Void's Forums

[Void Main]

If you don't know it now you need to learn it. The sooner the better.

[Basher52]

What's the really big difference between IPv4 and IPv6?
I do know that IPv6 is built differently and I've used it at my last job but is there more to it than that?

[Void Main]

I'm not very versed in IPv6 myself yet so I would suggest searching Google for now. I do need to become proficient in IPv6 soon however.

[Void Main]

This looks interesting:
http://www.linuxha.com/other/home-ipv6.html

[Void Main]

Well, I just manually set an IPv6 address on my laptop and on my OpenWrt router and added the IPv6 addresses to my dnsmasq configuration and can ping each other by name. I guess that's step #1 in learning this stuff. :)

[Void Main]

I have an IPv6 address on two linux boxes and my gateway and added the addresses to my dnsmasq conf and can not only ping each of the devices but can connect from my firefox browser to apache on the 2nd linux box using the ipv6 address and ipv6 name I set up in DNS. Now to get a better understanding of addressing, subnetting, routing, dual stack, tunneling, etc, etc, etc. I am excited about getting the basics working though.

This was very helpful in getting this far:
http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/

[Void Main]

Well, got my new modem installed and working and was able to get my tunnel from Hurricane Electric. Now I just need to figure out how to set it up. :)

[Void Main]

I got my Hurricane Electric tunnel up on my OpenWrt router and can ping6 and traceroute6 to IPv6 addresses out on the internet (e.g. ipv6.google.com). Before setting up the tunnel I had made up IPv6 addresses and configured several of my machines with them and was able to ping between them. Now I have to figure out how to get them legit IPv6 addresses and how to get them to route through my tunnel that I set up on my OpenWrt router. I am such a n00b. :)

[Void Main]

Looks like this thread might have the nuggets I need to get my clients talking:

http://www.tunnelbroker.net/forums/inde ... pic=1345.0

[Void Main]

Woohoo!! I got it all working! I configured radvd on my OpenWrt firewall with my routed /64 network, configured my lan interface on the firewall with an address on that network but for some reason was having trouble getting Fedora 14 configured to assign itself an address via stateless auto-configuration (from radvd running on the OpenWrt router). This page had some good info:

http://www.killsudo.info/?cat=3

However, it was as simple as putting these two lines in your device config file (e.g. /etc/sysconfig/network-scripts/ifcfg-eth0):

Code: Select all

IPV6INIT=yes
IPV6_AUTOCONF=yes

I restarted my network service and bingo! I could then ping6 and traceroute6 to ipv6 names/addresses out on the Internet. Here's my test-ipv6.com results:



(Click to enlarge)

The only ding I got was something about my ISP's DNS server.

[Void Main]

So far I've made it through the professional cert with a score so far of 585. To get there I had to set up my tunnel, prove I had IPv6 connectivity to the world, configure DNS entries (AAAA, PTR, MX), a web server, and a mail server and they all had to work. The next step in the cert process is "guru" and I believe I have to create subdomains, etc. What a great program, and it's free!!

I have one little problem yet to figure out that isn't really related to the Hurricane Electric cert process. I got a /48 route-able network and I peeled off a /64 from it hoping to use that in my DMZ. I configured radvd to issue addresses on my DMZ interface on my firewall in addition to the LAN interface but have yet been able to get my DMZ boxes to auto-configure an address. It's gotta be something with my shorewall configuration on my router but I can't quite pin it down.

Oh, I also created a script to update my tunnel end point on HE and bring up my tunnel after starting shorewall.

he.sh:

Code: Select all

#!/bin/sh

IPV4ADDR=`cat /var/run/shorewall.ip | tr -d '\n'`
MD5PASS="xxxxxxxxxxxxxxxxxxxxxxxx"
USERID="yyyyyyyyyyyyyyyyyyyyyyyy"
GTUNID="xxxxxx"
wget --no-check-certificate -O - "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$IPV4ADDR&pass=$MD5PASS&user_id=$USERID&tunnel_id=$GTUNID" 2> /dev/null   > /tmp/he.net

ip tunnel add he-ipv6 mode sit remote 209.51.181.2 local $IPV4ADDR ttl 255
ip link set he-ipv6 up
ip addr add 2001:a:b:c::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6

Go here for explanation of the variables:

https://ipv4.tunnelbroker.net/ipv4_end.php

[Void Main]

Well, I passed the "Guru" cert with 805 points and only have one level left to go (Sage). All I have to do to get that cert is get IPv6 glue records in the TLD for my domain.

[Void Main]

I had trouble getting IPv6 connectivity on my KVM guests. After some searching I found that you have to make sure this line is in your KVM host's ip6tables:

Code: Select all

-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

Works fine now.

[Void Main]

Got a 10/10 on the IPv6 test after pointing to a different DNS server:

[Void Main]

More on iptables being applied to the bridge by default (which causes problems with radvd automatic address assignment on kvm guests):

http://wiki.libvirt.org/page/Networking

To disable iptables on the bridge (as it should be) add this to /etc/sysctl.conf on the kvm host:

Code: Select all

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

To put it in motion without rebooting:

Code: Select all

# sysctl -p