer expiration on vtnet0, state = 1
send RS on vtnet0, whose state is 2
set timer for vtnet0 to 4s
New timer is 4s
received RA from fe80::fc00:ff:fe05:3dab on vtnet0, state is 2
Processing RA
ndo = 0x607b60
ndo->nd_opt_type = 3
ndo->nd_opt_len = 4
ndo = 0x607b80
ndo->nd_opt_type = 25
ndo->nd_opt_len = 3
nsbuf = 2001:19f0:300:1704::6
ndo = 0x607b98
ndo->nd_opt_type = 5
ndo->nd_opt_len = 1
ndo = 0x607ba0
ndo->nd_opt_type = 1
ndo->nd_opt_len = 1
rsid = [vtnet0:slaac]
write to child = nameserver (11)
write to child = 2001:19f0:300:1704::6(21)
write to child = 
(1)
script "/sbin/resolvconf" terminated
stop timer for vtnet0
RA expiration timer: type=25, msg=2001:19f0:300:1704::6, expire=1h0m0s
there is no timer




[\u@r2d2:/root] # ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:19f0:7000:8945:5400:ff:fe05:3dab --> 2404:6800:400a:804::200e
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
^C
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

답변1

IP 테이블 등이 될 수 있습니다. 노력하다:

#ip6tables -P INPUT ACCEPT
#ip6tables -P OUTPUT ACCEPT
#ip6tables -P FORWARD ACCEPT

관련 정보