• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HOWTO: D-Link DIR-655 and tunnelbroker.net using Windows XP (and 2003)

Started by ykok, October 26, 2011, 11:49:32 AM

Previous topic - Next topic

kasperd

Quote from: ziddey on April 12, 2013, 03:40:45 AMthe local ipv6 is fixed for the tunnel.
Actually you can change that. But there are two caveats. HE could think your tunnel is not used because there are no responses when pinging that IP address. You can't really hide that IP address anyway, as it is going to show up in traceroutes from outside.

So ideally you would want the webserver to not listen on that IPv6 address. If it was only listening on the LAN IPv6 address, then you could hide that IPv6 address from outsiders. The WAN IPv6 address would still show up in traceroute output, but shouldn't respond to HTTP requests.

But if there is no way to configure which addresses the webserver is listening on, then the only options you have left may be to either use a strong password or put a bridging firewall in front of the router.

ykok

Quote from: ziddey on April 11, 2013, 07:09:22 PM
Have any luck getting ddns to work? ...

... The ipv6 firewall does nothing for the ipv6 local or ipv6 lan addresses. As a result, the router's web server is accessible publicly over ipv6. I've already sent dlink a few emails, but it looks like they aren't even interested in humoring me with a canned response.

Haven't used ddns at all, so I'm unable to even try to provide any advice there.

Regarding the ipv6 firewall, I've so far been unable to access my router's web server remotely (publicly), even when I try to make a rule allowing it in the firewall. But I've only found one tool to test it with (http://www.ipv6proxy.net/). You are welcome to try to access it - the information is above.

Btw. I'm running firmware 2.06B2

ziddey

Ahh, damn. So it looks like that part of the firmware is different for the DIR-657. I'm on the latest firmware released.

What are your ipv6 firewall rules?

I just double checked and indeed both my wan and lan ipv6 addresses have ports 80 and 443 accessible.

What a shame. It's a terrible router otherwise too, but at least the tunnel is able to keep up with my internet speed (was using a raspberry pi before and it seemed to max around 30-40mbps).


Thanks for testing

ykok

Yeah, I believe the 655 is way more updated - I had a quick look at the changelist last time I updated and as far as I remember quite some of the changes are related to ipv6.

I've attached a screen dump of my ipv6 firewall settings - hope it's useful.