Jool icon indicating copy to clipboard operation
Jool copied to clipboard
verified publisher icon NICMx

http connection failed

Open neighbour7 opened this issue 4 years ago • 29 comments

Configure the network according to the example of Stateful NAT64 on the official website, you can send and accept icmp, but http cannot

env: ubuntu18 iptables tcpdump error message: 64:ff9b::203.0.113.16 cannot route

neighbour7 avatar Jan 19 '22 05:01 neighbour7 

$ wget http://[64:ff9b::203.0.113.16]/archive.7z
--2022-01-19 08:06:07--  http://[64:ff9b::203.0.113.16]/archive.7z
Connecting to 64:ff9b::203.0.113.16 (64:ff9b::203.0.113.16)|64:ff9b::cb00:7110|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 537304 (525K) [application/x-7z-compressed]
Saving to: ‘archive.7z’

archive.7z      100%[======>] 524.71K  --.-KB/s    in 0.008s  

2022-01-19 08:06:07 (65.1 MB/s) - ‘archive.7z’ saved [537304/537304]

Works fine for me.

tcpdump error message: 64:ff9b::203.0.113.16 cannot route

Works fine for me:

$ sudo tcpdump -ni vboxnet0 host 64:ff9b::203.0.113.16
08:13:24.029469 IP6 64:ff9b::cb00:7110.80 > 2001:db8::8.44632: Flags [S.], seq 727844829, ack 1135569178, win 65160, options [mss 1460,sackOK,TS val 2525517162 ecr 198001399,nop,wscale 7], length 0
(...)

Environment:

$ uname -a
Linux ubuntu18 4.15.0-163-generic #171-Ubuntu SMP Fri Nov 5 11:55:11 UTC 2021 x86_64 x86_64 GNU/Linux

ydahhrk avatar Jan 19 '22 14:01 ydahhrk

I tried several times and failed 😖

neighbour7 avatar Jan 20 '22 02:01 neighbour7

  • What's the output of ip address in all three nodes?
  • What's the output of ip route in all three nodes?
  • What's the output of ip -6 route in all three nodes?
  • Can A ping T?
  • Can V ping T?
  • What's the output of sudo jool global display in T?

ydahhrk avatar Jan 20 '22 02:01 ydahhrk

ip address ip route ip -6 route no problem A can png V A can ping T V can ping T sudo jool global display output: This namespace lacks an instance named 'default'

neighbour7 avatar Jan 20 '22 03:01 neighbour7

A is manjaro, V is Windows10, T is ubuntu18

neighbour7 avatar Jan 20 '22 03:01 neighbour7

T

ip r:

203.0.113.0/24 dev enp5s0 proto kernel scope link src 203.0.113.1

ip -6 r:

2001:db8::/96 dev enp6s0 proto kernel metric 256 pref medium
fe80::/64 dev enp5s0 proto kernel metric 256 pref medium
fe80::/64 dev enp6s0 proto kernel metric 256 pref medium

ip -br -c a:

enp5s0 up 203.0.113.1/24  fe80::a653:eeff:fe70:23e5/64
enp6s0 up 2001:db8::1/96  fe80::a653:eeff:fe70:23e6/64

A

ip -6 r:

64:ff9b::/96 via 2001:db8::1 dev enp4s0 metric 1024 pref medium
2001:db8::/96 dev enp4s0 proto kernel metric 256 pref medium

ip -br -c a:

enp4s0   UP   2001:db8::8/96

V

ipconfig:

203.0.113.16
255.255.255.0

neighbour7 avatar Jan 20 '22 03:01 neighbour7

Ok; nothing strange so far.

sudo jool global display output: This namespace lacks an instance named 'default'

Sorry; I meant

sudo jool -i example global display
  • What's the output of sudo iptables -t mangle -L?
  • What's the output of sudo ip6tables -t mangle -L?
  • Please run in T:
sudo jool -i example global update logging-debug true
sudo dmesg -C

Then quickly try your HTTP request from A, then run dmesg in T. Post the output.

ydahhrk avatar Jan 20 '22 06:01 ydahhrk

After executing your method, now my Terminator can connect with http, but the browser and gnome terminal cannot connect with http. I think it may be a problem with my computer? image 1d5aaa9b66c4cd722bbf31b13b45baf

neighbour7 avatar Jan 20 '22 07:01 neighbour7

iptables -t mangle -L :output JOOL all -- anywhere anywhere instance:example ip6tables -t mangle -L :output JOOL all -- anywhere anywhere instance:example

neighbour7 avatar Jan 20 '22 07:01 neighbour7

Your browser is using HTTPS, not HTTP.

What happens if you remove the "s" from the URL?

It it works, you probably just have some certificate problem.

After executing your method, now my Terminator can connect with http

The "method" wasn't meant to fix the problem; it was meant to print output that might help us find the problem. Please follow the instructions until the end:

T:

sudo jool -i example global update logging-debug true
sudo dmesg -C

A:

<HTTP query from browser>

T:

dmesg

Post the output of dmesg.

And when you're done, make sure to disable debug logging. Otherwise it will slow things down and take up disk space.

ydahhrk avatar Jan 20 '22 17:01 ydahhrk

Sorry. My English is not good. My browser is using HTTP.

dmesg no output.

neighbour7 avatar Jan 21 '22 01:01 neighbour7

Try capturing the HTTP packets on T:

sudo tcpdump -i any -w packets.pcap

Then post the packets.pcap file here.

On Thu, Jan 20, 2022 at 7:47 PM YunlongWang @.***> wrote:

Sorry. My English is not good. My browser is using HTTP.

dmesg no output.

— Reply to this email directly, view it on GitHub https://github.com/NICMx/Jool/issues/373#issuecomment-1018086745, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASHNF7RCWWRSB32BFGUJLTUXC3JLANCNFSM5MJAAT3A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

ydahhrk avatar Jan 21 '22 06:01 ydahhrk

I came into an issue in OpenWrt where if I have a port forwarding jool wouldn't work, I don't know if it helps.

tiagogaspar8 avatar Feb 17 '22 11:02 tiagogaspar8