最近我的一台服务器获得了 IPv6 地址。但是,只有 ping 似乎可以在 IPv6 上工作:
# ping6 google.com
PING google.com(fra16s24-in-x0e.1e100.net) 56 data bytes
64 bytes from fra16s24-in-x0e.1e100.net: icmp_seq=1 ttl=58 time=1.37 ms
^C
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.374/1.374/1.374/0.000 ms
# nc google.com 80 -6vvv
nc: connect to google.com port 80 (tcp) failed: Connection timed out
网络配置如下:
iface ens18 inet6 static
address 2a00:12d8:2008:2ffc:0000:0000:0000:0001
netmask 64
post-up /sbin/ip -r route add 2a00:12d8:2008::1 dev ens18
post-up /sbin/ip -r route add default via 2a00:12d8:2008::1
可能不太可能有防火墙阻止除 ICMP 数据包之外的任何数据包。这可能是我这边的某种配置错误吗?我该怎么做才能调试这样的问题?
更新:是的,所有目的地都会发生这种情况,不仅仅是谷歌。
# traceroute6 -Snp80 google.com
traceroute6: invalid option -- 'S'
Usage: traceroute6 [-dnrvV] [-m max_ttl] [-p port#] [-q nqueries]
[-s src_addr] [-t tos] [-w wait] host [data size]
# traceroute6 -np80 google.com
traceroute to google.com (2a00:1450:4001:824::200e) from 2a00:12d8:2008:2ffc::1, 30 hops max, 24 byte packets
1 2a00:12d8:200e::2 0.718 ms 0.42 ms 0.427 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
...
# traceroute6 -n google.com
traceroute to google.com (2a00:1450:4001:824::200e) from 2a00:12d8:2008:2ffc::1, 30 hops max, 24 byte packets
1 2a00:12d8:200e::2 0.589 ms 0.396 ms 0.396 ms
2 2a00:12d8:2008::1 0.83 ms 0.815 ms 0.688 ms
3 2001:7f8:33::a100:6939:1 0.735 ms 0.7 ms 0.66 ms
4 2001:7f8::3b41:0:1 1.26 ms 1.321 ms 1.222 ms
5 2001:4860:0:1::19ef 1.347 ms 1.218 ms 1.415 ms
6 2001:4860:0:1::1af7 1.477 ms 1.347 ms 1.231 ms
7 2a00:1450:4001:824::200e 1 ms 0.98 ms 1.181 ms
答案1
好吧,最终的解决方案非常简单:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
并使其永久化:
echo 'net.ipv6.conf.all.forwarding=1' >> /etc/sysctl.conf
来自手册:
这将启用所有接口之间的全局 IPv6 转发。
老实说,我不知道为什么必须激活它,但它确实为我解决了这个问题。