Hi, even if it's quite late past midnight, I want to introduce myself shorty. I work for wbx company since the begining of this year and I am quite enthusiastic about freewrt and all this embeded linux stuff.
This is quite something new, even after almost 5 years that I have been
working for a local isp and altogether more or less 10 years of general linux
experience.
After I have made my first steps with freewrt on a asus WL500gP some days ago
I noticed that IPv6 is not working as expected. The connectivity from within
the freewrt system to the external ipv6 network was fine, but the IPv6
addresses was set on the wrong interface. In my lan there is already a radvd
installation which announces a public ipv6 network to all connected clients
in my lan. The freewrt used the announced network on eth0 instead of eth0.0.
I am not quite sure which is the impact of this. Maybe traffic from eth0 can
be seen/sniffed from all vlans or something like that, but even without
knowing the exact impact of this I have started to search a good solution for
this problem.
First of all, here a "ip addr" from a normal freewrt installation:
[EMAIL PROTECTED]:~# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:17:31:XX:90:31 brd ff:ff:ff:ff:ff:ff
inet6 fe80::217:31ff:feXX:9031/64 scope link
inet6 2001:6f8:XXX:0:217:31ff:feXX:9031/64 scope global dynamic
valid_lft 2591941sec preferred_lft 604741sec
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 40:10:18:00:00:2d brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:17:31:XX:90:31 brd ff:ff:ff:ff:ff:ff
5: [EMAIL PROTECTED]: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: [EMAIL PROTECTED]: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
7: eth0.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:17:31:XX:90:31 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.23/24 scope global eth0.0
inet6 fe80::217:31ff:feXX:9031/64 scope link
(I XXXed some IP/MAC details for privacy)
I have created a script called ipv6 for /etc/network/if-up.d and added some
ipv6 options for /etc/network/interfaces this way.
To fix my setup I used this /etc/network/interfaces file in combination with
the if-up.d script:
auto eth0 # don't edit this device, it's an internal device of your box
iface eth0 inet manual
ipv6-flush 1
# LAN ports
auto eth0.0
iface eth0.0 inet static
address 10.0.0.23
netmask 255.255.255.0
gateway 10.0.0.10
switch-ports 1 2 3 4 5*
# ipv6-autoconf 0
# ipv6-accept-ra 0
# ipv6-accept-redirects 0
The "ipv6-flush" options deletes the ipv6 address (and all relating stuff)
from eth0.
"ipv6-autoconf" and "ipv6-accept-*" is for controlling the ipv6
autoconfiguration. The default freewrt installation comes with
ipv6-forwarding disabled. This enabled the autoconfiguration for every
interface. router announcements and redirects are also accepted. This may be
unwanted in some scenarios, espacially because an attack might use this to
announce an evil network, where nobody even knows about that ipv6 is already
enabled by default on a lot of devices/systems. I want to trust my lan, so I
didn't disabled autoconf and this stuff in my config. But I think this is a
nice feature in general.
Now my ipv6 setup looks like expected:
[EMAIL PROTECTED]:~# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:17:31:XX:90:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 40:10:18:00:00:2d brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:17:31:XX:90:31 brd ff:ff:ff:ff:ff:ff
5: [EMAIL PROTECTED]: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: [EMAIL PROTECTED]: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
7: eth0.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:17:31:XX:90:31 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.23/24 scope global eth0.0
inet6 fe80::217:31ff:feXX:9031/64 scope link
inet6 2001:6f8:XXX:0:217:31ff:feXX:9031/64 scope global dynamic
valid_lft 2591989sec preferred_lft 604789sec
I attached my if-up.d/ipv6 script, maybe it's useful...
I just started to play with freewrt boxes, but after one week it seems to me
that this is a really cool system. so keep up the good work!
--Ralph
ipv6
Description: application/shellscript
_______________________________________________ freewrt-developers mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-developers
