• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

CentOS routing help

Started by horsemen, December 21, 2010, 10:30:42 AM

Previous topic - Next topic

horsemen

I thought I was he-ipv6 is the tunnel

default dev he-ipv6  metric 1024  expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295

my LAN machine can't ping that address so I didn't think that would work.
maybe I should try somthing other than centOS for the router

cholzhauer


horsemen

I think I'll try debian, I have more experience with it as a IPV4 router.
Thanks for the help
I'll probably be back.

horsemen

I used debian and it works, you can now ping 2001:470:b115:2::1 and 2001:470:b115:2::2  ;D

THANKS for all the help

cholzhauer

Funny how easy it was that time ;)

Glad to hear it's up and working

jasonvp

#35
It seems as tho though the OP got his Linux/V6 stuff working by switching away from CentOS.  If anyone's still struggling through it, I'll provide my experience.  I just set this up today (31 December).  My configuration is a small Linux router with 3 Ethernet interfaces:

  • eth2 - Facing the cable modem
  • eth1 - Facing the public side of my LAN
  • eth0 - Facing the "private" side of my LAN (where my wireless bridge also lives)

I have a /28 of public IPv4 space from my Internet provider, which is why I have a "public" and "private" side to the router.  For v4, the router routes natively through all interfaces except when the private LAN tries to talk out to the Internet.  Then, and only then, does it NAT.

Now, for v6.  Three basic steps:

1. Set the Tunnel Up with HE and Enable IP Forwarding
Edit the following files:
/etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_AUTOCONF=no
IPV6_DEFAULTGW=<V6 Gateway on other end of Tunnel>
IPV6_DEFAULTDEV=sit1


/etc/sysconfig/network-scripts/ifcfg-sit1
DEVICE=sit1
IPV6INIT=yes
IPV6TUNNELIPV4=<V4 Remote end of Tunnel>
IPV6TUNNELIPV4LOCAL=<V4 Local end of Tunnel>
IPV6ADDR=<V6 Local end of Tunnel>


/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1


Once those files are saved, perform this as root:
service network restart

The tunnel should be up at this point.  Verify that by grabbing the v6 IP of the remote end of the tunnel and:
ping6 <v6 remote end>

2. Set up Manual v6 IPs on Router Interfaces
Assuming you have a block from HE, you'll want to pick a /64 from it and set that LAN up on the internal Ethernet interface.  Since I have 2 Ethernets, I actually have 2 /64s.  Either way, let's say eth1 is your internal LAN.  Figure out what static(!) IP address you want your router to have, and configure it thusly:

/etc/sysconfig/network-scripts/ifcfg-eth1

IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR=<your v6 router IP>
IPV6_ROUTER=yes


Most people like to IP their routers as the first IP in the subnet.  I'm a bit goofy in that I typically configure mine at the very end of the subnet.  My subnet from HE is: 2001:470:e2f8::/48.  I carved off 2 /64s from that and IP'd my router interfaces as: 2001:470:e2f8:6969:ffff:ffff:ffff:ffff/64 and 2001:470:e2f8:7777:ffff:ffff:ffff:ffff/64 (yep, I'm a pig).  I put those IPs into my ifcfg-eth0 and ifcfg-eth1 files accordingly.

Doing another:
service network restart


will bring up eth1 with the new v6 IP.

3. Enable Route Advertisement
If you want the rest of your machines to auto-config properly, you want to make sure you have the RADVD daemon installed and running.  If it isn't:
yum install radvd


The configuration for radvd is in the file /etc/radvd.conf.  A quick and dirty config for eth1 would look like:

interface eth1
{
      AdvSendAdvert on;
      MinRtrAdvInterval 30;
      MaxRtrAdvInterval 100;
      prefix <YOUR SUBNET HERE>/64
      {
              AdvOnLink on;
              AdvAutonomous on;
              AdvRouterAddr on;
      };

};


Make sure it'll start when you reboot:
chkconfig radvd on

And kick it into gear:
service radvd start

Once done, you should have a running v6 router with internal clients that are all able to connect via v6.

ETA: Fixed IP Forwarding and Default Device configurations

jas

aboron

Thanks for your summary jasonvp - that was pretty much exactly the information I needed to start getting my configs created, as I run a very similar network setup at home with 3 zones, etc.

One significant difference I have here though, my ISP gives me a dynamic IP address.  It doesn't change often, but it was preventing me from taking full advantage of automatic network scripts.  So I came up with a pair of bash scripts to help automate the changes that happen when my external IP changes.

(just fyi, I'm running Scientific Linux 6 - in case someone catches a minor variance from Centos - they are both downstream from RHEL either way)

The first script is my IP address detector, it gets run every minute via crontab:

#!/bin/bash
# checkip dev save-file run-script
NUMPARAMS=3
if [ $# -lt "$NUMPARAMS" ]
then
  echo "Usage:  checkip dev save-file change-script"
  echo "   eg:  checkip eth0 /etc/dhcp/current_ip.txt /etc/dhcp/ip_changed_script"
  echo ""
  echo "   change-script will be called with the new ip as a parameter"
  echo "   This script is best run from crontab every few minutes"
  exit 0
fi

# This method of cropping out an IP address from ifconfig is like web page scraping, and may break on future text output format changes...
current_ip=`/sbin/ifconfig "$1" | /bin/grep 'inet addr:[0-9]' | /usr/bin/tr -s " " | /bin/cut -d":" -f2 | /bin/cut -d" " -f1`
if [ -z "$current_ip" ]
then
  exit 0
fi

touch "$2"

last_ip=`cat "$2"`
if [ "$current_ip" != "$last_ip" ]
then
  echo "$current_ip" > "$2"
  $3 $current_ip
fi


The above script will save what it thinks is the current IP in the file you specify and only fires the change script if it is different (if you need to force it, delete the save file.)

the crontab line:

*  *  *  *  *  /etc/dhcp/checkip eth0 /etc/dhcp/ip.txt /etc/dhcp/ipchanged



And here is the script it runs when the IP changes (/etc/dhcp/ipchanged):

#!/bin/bash

# Do the DNS server update
TTL=3600
SERVER=ns.example.com
ZONE=example.com.
HOSTNAME=dynip.example.com.
KEYFILE=/etc/dhcp/Kdynip.example.com.+123+45678.key
/usr/bin/nsupdate -v -k $KEYFILE > /dev/null << EOF
server $SERVER
zone $ZONE
update delete $HOSTNAME A
update add $HOSTNAME $TTL A $1
send
EOF

# Ping HE from our new IPv4 address
/usr/bin/wget --delete-after --no-check-certificate "https://username:password@ipv4.tunnelbroker.net/ipv4_end.php?tid=000000" > /dev/null 2>&1

# Edit the tunnel config file to contain our new IPv4
/bin/cp -f /etc/sysconfig/network-scripts/ifcfg-sit1 /etc/sysconfig/network-scripts/ifcfg-sit1.tmp
/bin/sed -e "/^IPV6TUNNELIPV4LOCAL=/ s/IPV6TUNNELIPV4LOCAL=[0-9.]*/IPV6TUNNELIPV4LOCAL=$1/" </etc/sysconfig/network-scripts/ifcfg-sit1.tmp >/etc/sysconfig/network-scripts/ifcfg-sit1

# Wait for the dust to settle, then restart our tunnel
/bin/sleep 90 | /sbin/ifdown sit1 && /sbin/ifup sit1


This script will:
1) Contact my colo server and update my dns (change that example.com stuff for your own use, see: http://linux.yyz.us/nsupdate/ and http://dag.wieers.com/howto/bits/bind-ddns.php for how to get this set up)
2) Send a web request out my new IP to HE's simple tunnelbroker ipv4 endpoint updater, change "tid=000000" to your tunnel id and use your login/pw
3) Update the ifcfg-sit1 tunnel config file with the new IP and restart the tunnel.