Hi,

I’ve started to play with IPv6, I want to set it up to my home users.

I booked an IP range from Hurricane Electric, and I got the IPv6 connectivity to my server.
It’s a free system, where you can book IPv6 address, domain names, and you can learn about IPv6. For more info visit this site: http://he.net/

If you successfully get connected to the IPv6 cloud, you can start to play.
I’ve booked a /48 subnet as well to my LAN devices.

First you have to get the the IPv6 connectivity from HE. It’s only working if you are globally reachable from the internet with the IP protocol 41. So your server have to be the edge of your network of if it’s behind NAT, you have to play with your firewall. If you have a sophisticated one, you can enable on it, but if not, you just need to put your server to the DMZ.

Then you will be able to set up your 6to4 tunnel interface(/etc/network/interfaces):

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
  address 2001:470:<your prefix>
  netmask 64
  endpoint <Chosen He endpoint>
  local <Your local address>
  ttl 255
  gateway 2001:470:<He IP from your prefix>

Next step, you should check if the IPv6 is enabled globally:

modprobe ipv6
echo "ipv6" >> /etc/modules

Next step, enable the necessary things on your local firewall(iptables).

# Allow IP protocol 41 for 6to4 tunnel from HE
iptables -I INPUT -s 216.66.87.14/32 -p 41 -j ACCEPT
iptables -I OUTPUT -s 216.66.87.14/32 -p 41 -j ACCEPT
# Allow ping only from HE
iptables -A INPUT -s 216.66.87.14/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allow ipv6 ping only from HE
iptables -A INPUT -s 216.66.87.14/32 -p ipv6

Don’t forget to edit the IPv6 firewall as well! By default everything is enabled on it!!!

Later on, you have a chance to disable IPv6. It could be useful to save your server’s resources:

echo "net.ipv6.conf.all.disable_ipv6=1" > /etc/sysctl.d/disableipv6.conf
echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist
sed -i '/::/s%^%#%g' /etc/hosts
sed -i 's/ipv6//g' /etc/module

But now, we don’t want to do it, we’ve just enabled IPv6, set up our interface, and as a last step, reload the server.

reboot

Wait until the server come back, and try to ping the HE. It should work (If not, there is a problem with the server’s global connectivity or the local firewall).

That’s it!

Advertisements