I’ve started to play with IPv6, I want to set it up to my home users.
I booked an IP range from Hurricane Electric, and I got the IPv6 connectivity to my server.
It’s a free system, where you can book IPv6 address, domain names, and you can learn about IPv6. For more info visit this site: http://he.net/
If you successfully get connected to the IPv6 cloud, you can start to play.
I’ve booked a /48 subnet as well to my LAN devices.
First you have to get the the IPv6 connectivity from HE. It’s only working if you are globally reachable from the internet with the IP protocol 41. So your server have to be the edge of your network of if it’s behind NAT, you have to play with your firewall. If you have a sophisticated one, you can enable on it, but if not, you just need to put your server to the DMZ.
Then you will be able to set up your 6to4 tunnel interface(/etc/network/interfaces):
auto he-ipv6 iface he-ipv6 inet6 v4tunnel address 2001:470:<your prefix> netmask 64 endpoint <Chosen He endpoint> local <Your local address> ttl 255 gateway 2001:470:<He IP from your prefix>
Next step, you should check if the IPv6 is enabled globally:
Next step, enable the necessary things on your local firewall(iptables).
# Allow IP protocol 41 for 6to4 tunnel from HE iptables -I INPUT -s 184.108.40.206/32 -p 41 -j ACCEPT iptables -I OUTPUT -s 220.127.116.11/32 -p 41 -j ACCEPT
# Allow ping only from HE iptables -A INPUT -s 18.104.22.168/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allow ipv6 ping only from HE iptables -A INPUT -s 22.214.171.124/32 -p ipv6
Don’t forget to edit the IPv6 firewall as well! By default everything is enabled on it!!!
Later on, you have a chance to disable IPv6. It could be useful to save your server’s resources:
echo "net.ipv6.conf.all.disable_ipv6=1" > /etc/sysctl.d/disableipv6.conf echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist sed -i '/::/s%^%#%g' /etc/hosts sed -i 's/ipv6//g'
But now, we don’t want to do it, we’ve just enabled IPv6, set up our interface, and as a last step, reload the server.
Wait until the server come back, and try to ping the HE. It should work (If not, there is a problem with the server’s global connectivity or the local firewall).