Tags: 6to4, DMZ, firewall, ipv6, linux, modem, nat, pointopoint, proto41, sixxs, telnet, thomson
Comments Off
IPv6 Tunnel behind Thomson modem, continued
My coworker is even better than me. After I thought I fixed it, I noticed that the incoming connection is denied if the machine hasn’t had any outgoing ipv6 over the tunnel for a little while. My coworker, Kees, found the solution and implemented it and now it works! Yay!
This is what you need to do (blatantly copied from Kees’ blog):
:expr add name=ipv6 type=serv proto=41
:firewall rule add chain=forward_host_service name=SixXS serv=ipv6 state=enabled action=accept
:nat tmpladd intf=Internet type=nat outside_addr=0.0.0.1 inside_addr=192.168.4.4 protocol=6to4
:saveall
Let me know if this helped you too!
Tags: 6to4, DMZ, ipv6, linux, modem, nat, pointopoint, sixxs, telnet, thomson
1 comment
IPv6 Tunnel behind Thomson modem
Update: My coworker Kees found a better solution, see the next post.
Took me a little while to figure out, but I found how to create a point-to-point IPv6 tunnel (cordially provided by SixXS) if you’re behind a Thomson modem. In my case, it’s a ST546, but I imagine this works for other stuff too. WARNING: I’m NOT entirely sure what I’m doing here exactly. IF IT BREAKS YOUR MODEM, IT’S YOUR OWN FAULT!!! Consider yourself warned.
If you still dare, follow this:
- Telnet to your modem and login with your Admin credentials
- Perform the command:
nat maplist. You’ll see something like:
{Administrator}=>nat maplist
Idx Type Interface Outside Address Inside Address Use
1 NAPT Internet 12.345.678.90:22 192.168.1.200:22 1
2 NAPT Internet 12.345.678.90:113 192.168.1.200:113 0
3 NAPT Internet 12.345.678.90:49163 192.168.1.201:5060 1
4 NAPT Internet 12.345.678.90:49205 192.168.1.202:5060 2
5 NAPT Internet 12.345.678.90:49238 192.168.1.203:5060 2
6 NAT Internet 12.345.678.90 127.0.0.1 0
{Administrator}=>
The Interface is important. - We’re going to add a mapping for the 6to4 protocol by giving it the command:
nat mapadd intf=Internet type=nat outside_addr=12.345.678.90 inside_addr=192.168.0.1 protocol=6to4. Replace “Internet” with your interface name, the outside address with the outside address (IPv4) of your modem and inside_address with the internal IP address of the server that you’re going to use for the connection. - Now give the command
saveall - IMPORTANT: I had to ping out before I was able to receive any 6to4 packages! So
ping6 ipv6.google.comand see if the outside world can ping6 your server.
That worked for me. I had a lot of trouble finding this solution, so I’m blogging about it in the hope that it helps someone else. The most important info was found in a post from Richard Menedetter on the SixXS forum. It was hard to find for me, though.
SixXS IPv6, Speedtouch 5×6 and Airport Extreme Base Station
So yesterday I decided it was time to make my homenetwork IPv6 enabled. Shouldn’t be too hard, since it’s a full MacOSX network, including the Airport Extreme Base Station (AXBS) that we use for connection. I requested a tunnel at SixXS, got it within 15 minutes and configured my AXBS to make the tunnel. That’s wasn’t really hard, only I forgot to request a subnet too, which made it IPv6 kinda stop at the AXBS. Also, since the AXBS doesn’t have any sort of status check, I was unsure if the tunnel was created correctly. Especially since the SixXS panel said it couldn’t ping me and I couldn’t ping myself from another IPv6 enabled server…
Some querying pointed towards the Speedtouch (which was actually quite obvious, in retrospect). I needed to put my AXBS in the DMZ behind the modem. Sure, no problem there. Let’s just select “Assign the public IP address of a connection to a device” in the interface and select the AXB… Ow, apparantly, the Speedtouch only wants to assign the public IP address to a device that gets it’s IP address from the Speedtouch’s DHCP server. No problem, let’s make the AXBS get it’s IP address through DHCP instead of stati… Ow, apparantly, the AXBS requires a static IP address to do tunneling… Now what?
As is usual with the Speedtouches, under the hood they have far more capabilities than advertised through their webinterface. However, searching through the CLI manual, it’s not very obvious how to add a device to the DMZ. So let’s take the lazy guy approach:
First, I made sure all the Speedtouch was in working order and made a backup of the configuration. Second, I added a device to the DMZ and made another backup. Thirdly, I diff’ed both backups and looked at the changes. You’ll notice a line starting with “lease add” that contains the MAC address of the device you just added. Easy-peasy from here on. Simply change the MAC address into the address from the AXBS and upload the new configuration to the Speedtouch.
All of a sudden, it works. And I have an IPv6 enabled home-network. Kinda boring after that, it just all works :S
