Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Help me find a suitable distro compatible with HE  (Read 6901 times)

freebul

  • Newbie
  • *
  • Posts: 4
Help me find a suitable distro compatible with HE
« on: May 03, 2012, 04:02:32 AM »

I registered an account and create a tunnel from Hurricane Electric, for that I hear only good reviews.
So far everything is great, but I have a problem that I can not solve.
For routing platform I use Freesco 0.44, which however is an old kernel 2.0.40 and not supports IPv6.
I am looking for a modern alternative to the Freesco, which supports mandatory Full Cone NAT for IPv4, which is very important to me.
Thanks in advance.
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 272
    • aRDy Music
Re: Help me find a suitable distro compatible with HE
« Reply #1 on: May 03, 2012, 06:09:28 AM »

Any linux distribution should do. The nat functionality and configuration is a function of the kernel, and userland utils which are installed by default on all linux distributions.
Logged

jtcloe

  • Newbie
  • *
  • Posts: 48
Re: Help me find a suitable distro compatible with HE
« Reply #2 on: May 03, 2012, 02:40:04 PM »

Just for fun, I threw up a Fedora 16 box up and had a working tunnel in less than 2 minutes (not counting time to load fedora).

Are you sure you need "Full Cone NAT", Its surprising how much that term is mis-understood, and even when the "NAT" part is setup correctly its also an incredible security hole the way most people end up setting it up, as its typically done for convenience, leaving security holes wide open.

I've seen more boxes hacked into because someone insisted that a vendor (or on their own) setup FCnat, all under the assumption that nat=security or nat=firewall, IT DOESN'T, and FCnat is the biggest hole of them all.
Logged

freebul

  • Newbie
  • *
  • Posts: 4
Re: Help me find a suitable distro compatible with HE
« Reply #3 on: May 03, 2012, 03:21:45 PM »

Of course that NAT is not firewalling.
It is only Network Address Translation.
If my ISP gives me a /24 subnet I will not use any NAT only routing and firewall, but the IP address is just only one.
Logged

jtcloe

  • Newbie
  • *
  • Posts: 48
Re: Help me find a suitable distro compatible with HE
« Reply #4 on: May 03, 2012, 03:44:29 PM »

Of course that NAT is not firewalling.
It is only Network Address Translation.
If my ISP gives me a /24 subnet I will not use any NAT only routing and firewall, but the IP address is just only one.
Full Cone NAT doesn't work with just one IP.
Logged

freebul

  • Newbie
  • *
  • Posts: 4
Re: Help me find a suitable distro compatible with HE
« Reply #5 on: May 03, 2012, 04:52:58 PM »

Full Cone NAT works for me without any problem, but as I wrote with kernel 2.0.40.
I want to clarify the following:
Full Cone NAT allows any external host to use the existing state table entry to access the internal host, kind of like a temporary port forward.
1:1 NAT is a mode of NAT that maps one internal address to one external address.
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1751
Re: Help me find a suitable distro compatible with HE
« Reply #6 on: May 03, 2012, 04:55:39 PM »

Can you just not download a more recent kernel (2.4 or 2.6) and compile it on whatever this distro is? Last I heard you can compile things on Linux, like the kernel :)
Logged

jtcloe

  • Newbie
  • *
  • Posts: 48
Re: Help me find a suitable distro compatible with HE
« Reply #7 on: May 03, 2012, 05:06:42 PM »

Full Cone NAT = 1:1 NAT.

You haven't said what the application is or why people need to get to you from the outside, but it sounds like with some carefully crafted nat rules in your firewall there shouldn't be a problem, and probably more secure in the long run.

As far as the IPv6 side, it really is as simple as creating a ifcfg file for the tunnel, adding an v6 IP to the inside interface, (I have mine directly on a real IP for the "outside"), turn on IPv6 forwarding, setup radvd, and write any firewall rules you want, and you have a working IPv6 router/firewall.
Logged

freebul

  • Newbie
  • *
  • Posts: 4
Re: Help me find a suitable distro compatible with HE
« Reply #8 on: May 04, 2012, 07:06:41 AM »

Thanks for answers, I will continue to seek a solution to my problem elsewhere.
And remember:  Full Cone NAT is not 1:1 NAT
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 272
    • aRDy Music
Re: Help me find a suitable distro compatible with HE
« Reply #10 on: May 04, 2012, 11:36:50 AM »

I gave you a solution. Any linux distribution will do. The rest is an exercise of configurationon your part.
Logged