I'm running Attitude Adjustment 12.09 on a Buffalo router, and trying to
implement IPv6 on my LAN via the 6rd border relay provided by my ISP.
The Howto:IPv6 on the Wiki is notably missing any examples for 6rd, so I'm
stumbling a bit in the blind, but I've made some progress by reading
whatever I can find on IPv6 implementations, installing every package with
'6' in the name from the repository, and guessing a lot.
I've managed to get radvd installed, configured, and working, sorta.
Charter Communications has a 6rd border gateway for its subscribers, and
their website gives the basic settings:
6RD Configuration Settings
As part of Charter's IPv6 Trials we have made available a Public 6rd
Border Relay. If you are interested in participating in our early trials
and own a device that supports 6RD use this configuration information to
begin experiencing the Next Generation Internet:
6rd Prefix = 2602:100::/32
Border Relay Address = 68.114.165.1
6rd prefix length = 32
IPv4 mask length = 0
Primary DNS Address = 2607:f428:1::5353:1
Secondary DNS Address = 2607:f428:2::5353:1
...so I go to 'Network' 'Interfaces', and I create a new interface which I
call 'WAN6', declaring the 'Protocol' to be 6rd, and plugging in the rest
of the info into the appropriate fields. I have not yet figured out where
in the config I should plug the IPv6 DNS server addresses. As soon as I
enable this interface, It comes up with an IPv6 Scope:global address, and
I can ping6 some known IPv6-capable sites on the Internet, but only from
the router console, not any workstations. Despite the lack of any
specific IPv6 DNS entries, name resolution appears to be happening for
ping6 anyway, from both router and workstation.
According to the wikipedia article on 6rd, the negotiation with the border
relay is supposed to set up a tunnel interface, and also auto-config radvd
to assist in the configuration of workstations behind the router. But
this isn't happening at this point. My workstations still have only
Scope:link addresses.
I go to the LuCI page for radvd config, and enable the lan Interface
section, and the lan Prefix section, leaving everything else at defaults,
but that doesn't give my workstations any global addresses. Only when I
edit the lan Prefix section, plugging in the first 64 bits of the address
my tunnel endpoint was given, do my workstations spring to life with
scope:global addresses. I thought this was supposed to be automatic with
6rd.
So now, I can ping6 internet addresses from the router, I can ping6 my
workstations from the router, I can ping6 my router from each workstation,
but I cannot ping6 any internet hosts from the workstation.
...so I'm thinking the current stumbling block is in the ip6tables
firewall, where the default forwarding rule is 'Reject', and there are
specific accept rules only for DHCPv6, ICMPv6 input, and ICMPv6 Forward.
The Forward rule is specific WAN->Lan, so I'm thinking I need a
corresponding Lan->WAN rule, so my ping6 requests from the workstation
will actually be forwarded to the WAN? And beyond that, I will have to
code a rule for every other protocol I wish to use IPv6 transport? Is
there a way to code a generic rule that will operate like the masquerading
in IPv4, such that outgoing lan -> WAN packets are generally permitted,
and WAN -> Lan packets are permitted only if they are in response to a
recent outgoing packet?
There was a note in the IPv6 Howto on the wiki, that 'these instructions
are for AA 12.09 and earlier releases only, for 12.09.1 and later, IPv6
is[sic] builtin and enabled by default'. I don't find any images in the
download section for 12.09.1 or later, so I assume that this is still
under development? Is there some way I can communicate with the
developers, so my experiences with this venture into 6rd might be of
assistance to others?
--
Rick Green
We, the People of the United States of America, reject the U.S. Supreme Court's
Citizens United ruling, and move to amend our Constitution to firmly establish
that money is not speech, and that human beings, not corporations, are persons
entitled to constitutional rights.
http://www.MoveToAmend.org
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
