IPV6_And_Freebox

1 Introduction
2 Problem
3 Interfaces configuration
4 radvd configuration
5 Proxy NDP
6 Security
7 Tips
8 Contact
9 Links

Introduction

This page will help you configuring IPV6 if your ISP is Free.fr, and your network configuration is :

Freebox ---[eth1]- Linux Router -[eth0]----- LAN

In this guide, the LAN interface is eth0, the interface connected to the Freebox (WAN interface) is eth1. Your IPV6 prefix is 2a01:5d8:xxx::/64 where xxx is your ipv4 in hex notation.

Note (14/03): Free has deployed an update on his network. a /60 prefix is now available for every customer, and there will be soon an option to configure routing on your Freebox

Problem

Freebox delivers all ipv6 to your /64 packets locally on its LAN interface, so everything which is not on the same network segment does not receive ipv6 packets.

The idead behing this configuration is : - not to use bridging and BROUTE - be able to use autoconf

Interfaces configuration

First, you need to enable ipv6 routing :

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

The Freebox side of your router, as Freebox's ipv6 is 2a01:5d8:xxx::1, the only choice is the size of the subnet.

ip -6 addr add 2a01:5d8:xxx::2/126 dev eth1

All other addresses goes to LAN side

ip -6 addr add 2a01:5d8:xxx:1::1/64 dev eth0

radvd configuration

Make the client on the LAN think they are on a classic /64

interface eth0
{
       AdvSendAdvert on;
       prefix 2a01:5d8:xxx::/64
       {
               AdvOnLink on;
               AdvAutonomous on;
               AdvRouterAddr on;
       };
};

Proxy NDP

Kernel 2.6.19 required

echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp

or add in /etc/sysctl.conf

net.ipv6.conf.all.proxy_ndp = 1

I'm not sure if it is necessary, but i got strange things sometimes without promiscuous mode

ifconfig eth1 promisc

You must run this command for each host on the lan to allow the router to pick up packets on the WAN interface for each host

ip -6 neigh add proxy  <client ipv6 address> dev eth1

This will allow you to ping your freebox from your LAN

ip -6 neigh add proxy 2a01:5d8:xxx::1 dev eth0

Security

Now, every host in your network with ipv6 address can be reached from the Internet !

So use ip6tables. Here is a BASIC security for your hosts !

ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -i eth0 -s 2a01:5d8:xxxx:xxxx::/64 -j ACCEPT
ip6tables -A FORWARD -j DROP

And don't forget to protect your linux box with the INPUT chain.

Tips

If your OS uses temporary IPV6, it probably won't work, because you need to add these IP to the NDP proxy every time they change.

However, this can be modified in Windows XP (and maybe Vista, someone confirms ?) by runnig in a cmd netsh interface ipv6 set privacy state=disabled

Contact

You can use any IRC client to join #ipv6 on irc.freenode.net for help. Once your IPV6 connection is working, you can make first use of your new connectivity by connecting to freenode using irc.ipv6.freenode.net

Links

IPV6 and Freebox using broute may be more convenient for people who do not know in advance the ip addresses used on the LAN.

Another newer guide (fr) using ndp, allowing more than 1 lan network, but without /64 subnet is available here

Retrieved from "http://www.gentoo-wiki.info/IPV6_And_Freebox"

Category: Network

Last modified: Sat, 06 Sep 2008 09:01:00 +1000 Hits: 3,850

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and real estate agent tools.

Gentoo Wiki