IPv6-Cloud.org
IPv4-IPv6.eu
IPv4-IPv6.asia
IPv6.li


IPv6 Address

IPv6 DNSv6

IPv6 Howto

Distro-Specific Howto

IPv6 Tunnel

IPv6 SW Tools

IPv6 Testiing

IPv6 RFCs



1U Rackmount Chassis

Custom-Chassis.net

Linux-1U.net

1U-ITX.net


ITX-Blades.net

Small PC cases

Mini-Box.net

Wrap-Box.net

Wrap-OS.net


gigEnn.net
WanSim.net


Linux-Consulting.com

Linux-CAE.net

Linux-Sec.net

Linux-Boot.net

Linux-Backup.net

Linux-Wireless.org

Linux-Office.net

Linux-Video.net

Linux-VOIP.net

Linux-Jobs.net

Linux-Diff.net

1U-Raid5.net

Linux-Howto.net


Spam Reporting



Free Linux CDs

ISO9660.org

Distro-CD.org

Patch-CD.org


Contact



Linux is a registered trademark of
Linus Torvalds

More Linux Legalese


IPv6-Cloud.org/IPv6-Howto


  • FreeBSD .. IPv6 Test Lab ..

Kernel Requirements

  • Compile the Kernel with IPv6 Support
    • option INET6
    • option IPv6_FIREWALL .. check real value later

  • Check the Kernel Supports IPv6
    • FreeBSD-6.x kldstat -v | egrep "ipfw|ip6fw" .. should be listed ..
    • FreeBSD-7.x 8.x kldstat -v | egrep "ipfw|ip6fw" .. should be listed ..

    • Manually Load the IPv6 Kernel Modules
      • FreeBSD-6.x kldload ip6fw
      • FreeBSD-7.x 8.x kldload ipfw

  • Check sysctl net.inet6.ip6.forwarding .. should be 1 ..
    • Assign it sysctl -w net.inet6.ip6.forwarding=1

Create Your Local IPv6 Address

  • Convert IPv4 Address into Hex format
  • Lets assume a typical IPv4 Infrastructure:
    • Network at 192.168.1.0 aka in hex = C0A8:0100
    • GateWay at 192.168.1.1 aka in hex = C0A8:0101
    • DNS at 192.168.1.2 aka in hex = C0A8:0102
    • Server at 192.168.1.22 aka in hex = C0A8:0116 <<--- notice
    • Client at 192.168.1.33 aka in hex = C0A8:0121 <<--- notice
    • Broadcast at 192.168.1.255 aka in hex = C0A8:01FF

  • Typical Way to Create the Equivalent IPv6 Address
    • For Point-to-Point IPv6 Tunnels 2001::/32
        Server == 2001:C0A8:0116::1 ( aka 192.168.1.22 )
        Client == 2001:C0A8:0121::1

    • For 6to4 IPv6 Tunnels 2002::/8
        Server == 2002:C0A8:0116::1
        Client == 2002:C0A8:0121::1
Edit Your System Files for IPv6

  • vi /etc/hosts
      #
      # Minimum info needed for Client-Server IPv6 Testing
      # Using this same /etc/hosts file in both machine
      #
      # For 2 IPv6, it's easier to copy /etc/hosts onto both machines
      # than to configure a new DNSv6 IPv6 dns server
      #
      127.0.0.1 localhost.example.com localhost
      ::1 localhostv6.example.com localhostv6

      192.168.1.11 Server.example.com Server
      192.168.1.22 Server.example.com Client

      2002:C0A8:0116::1 ServerIPv6.example.com ServerIPv6
      2002:C0A8:0121::1 ClientIPv6.example.com ClientIPv6

  • vi /etc/rc.conf
      #
      # Configuring for an 6to4 IPv6 tunnel
      # 
        
...  
#  
# turn on ip6fw  
ipv6_firewall_enable="YES"  
ipv6_firewall_script="/etc/rc.firewall6"  
ipv6_firewall_type="client"  
ipv6_firewall_quiet="NO"  
#  
# Turn on 6to4 tunnel  
# -------------------  
ipv6_enable="YES"  
ipv6_network_interfaces="stf0"  
ipv6_ifconfig_fxp0="2002:C0A8:0116::1" 	# aka 192.168.1.22  
#  
ipv6_defaultrouter="2002:C0A8:0101::1" 	# aka 192.168.1.1  
#  
# IPv6 gateway for Local IPv6 lan to get to outside IPv6 cloud  
ipv6_gateway_enable="YES"	# link to get outside  
#  
#  
# IPv6 over IPv4 : 6to4 tunnel ( IPv6 address = 2002:: )  
# ----------------------------  
# http://www.kame.net/~suz/freebsd-ipv6-config-guide.txt  
#  
stf_interface_ipv4addr="192.168.1.11"		# change to 192.168.1.22   
stf_interface_ipv4plen="16"  
stf_interface_ipv6_ifid="2002:C0A8:0116::1"	# default ::1  
stf_interface_ipv6_slaid="0"			# default 0  
#  
#  
# IPv6 over IPv4 : gif tunnel ( IPv6 address = 2001:: )  
# --------------------------  
# gif_interfaces="gif0"  
# gifconfig_gif0="192.168.1.22 192.168.1.33"  
# ipv6_ifconfig_gif0="2001:C0A8:0116::1 2001:C0A8:0121::1 prefixlen 128"  
#  
#  
# router advertisement daemon	( default is NO )  
rtadvd_enable="YES"		# let our LAN know the IPv6 default route  
rtadvd_interfaces="stf0"		# our private LAN  
 ...


    • Reload the IPv6 6to4 changes after modifying /etc/rc.conf file
      • /etc/rc.d/netif restart && sleep 5 && /etc/rc.d/routing restart

  • vi /etc/rc.firewall6

      ..
      [Client] Section
      ..
      #
      # Change ip= for server or client
      net="2002:C0A8:0100::"
      ip="2002:C0A8:0116::1"
      ..

    • Reload the IPv6 firewall rules after modifying /etc/rc.firewall6 file
      • /etc/rc.d/ip6fw restart

  • vi /etc/named.conf

    • Configure your IPv6 DNS server later ...

    • Reload the DNS changes after modifying /etc/named.conf file
      • /etc/rc.d/named restart

Manually Configuring an 6to4 IPv6 Tunnel

  • Configure your IPv6 Server at 2002:C0A8:0116::1 ( aka 192.168.1.22 )
  • Configure your IPv6 Client at 2002:C0A8:0121::1 ( aka 192.168.1.33 )

  • Corresponding Network address is 2002:C0A8:0100::1 ( aka 192.168.1.0 )

  • Create the 6to4 interface
    • ifconfig create stf0
    • ifconfig stf0 inet6 2002:C0A8:0116::1 prefixlen 16

    • Check the 6to4 interface
      • ifconfig [ stf0 ]

    • Remove the 6to4 interface
      • ifconfig stf0 destroy
      • ifconfig stf0 down

  • Update the IPv6 routing table
    • route add -inet6 2002:C0A8:0116::1 [ -iface stf0 ]
    • route add -inet6 default 2002:C0A8:0100::1 [ -iface stf0 ]

    • Check the IPv6 routing table
      • netstat -nr -f inet6

    • Remove the IPv6 routes
      • route delete -inet6 IPv6_address
      • route delete -inet6 default

  • Load the IPv6 Firewall
    • vi /etc/rc.firewall6
        # Client section
        net=2002:C0A8:0100::1
        ip=2002:C0A8:0116::1

    • /etc/rc.d/ip6fw stop ; ip6fw list (?empty?) ; /etc/rc.ip6fw start
      • make sure the IPv6 firewall is empty if you stop the IPv6 firewall

    • Check the IPv6 firewall rules
      • ip6fw list
      • ip6fw show

      • # Additional IPv6 firewall rule might be needed for FreeBSD-6.x .. if ping6 hangs
      • ip6fw add 5000 allow 41 from any to any

    • Remove the IPv6 firewall rules
      • ip6fw flush

Sanity Checking

  • Example Local IPv6 Test Environment


  • ping itself by IPv6 address via its localloop (lo) interface
    • ping6 -c 3 ::1

  • ping itself by name via its localloop (lo) interface
    • ping6 -c 3 localhost

  • Ping itself by IPv6 Address via stf0 interface
    • client# ping6 -c 3 2002:C0A8:0121::1

    • server# ping6 -c 3 2002:C0A8:0116::1

  • Ping itself by name via its stf0 interface
    • client# ping6 -c 3 ClientIPv6

    • server# ping6 -c 3 ServerIPv6

  • IPv6 Client pinging IPv6 Server on stf0 interface
    • client# ping6 -c 3 ServerIPv6

    • server# ping6 -c 3 ClientIPv6

  • Local IPv6 LAN pinging the Outside IPv6 cloud on stf0 interface
    • Pinging will fail until you get your IPv6 connectivity
      from your ISP or Tunnel Broker
    • It should at least resolve www.kame.net into it's IPv6 address

    • client# ping6 -c 3 www.kame.net
    • server# ping6 -c 3 www.kame.net

IPv6 Error Messages

  • ping6: UDP connect: No route to host
  • ping6: sendmsg: Permission denied
    • your IPv6 firewall is NOT properly configured

  • ping6 just hangs
    • your firewall is not passing port 41 thru

Real World IPv6 Connectivity

  • Check if your ISP provides native IPv6 connectivity

  • If not, you will need to contact an IPv6 Tunnel Broker

Copyright © 2000
Linux-Consulting
All Rights Reserved.
Updated: Thu Dec 15 16:15:50 2011 PDT