Can ping, but can't connect

[optichost]

Trying to tunnel through NAT.  Custom Linux router.

iptables:
iptables -t nat -A PREROUTING -p 41 -i eth1 -d 24.199.***.** -j DNAT --to-destination 192.168.0.10
iptables -t nat -A POSTROUTING -p 41 -o eth0 -s 192.168.0.10 -j SNAT --to-source 24.199.***.**
iptables -t nat -A PREROUTING -p all -i eth1 -d 24.199.***.** -j DNAT --to-destination 192.168.0.10
iptables -t nat -A POSTROUTING -p all -o eth0 -s 192.168.0.10 -j SNAT --to-source 24.199.***.**

sysctl -w net.ipv6.conf.all.forwarding=1 is good.
I can ping any ipv6 host, but all ipv6 connections time out.
Strangely, the port scanner on here can see that I have SSH and Apache open on the box, I just can't make any outgoing IPv6 connections.

On the client side:
modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local 192.168.0.10 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:e548::20 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

# ping6 ipv6.google.com
PING ipv6.google.com(yw-in-x67.1e100.net) 56 data bytes
64 bytes from yw-in-x67.1e100.net: icmp_seq=1 ttl=56 time=44.9 ms

--- ipv6.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms


Please help, I'm at my wit's end.

[optichost]

I have 5 IPv4 addresses, which adds to the complexity.  I can't just masquerade, or it'll take my first IP.
I checked out tcpdump and it looks like I can handshake, it's getting blocked by the router.  Good call.  I'll put the tunnel on my 'default' ip, and see what happens.

[optichost]

Still no dice.

tcpdump output:
17:02:15.538645 IP 192.168.0.10 > tserv13.ash1.ipv6.he.net: IP6 2001:470:e548::20.53452 > 2001:41d0:2:8a4e::.ircd: Flags , seq 1324326693, win 4260, options [mss 1420,sackOK,TS val 911218 ecr 0,nop,wscale 6], length 0
17:02:18.544557 IP 192.168.0.10 > tserv13.ash1.ipv6.he.net: IP6 2001:470:e548::20.53452 > 2001:41d0:2:8a4e::.ircd: Flags , seq 1324326693, win 4260, options [mss 1420,sackOK,TS val 914224 ecr 0,nop,wscale 6], length 0

^ When trying to connect to an IPv6 IRC server

It will just sit there, and time out eventually.

[optichost]

I'll have to check.  They're servers that I'm trying to set the tunnels up on, so I don't think there's an IPv6 compatible browser.

[optichost]

I'll be damned... you're right.  I can access http://ipv6.google.com/ through a PHP script I just wrote.  Thanks, man.  Much appreciated.

[aamkeri]

I had same issue. I tried a lot of things - even tried setting up a new connection - but it didn't work. I called his provider and found that some of his settings were incorrect, so we reset them. I can ping out and recieve so that's not an issue. I just keep getting 'Page Cannot Be Displayed'.