Tunnelbroker tunnels and aussie broadband

Discussion in 'Networking, Telephony & Internet' started by Nobby6, Oct 21, 2020.

  1. Nobby6

    Nobby6 Member

    Joined:
    Oct 25, 2017
    Messages:
    145
    Location:
    S.E.Q
    Hey,

    So I've just been forced onto NBN (exchange now being shutdown), I run my own mail/web server, worked great on ADSL, but I'm now on FTTN, they work great on IPv4 but for life of me I cant get my tunnelbroker working, I've changed my client endpoint, crappy billion 8700AXL1600 router doesnt care about FW rules too much, just changed interface from pppoe to ptm0.1 where aussie lives with the two IPv4 address they require, tunnel and the pinger, through to the machine which hosts the mail/web.

    All I've ever needed to when TPG changed my static IP (3 times in last 2 years) is change my client endpoint and up she comes, I've played with MTU no dice, even cleared all FW rules, no dice, factory reset and recreated, still, no dice, I cant even ping tunnelbrokers end of teh tunnel, on foo:1

    I've read on the forum that shant be named (but im sure we all know where the power tripper moderators live) someone else has experienced same problem where he then took the same config to the clients bosses joint who are with superloop and it worked, unfortunately I have no other place I can try, but this worked then, it should now, I verified from mail server logs ipv6 was all good up to the cutover.

    Not game to delete my tunnel (not that I should have too) and recreate since I likely wont get my same IP's back I've had for a few years.

    Aaaaaannnnnnnndddddd before anyone says it, yes I know aussie have native IPv6, I've also been following their threads on it and they still have issues so not touching it.

    Anyone else using hurricane electrics tunnelbroker with aussie and not have issues? did you need do anything funky? Maybe its something obvious I overlooked?

    Details in next post
     
    Last edited: Oct 21, 2020
  2. OP
    OP
    Nobby6

    Nobby6 Member

    Joined:
    Oct 25, 2017
    Messages:
    145
    Location:
    S.E.Q
    IPv6 address are brought up then tunnel script is run

    ip tunnel add he-ipv6 mode sit remote 64.62.x.x local 10.100.100.100 ttl 255
    #ip link set he-ipv6 up
    ip link set he-ipv6 up mtu 1432
    ip addr add 2001:470:yy:zzz::z/64 dev he-ipv6
    ip route add ::/0 dev he-ipv6
    ip -f inet6 addr


    FW
    usual flushing rules are omitted here, the posts already too damn long :)

    usr/sbin/iptables -P INPUT ACCEPT
    /usr/sbin/iptables -P OUTPUT ACCEPT
    /usr/sbin/iptables -P FORWARD ACCEPT

    /usr/sbin/ip6tables -P INPUT DROP
    /usr/sbin/ip6tables -P OUTPUT ACCEPT
    /usr/sbin/ip6tables -P FORWARD DROP

    /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -i lo -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -s fe80::/10 -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -d ff00::/8 -j ACCEPT

    /usr/sbin/iptables -A INPUT -s 10.100.100.0/24 -j ACCEPT

    /usr/sbin/iptables -A INPUT -s 66.220.x.x -j ACCEPT
    /usr/sbin/iptables -A INPUT -s 64.62.x.x -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -s 2001:470:yy:zzz::z/64 -j ACCEPT
    /usr/sbin/ip6tables -A FORWARD -s 2001:470:zz:zzz::z/64 -j ACCEPT
    /usr/sbin/ip6tables -A FORWARD -d 2001:470:zz:zzz::z/64 -j ACCEPT

    /usr/sbin/iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
    /usr/sbin/ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

    ... accept to ports rules omitted

    ... Makes no difference if I set all or select pollcies to ALLOW or not

    This all worked on previous ISP
     
    Last edited: Oct 22, 2020
  3. HSV_Enigma

    HSV_Enigma Member

    Joined:
    Jul 21, 2003
    Messages:
    489
    Location:
    Adelaide
    No idea what a tunnel broker is, just throwing out the CGNAT interferance possibility
     
  4. OP
    OP
    Nobby6

    Nobby6 Member

    Joined:
    Oct 25, 2017
    Messages:
    145
    Location:
    S.E.Q
    Ahh my bad, forgot to mention, no, as I run server I pay for a static ip so are supposed to be in a business IP range, their firewall setting is also unblocked, something else I neglected to mention ooops, so neither of them should be a problem.
     
  5. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,736
    Location:
    Brisbane
  6. OP
    OP
    Nobby6

    Nobby6 Member

    Joined:
    Oct 25, 2017
    Messages:
    145
    Location:
    S.E.Q

Share This Page

Advertisement: