我有一台新安装的 Windows Server 2008 R2 SP1 虚拟机,尽管表面上有正确的 IPv6 连接,但它完全无法访问任何 IPv6 网页。此外,其他 Linux VM 也无法访问 IPv6 网站。
此设置之前曾运行过,虚拟机中具有完整的 IPv6 连接,但现在无缘无故停止了工作。
我的所有虚拟机都桥接到物理以太网,并从主机上的 radvd 接收公告。IPv6 在主机上正常工作,主机也是 IPv6 路由器。Wireshark 显示主机在收到 HTTP SYN 数据包后发回了 ICMPv6 目标不可达(管理禁止)。
Internet Explorer 报告无法显示网页,而 Google Chrome 仅显示“哎呀!Chrome 无法连接到网页”,且没有错误编号。
我甚至能够 ping 本地网关和 Google 的 IPv6 地址并执行 IPv6 DNS 查找。
PS C:\Users\Administrator> ping -6 fe80::6e62:6dff:fed1:dfad
Pinging fe80::6e62:6dff:fed1:dfad with 32 bytes of data:
Reply from fe80::6e62:6dff:fed1:dfad: time<1ms
Reply from fe80::6e62:6dff:fed1:dfad: time<1ms
Reply from fe80::6e62:6dff:fed1:dfad: time<1ms
Reply from fe80::6e62:6dff:fed1:dfad: time<1ms
Ping statistics for fe80::6e62:6dff:fed1:dfad:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
PS C:\Users\Administrator> ping -6 www.google.com
Pinging www.l.google.com [2001:4860:800a::67] with 32 bytes of data:
Reply from 2001:4860:800a::67: time=43ms
Reply from 2001:4860:800a::67: time=42ms
Reply from 2001:4860:800a::67: time=46ms
Reply from 2001:4860:800a::67: time=42ms
Ping statistics for 2001:4860:800a::67:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 46ms, Average = 43ms
我的虚拟机配置如下:
PS C:\Users\Administrator> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN-CRLO5NIQB72
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter
Physical Address. . . . . . . . . : 52-54-00-DD-DF-3E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:db8:1600:80bf:5054:ff:fedd:df3e(Preferred)
Link-local IPv6 Address . . . . . : fe80::5054:ff:fedd:df3e%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.12.146(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 09, 2012 1:59:42 PM
Lease Expires . . . . . . . . . . : Tuesday, July 10, 2012 1:59:42 PM
Default Gateway . . . . . . . . . : fe80::6e62:6dff:fed1:dfad%13
192.168.12.1
DHCP Server . . . . . . . . . . . : 192.168.12.1
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
192.168.12.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10d1:317d:3f57:f36d(Preferred)
Link-local IPv6 Address . . . . . : fe80::10d1:317d:3f57:f36d%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
PS C:\Users\Administrator> netsh interface ipv6 show route
Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- --- ------------------------ --- ------------------------
No Manual 256 ::/0 13 fe80::6e62:6dff:fed1:dfad
No Manual 256 ::1/128 1 Loopback Pseudo-Interface 1
No Manual 8 2001::/32 12 Teredo Tunneling Pseudo-Interface
No Manual 256 2001:0:4137:9e76:10d1:317d:3f57:f36d/128 12 Teredo Tunneling Pseudo-Interface
No Manual 8 2001:db8:1600:80bf::/64 13 Local Area Connection 2
No Manual 256 2001:db8:1600:80bf:5054:ff:fedd:df3e/128 13 Local Area Connection 2
No Manual 256 fe80::/64 13 Local Area Connection 2
No Manual 256 fe80::/64 12 Teredo Tunneling Pseudo-Interface
No Manual 256 fe80::5efe:192.168.12.146/128 11 isatap.local
No Manual 256 fe80::10d1:317d:3f57:f36d/128 12 Teredo Tunneling Pseudo-Interface
No Manual 256 fe80::5054:ff:fedd:df3e/128 13 Local Area Connection 2
No Manual 256 ff00::/8 1 Loopback Pseudo-Interface 1
No Manual 256 ff00::/8 13 Local Area Connection 2
No Manual 256 ff00::/8 12 Teredo Tunneling Pseudo-Interface
PS C:\Users\Administrator> netsh interface ipv6 show prefixpolicies
Querying active state...
Precedence Label Prefix
---------- ----- --------------------------------
50 0 ::1/128
40 1 ::/0
30 2 2002::/16
20 3 ::/96
10 4 ::ffff:0:0/96
5 5 2001::/32
到目前为止,我在虚拟机中已经尝试过:
netsh interface ipv6 set global randomizeidentifiers=disabled
不用找了。
禁用 Teredo 适配器:没有变化。但它不知怎么又重新启用了。
使用Microsoft Fix-It 选择 IPv6 而不是 IPv4: 不用找了。
到目前为止,我已经在主机上尝试过:
检查 IPv6 转发 sysctl:
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.br0.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.em1.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.sit0.forwarding = 1
net.ipv6.conf.sixxs.forwarding = 1
net.ipv6.conf.virbr0.forwarding = 1
net.ipv6.conf.virbr0-nic.forwarding = 1
net.ipv6.conf.vnet0.forwarding = 1
net.ipv6.conf.vnet1.forwarding = 1
net.ipv6.conf.vnet2.forwarding = 1
重新启动 radvd:没有变化。
答案1
ICMPv6 目标不可达数据包有助于识别该问题为防火墙问题。
添加一条规则来转发 br0 上的 IPv6 数据包可以解决此问题:
ip6tables -I FORWARD 6 -i br0 -s 2001:db8:1600:80bf::/64 -j ACCEPT