我有一个新安装的Windows Server 2008 R2 SP1虚拟机,它完全无法访问任何IPv6网页,尽pipe显然具有正确的IPv6连接。 另外,其他Linux虚拟机也无法访问IPv6网站。
此设置以前工作,在虚拟机中具有完整的IPv6连接,并且没有明显的原因停止工作。
我所有的虚拟机桥接到物理以太网,并从主机上的radvd接收通知。 IPv6在主机上正常工作,主机也是IPv6路由器。 Wireshark显示主机收到HTTP SYN数据包后正在发回一个ICMPv6目的地不可达(Administratively prohibited)。
Internet Explorer报告无法显示网页,Google Chrome只能显示Oops! Chrome无法连接到网页,没有错误号码。
我甚至可以ping本地网关和谷歌的IPv6地址,并进行IPv6 DNS查找。
PS C:\Users\Administrator> ping -6 fe80::6e62:6dff:fed1:dfad Pinging fe80::6e62:6dff:fed1:dfad with 32 bytes of data: Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Reply from fe80::6e62:6dff:fed1:dfad: time<1ms Ping statistics for fe80::6e62:6dff:fed1:dfad: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms PS C:\Users\Administrator> ping -6 www.google.com Pinging www.l.google.com [2001:4860:800a::67] with 32 bytes of data: Reply from 2001:4860:800a::67: time=43ms Reply from 2001:4860:800a::67: time=42ms Reply from 2001:4860:800a::67: time=46ms Reply from 2001:4860:800a::67: time=42ms Ping statistics for 2001:4860:800a::67: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 42ms, Maximum = 46ms, Average = 43ms 我的虚拟机的configuration如下所示:
PS C:\Users\Administrator> ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : WIN-CRLO5NIQB72 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : local Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter Physical Address. . . . . . . . . : 52-54-00-DD-DF-3E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:db8:1600:80bf:5054:ff:fedd:df3e(Preferred) Link-local IPv6 Address . . . . . : fe80::5054:ff:fedd:df3e%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.12.146(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, July 09, 2012 1:59:42 PM Lease Expires . . . . . . . . . . : Tuesday, July 10, 2012 1:59:42 PM Default Gateway . . . . . . . . . : fe80::6e62:6dff:fed1:dfad%13 192.168.12.1 DHCP Server . . . . . . . . . . . : 192.168.12.1 DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888 2001:4860:4860::8844 192.168.12.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.local: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : local Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10d1:317d:3f57:f36d(Preferred) Link-local IPv6 Address . . . . . : fe80::10d1:317d:3f57:f36d%12(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled PS C:\Users\Administrator> netsh interface ipv6 show route Publish Type Met Prefix Idx Gateway/Interface Name ------- -------- --- ------------------------ --- ------------------------ No Manual 256 ::/0 13 fe80::6e62:6dff:fed1:dfad No Manual 256 ::1/128 1 Loopback Pseudo-Interface 1 No Manual 8 2001::/32 12 Teredo Tunneling Pseudo-Interface No Manual 256 2001:0:4137:9e76:10d1:317d:3f57:f36d/128 12 Teredo Tunneling Pseudo-Interface No Manual 8 2001:db8:1600:80bf::/64 13 Local Area Connection 2 No Manual 256 2001:db8:1600:80bf:5054:ff:fedd:df3e/128 13 Local Area Connection 2 No Manual 256 fe80::/64 13 Local Area Connection 2 No Manual 256 fe80::/64 12 Teredo Tunneling Pseudo-Interface No Manual 256 fe80::5efe:192.168.12.146/128 11 isatap.local No Manual 256 fe80::10d1:317d:3f57:f36d/128 12 Teredo Tunneling Pseudo-Interface No Manual 256 fe80::5054:ff:fedd:df3e/128 13 Local Area Connection 2 No Manual 256 ff00::/8 1 Loopback Pseudo-Interface 1 No Manual 256 ff00::/8 13 Local Area Connection 2 No Manual 256 ff00::/8 12 Teredo Tunneling Pseudo-Interface PS C:\Users\Administrator> netsh interface ipv6 show prefixpolicies Querying active state... Precedence Label Prefix ---------- ----- -------------------------------- 50 0 ::1/128 40 1 ::/0 30 2 2002::/16 20 3 ::/96 10 4 ::ffff:0:0/96 5 5 2001::/32
到目前为止,在VM中我尝试过:
netsh interface ipv6 set global randomizeidentifiers=disabled
不用找了。
禁用Teredo适配器:不变。 它不知何故被重新启用。
使用Microsoft Fix-It来优先selectIPv6 over IPv4 :不变。
到目前为止,我已经尝试过:
检查IPv6转发sysctl:
net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.br0.forwarding = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.em1.forwarding = 1 net.ipv6.conf.lo.forwarding = 1 net.ipv6.conf.sit0.forwarding = 1 net.ipv6.conf.sixxs.forwarding = 1 net.ipv6.conf.virbr0.forwarding = 1 net.ipv6.conf.virbr0-nic.forwarding = 1 net.ipv6.conf.vnet0.forwarding = 1 net.ipv6.conf.vnet1.forwarding = 1 net.ipv6.conf.vnet2.forwarding = 1
重新启动的radvd:没有变化。
ICMPv6目标不可达数据包有助于将问题确定为防火墙问题。
在br0上添加一个规则来转发IPv6数据包解决了这个问题:
ip6tables -I FORWARD 6 -i br0 -s 2001:db8:1600:80bf::/64 -j ACCEPT