Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Configurig Linux as router for entire lan  (Read 13799 times)

crobertp

  • Newbie
  • *
  • Posts: 11
Configurig Linux as router for entire lan
« on: July 18, 2008, 07:32:04 PM »

I have a Internet connection of 8mbit/s adsl (half mbit/s up) -> connected to a Linux pc (kernel 2.4.21)
*on this pc I run firewall, squid, pop3, sendmail, dhcpd, named, sshd, apache, ntpd, jabberd, routed, etc.

Thus, it acts like a isp (for users of my lan)

there are several other pcs on lan, running different OS(s) win98, linux, win2k, winxp,frebsd, amiga,qnx,etc.
*user pcs are spread over two subnets, hard wired, for each pc @ 10,mbit/s up/down.

This setup has been working stable for a long time (over 10 years )

Thinking on providing ipv6 connectivity to my users,  I registered a ipv6 tunnel on Hurricane Electric's.

Well , the tunnel is working, and several services are now available via ipv6 too. :D
httpd , named, sshd, yacy server ..., (I hope squid ipv6 works next week)

however I am failing to provide ipv6 connectity to other pcs of my lan.

I have already installed radvd

*radvd.conf
Code: [Select]
interface eth2             
{                               
    AdvSendAdvert on;   
    MinRtrAdvInterval 5; 
    MaxRtrAdvInterval 15;
     prefix 2001:470:5:27::/64
    {
        AdvOnLink on;       
        AdvAutonomous on;   
    };
};
                   
         RDNSS 2001:470:4:27::2 2001:470:5:27::
        {
                AdvRDNSSPreference 8;
                AdvRDNSSOpen off;
                AdvRDNSSLifetime 30;
        };


};

then I go to my son pc, (winxp sp3) and typed on a dos prompt
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.22.50 192.168.22.14
netsh interface ipv6 add address IP6Tunnel 2001:470:5:27::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:5:27::1

all nice ,
only problem ; this is *not* working  -:(

From pc that has ip 2001:470:4:27::2 I can ping 2001:470:5:27::1 and 2001:470:5:27::2 and the world
From pc that has ip 2001:470:5:27::2 I can ping 2001:470:5:27::1 and 2001:470:4:27::2 but the world

Is the problem that he-ipv6 tunnels are limited to a single pc :?:

Thus , Do I need a bgp tunnel instead , to get this working :?:

ps: I dont have a RIR Allocated ASN :wink:

Thanks
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1720
Re: Configurig Linux as router for entire lan
« Reply #1 on: July 18, 2008, 10:47:05 PM »

make sure you've enabled ipv6 forwarding in sysctl?
Logged

crobertp

  • Newbie
  • *
  • Posts: 11
Re: Configurig Linux as router for entire lan
« Reply #2 on: July 18, 2008, 11:19:00 PM »

make sure you've enabled ipv6 forwarding in sysctl?

Yes, I did this
sysctl -w net.ipv6.conf.all.forwarding=1

ping test from my son pc -> ip 2001:470:5:27::2
Code: [Select]
C:\>ping 2001:470:5:27::1

Pinging 2001:470:5:27::1 with 32 bytes of data:

Reply from 2001:470:5:27::1: time<1ms
Reply from 2001:470:5:27::1: time<1ms
Reply from 2001:470:5:27::1: time<1ms
Reply from 2001:470:5:27::1: time<1ms

Ping statistics for 2001:470:5:27::1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

C:\>ping 2001:470:4:27::2

Pinging 2001:470:4:27::2 with 32 bytes of data:

Reply from 2001:470:4:27::2: time<1ms
Reply from 2001:470:4:27::2: time<1ms
Reply from 2001:470:4:27::2: time<1ms
Reply from 2001:470:4:27::2: time<1ms

Ping statistics for 2001:470:4:27::2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

C:\>ping 2001:470:4:27::1

Pinging 2001:470:4:27::1 with 32 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 2001:470:4:27::1:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
C:\>

thanks
« Last Edit: July 18, 2008, 11:43:27 PM by crobertp »
Logged

avongauss

  • Newbie
  • *
  • Posts: 14
    • Home Page
Re: Configurig Linux as router for entire lan
« Reply #3 on: July 19, 2008, 12:21:24 AM »

sysctl -w will only write the values to the current running kernel, after the next reboot the options will be back to their default values.  Depending on your distribution, you will need to add or modify the options in /etc/sysctl.conf or perform the adjustments through an init script.

Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1720
Re: Configurig Linux as router for entire lan
« Reply #4 on: July 19, 2008, 12:47:06 AM »

Also no you don't need to run BGP. I set up a similar test network up several times a week without issue, except I don't try and hardcode the address on the client, I just RADVD advertise and the systems pick everything up.  The basic radvd config I use is:

interface eth0
{
AdvSendAdvert on;
AdvHomeAgentFlag off;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:470:A:B::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};

sorry its late and im not reading everything. you dont need to make tunnel interfaces on the clients that want to use the routed /64. if they have ipv6 enabled they should get the address from radvd. unless you are creating sit interfaces for the clients on the linux box, using their tunnel interfaces won't work.

Basically:

1) configure tunnel on linux machine.
2) configure first usable IP of routed range on the interface that faces the LAN (in your case eth2)
3) configure radvd to advertise that range over that interface
4) configure client machines on the LAN to support IPv6, and after 30 seconds they should automatically assign an address

XP/2000/2003 will require an IPv4 nameserver connection for DNS resolution, Vista/2008 won't.
Mac/Linux/BSD are generally already IPv6 enabled and will get an address.
« Last Edit: July 19, 2008, 02:11:46 AM by broquea »
Logged

crobertp

  • Newbie
  • *
  • Posts: 11
Re: Configurig Linux as router for entire lan
« Reply #5 on: July 20, 2008, 12:45:49 AM »

Hi !

Seems that my problem is that nor windows nor linux are using a tunnel  ::)
rather these boxes that are hardwired with cross cable @ 100 mbit/s up/down
they are talking one with the other as if both are native ipv6

However windows is autoconfiguring some weird ip address/gteways on Local Area Connection
as result of radvd advertisments
Code: [Select]
C:\>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.22.14
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 2001:470:5:27:d58f:1a5e:ac64:c2a3
        IP Address. . . . . . . . . . . . : 2001:470:5:27:2e0:4cff:fe39:5c1
        IP Address. . . . . . . . . . . . : fe80::2e0:4cff:fe39:5c1%4
        Default Gateway . . . . . . . . . : 192.168.22.50
                                            fe80::2e0:18ff:fee9:d1ff%4

Tunnel adapter IP6Tunnel:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 2001:470:5:27::2
        IP Address. . . . . . . . . . . . : fe80::6:c0a8:1632%6
        Default Gateway . . . . . . . . . : 2001:470:5:27::1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.22.14%2
        Default Gateway . . . . . . . . . :

C:\>
   

the worst is that netsh is not allowing the right ip/gateway to be set on Local Area Connection
Code: [Select]
C:\>netsh interface ipv6 add address Local Area Connection 2001:470:5:27::2
The parameter is incorrect.

Thanks
Logged

crobertp

  • Newbie
  • *
  • Posts: 11
Re: Configurig Linux as router for entire lan
« Reply #6 on: July 20, 2008, 02:38:31 AM »

 :-[ ops ; I get that pc accessing the world (now is working)

I need to in addition to to dev he-ipv6 to define sit0 too  (to get ipv6  working on lan)
and route /0 via sit1

routed ranges /48 & /64 are connected too  , to dev he-ipv6  w/ nothing routed to
(to allow external access to servers running on other pcs of my lan (most httpd servers with personal pages)

with these changing weird ip addess of autoconf , better  stick with my complicated v4 nat iptables  :-\
*I hope there is way to fix ipv6 ips of lan pcs ,  ;) (so I may stop maitenance on nat iptables)

Thanks

btw: ifconfig on my linux (only to show it) - may help others
Code: [Select]
eth2      Link encap:Ethernet  HWaddr 00:E0:18:E9:D1:FF
          inet addr:192.168.22.50  Bcast:192.168.22.255  Mask:255.255.255.0
          inet6 addr: 2001:470:5:27::1/128 Scope:Global
          inet6 addr: 2001:470:5:27::1/128 Scope:Global
          inet6 addr: fe80::2e0:18ff:fee9:d1ff/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32620755 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37738978 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:780956144 (744.7 Mb)  TX bytes:2084633824 (1988.0 Mb)
          Interrupt:9 Base address:0xa000

he-ipv6   Link encap:IPv6-in-IPv4
          inet6 addr: 2001:470:5:27::/64 Scope:Global
          inet6 addr: 2001:470:d814::/48 Scope:Global
          inet6 addr: fe80::c933:376d/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1472  Metric:1
          RX packets:94579 errors:0 dropped:0 overruns:0 frame:0
          TX packets:79632 errors:5666 dropped:0 overruns:0 carrier:56
          collisions:0 txqueuelen:0
          RX bytes:18930450 (18.0 Mb)  TX bytes:24215650 (23.0 Mb)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7351281 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7351281 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:653934425 (623.6 Mb)  TX bytes:653934425 (623.6 Mb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:201.51.55.109  P-t-P:200.222.117.76  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:44765844 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42628748 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:710517916 (677.6 Mb)  TX bytes:2538087711 (2420.5 Mb)

sit0      Link encap:IPv6-in-IPv4
          inet6 addr: ::192.168.10.50/96 Scope:Compat
          inet6 addr: ::10.192.0.1/96 Scope:Compat
          inet6 addr: ::192.168.22.50/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          inet6 addr: ::201.51.55.109/96 Scope:Compat
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:72 errors:0 dropped:0 overruns:0 frame:0
          TX packets:150 errors:4 dropped:0 overruns:0 carrier:4
          collisions:0 txqueuelen:0
          RX bytes:5784 (5.6 Kb)  TX bytes:18480 (18.0 Kb)

sit1      Link encap:IPv6-in-IPv4
          inet6 addr: fe80::c0a8:a32/10 Scope:Link
          inet6 addr: 2001:470:4:27::2/0 Scope:Global
          inet6 addr: fe80::ac0:1/10 Scope:Link
          inet6 addr: fe80::c0a8:1632/10 Scope:Link
          inet6 addr: fe80::c933:376d/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1472  Metric:1
          RX packets:263897 errors:0 dropped:0 overruns:0 frame:0
          TX packets:360346 errors:1777 dropped:0 overruns:0 carrier:1777
          collisions:0 txqueuelen:0
          RX bytes:25349252 (24.1 Mb)  TX bytes:84300059 (80.3 Mb)

[root@crobertp root]#
Logged