Linux
KVM 虛擬機無法訪問 IPv6 網站
我有一個新安裝的 Windows Server 2008 R2 SP1 虛擬機,它完全無法訪問任何 IPv6 網頁,儘管顯然具有正確的 IPv6 連接。此外,其他 Linux VM 也無法訪問 IPv6 網站。
此設置之前在虛擬機中具有完整的 IPv6 連接,並且在沒有明顯原因的情況下停止工作。
我所有的虛擬機都橋接到物理乙太網,並在主機上接收來自 radvd 的通知。IPv6 在主機上正常工作,主機也是 IPv6 路由器。Wireshark 顯示主機在收到 HTTP SYN 數據包後正在發回 ICMPv6 Destination Unreachable(管理禁止)。
Internet Explorer 報告它無法顯示網頁,而Google瀏覽器只說 Oops!Chrome 無法連接到網頁,沒有錯誤號。
我什至可以 ping 本地網關和 Google 的 IPv6 地址並進行 IPv6 DNS 查找。
PS C:\Users\Administrator> ping -6 fe80::6e62:6dff:fed1:dfad Pinging fe80::6e62:6dff:fed1:dfad with 32 bytes of data: Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Ping statistics for fe80::6e62:6dff:fed1:dfad: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms PS C:\Users\Administrator> ping -6 www.google.com Pinging www.l.google.com [2001:4860:800a::67] with 32 bytes of data: Reply from 2001:4860:800a::67: time=43ms Reply from 2001:4860:800a::67: time=42ms Reply from 2001:4860:800a::67: time=46ms Reply from 2001:4860:800a::67: time=42ms Ping statistics for 2001:4860:800a::67: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 42ms, Maximum = 46ms, Average = 43ms我的虛擬機配置如下:
PS C:\Users\Administrator> ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : WIN-CRLO5NIQB72 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : local Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter Physical Address. . . . . . . . . : 52-54-00-DD-DF-3E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:db8:1600:80bf:5054:ff:fedd:df3e(Preferred) Link-local IPv6 Address . . . . . : fe80::5054:ff:fedd:df3e%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.12.146(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, July 09, 2012 1:59:42 PM Lease Expires . . . . . . . . . . : Tuesday, July 10, 2012 1:59:42 PM Default Gateway . . . . . . . . . : fe80::6e62:6dff:fed1:dfad%13 192.168.12.1 DHCP Server . . . . . . . . . . . : 192.168.12.1 DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888 2001:4860:4860::8844 192.168.12.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.local: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : local Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10d1:317d:3f57:f36d(Preferred) Link-local IPv6 Address . . . . . : fe80::10d1:317d:3f57:f36d%12(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled PS C:\Users\Administrator> netsh interface ipv6 show route Publish Type Met Prefix Idx Gateway/Interface Name ------- -------- --- ------------------------ --- ------------------------ No Manual 256 ::/0 13 fe80::6e62:6dff:fed1:dfad No Manual 256 ::1/128 1 Loopback Pseudo-Interface 1 No Manual 8 2001::/32 12 Teredo Tunneling Pseudo-Interface No Manual 256 2001:0:4137:9e76:10d1:317d:3f57:f36d/128 12 Teredo Tunneling Pseudo-Interface No Manual 8 2001:db8:1600:80bf::/64 13 Local Area Connection 2 No Manual 256 2001:db8:1600:80bf:5054:ff:fedd:df3e/128 13 Local Area Connection 2 No Manual 256 fe80::/64 13 Local Area Connection 2 No Manual 256 fe80::/64 12 Teredo Tunneling Pseudo-Interface No Manual 256 fe80::5efe:192.168.12.146/128 11 isatap.local No Manual 256 fe80::10d1:317d:3f57:f36d/128 12 Teredo Tunneling Pseudo-Interface No Manual 256 fe80::5054:ff:fedd:df3e/128 13 Local Area Connection 2 No Manual 256 ff00::/8 1 Loopback Pseudo-Interface 1 No Manual 256 ff00::/8 13 Local Area Connection 2 No Manual 256 ff00::/8 12 Teredo Tunneling Pseudo-Interface PS C:\Users\Administrator> netsh interface ipv6 show prefixpolicies Querying active state... Precedence Label Prefix ---------- ----- -------------------------------- 50 0 ::1/128 40 1 ::/0 30 2 2002::/16 20 3 ::/96 10 4 ::ffff:0:0/96 5 5 2001::/32到目前為止,在我嘗試過的虛擬機中:
netsh interface ipv6 set global randomizeidentifiers=disabled不用找了。
禁用 Teredo 適配器:沒有變化。它以某種方式重新啟用。
使用Microsoft Fix-It 比 IPv4 更喜歡 IPv6:沒有變化。
到目前為止,在我嘗試過的主機上:
檢查 IPv6 轉發 sysctl:
net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.br0.forwarding = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.em1.forwarding = 1 net.ipv6.conf.lo.forwarding = 1 net.ipv6.conf.sit0.forwarding = 1 net.ipv6.conf.sixxs.forwarding = 1 net.ipv6.conf.virbr0.forwarding = 1 net.ipv6.conf.virbr0-nic.forwarding = 1 net.ipv6.conf.vnet0.forwarding = 1 net.ipv6.conf.vnet1.forwarding = 1 net.ipv6.conf.vnet2.forwarding = 1重新啟動 radvd:沒有變化。
ICMPv6 目標不可達數據包有助於將問題辨識為防火牆問題。
添加規則以在 br0 上轉發 IPv6 數據包修復了該問題:
ip6tables -I FORWARD 6 -i br0 -s 2001:db8:1600:80bf::/64 -j ACCEPT