IPV6 And Freebox
From Gentoo Linux Wiki
The Freebox is a appliance provided by the French Internet Service Provider Free.fr
- This article requires a good IPv6 and routing understanding if want to understand what you’re doing.
- It may also apply to any provider whose appliance requires your LAN to be flat (no router cascaded).
- You may want to check out broute if you don’t know which IPv6 addresses are on use on the LAN.
Contents |
[edit] Introduction
This page will help you configure IPv6 if your ISP is Free.fr, and your network configuration is:
Macro view:
<Internet>
|
[Freebox]---[Linux router]
|
<LAN>
In this guide, the LAN interface is eth0, the interface connected to the Freebox (WAN interface) is eth1.
Your IPv6 prefix is 2a01:e3x:xxxx:xxx0::/64 (in the early days, it used to be 2a01:5d8:xxxx:xxxx::/64) where xxxx:xxxx is your freebox's public IPv4 in hexadecimal notation.
NB: you actually get 2a01:e3x:xxxx:xxx0::/60, but the freebox router just advertises the /64.
[edit] Problem due to router cascade
Freebox delivers all IPv6 to your /64 packets locally on its LAN interface, so everything which is not on the same network segment does not receive IPv6 packets.
The idead behing this configuration is:
- not to use bridging and BROUTE
- let the clients autoconfigure themselves (however, the router needs configuration for every client; see "add proxy" below)
[edit] Interfaces configuration
First, you need to enable IPv6 routing :
The Freebox side of your router, as Freebox's ipv6 is 2a01:e3x:xxxx:xxx0::1, the only choice is the size of the subnet.
All other addresses goes to LAN side
[edit] radvd configuration
Make the client on the LAN think they are on a classic /64
interface eth0
{
AdvSendAdvert on;
prefix 2a01:e3x:xxxx:xxx0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};[edit] Proxy NDP
Kernel 2.6.19 required
or add in /etc/sysctl.conf:
I'm not sure if it is necessary, but I got strange things sometimes without promiscuous mode
You must run this command for each host on the lan to allow the router to pick up packets on the WAN interface for each host
This will allow you to ping your freebox from your LAN
[edit] Security
Now, every host in your network with IPv6 address can be reached from the Internet!
You can use ip6tables to bring packet filtering. Here is a basic security for your hosts:
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A FORWARD -i eth0 -s 2a01:e3x:xxxx:xxx0::/64 -j ACCEPT ip6tables -A FORWARD -j DROP
Also, you must not forget to protect your linux box with the INPUT chain.
[edit] Tips
If your OS uses temporary IPv6, it probably won't work, because you need to add these IP to the NDP proxy every time they change.
However, this can be modified in Windows XP (and maybe Vista, someone confirms ?) by runnig in a cmd :
[edit] Testing IPv6 IRC on Freenode
You can use any IRC client to join #ipv6 on irc.freenode.net for help. Once your IPv6 connection is working, you can make first use of your new connectivity by connecting to freenode using irc.ipv6.freenode.net
[edit] Extrernal Links
- Another newer guide (fr) using ndp, allowing more than 1 lan network, but without /64 subnet is available link here
- Proxy NDP IPv6 (fr) better explains the context to novices.
