Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: New to IPv6  (Read 5593 times)

PayableOnDeath

  • Newbie
  • *
  • Posts: 3
New to IPv6
« on: April 28, 2009, 01:06:35 PM »

Hi

I am fairly new to IPv6, still learning lots about it (any one got any good links to sites with good info on it regarding IPv6 let me know :) )

I am wrong in thinking I cant setup IPv6 like IPv4?

At the moment I have a public IPv4 address with some ports forwarding to private IPv4 address's
EG (X = public IP)
X.X.X.X Port 80 to 192.168.0.50
X.X.X.X Port 8080 to 192.168.51
etc

This is the sort of thing I wanted to do with IPv6 but I couldnt seem to get it to work.
I have cisco 877W setup with a IPv6 Tunnel to HE
At first I just had a /64 address which was setup on the tunnel, I then enabled IPv6 on the vlan and my PC's inside picked up a link-local address and was able to do IPv6 traffic between them, but I could get them to route out to the internet via the router, after reading some posts and trying things it wouldnt work.
so I got a /48 and after looking back on some posts with other people with cisco routers and now my PC's get Public IPv6 address's on the /48, however this opens up my PC's on internet as they have public IP's now.

is there a way I can set it up to have it like I have on IPv4?

Here is my IPv6 related config (2001:X... is /64 2001:Y... is /48 )

Code: [Select]
ipv6 unicast-routing
ipv6 cef

interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:XXX:XXX:XXX::2/64
 ipv6 enable
 tunnel source X.X.X.X
 tunnel destination X.X.X.X
 tunnel mode ipv6ip
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ipv6 address 2001:YYY:YYY::/64 eui-64
 ipv6 enable
 ipv6 nd prefix 2001:YYY:YYY::/64
!
ipv6 route ::/0 Tunnel0



Hope someone can help me with this

Thanks

David




Logged

PayableOnDeath

  • Newbie
  • *
  • Posts: 3
Re: New to IPv6
« Reply #1 on: May 03, 2009, 08:29:43 AM »

ok I guess I cant do that then sice there is no reply's, can anyone help with ipv6 firewalling on a cisco 877?
Logged

snarked

  • Hero Member
  • *****
  • Posts: 774
Re: New to IPv6
« Reply #2 on: May 03, 2009, 12:55:57 PM »

Your question doesn't make sense.  That's why there's no replies.

On IPv4, you have NAT going on, with port forwarding/redirection into a private network.

With IPv6, there is no such thing as private address space, and no use for NAT.
Logged

PayableOnDeath

  • Newbie
  • *
  • Posts: 3
Re: New to IPv6
« Reply #3 on: May 06, 2009, 01:22:50 PM »

I see
I guess that why it doesn't make much sense like I said I was new to IPv6 ;)

Do you have any advise for firewalling IPv6 on on a 877W?
I don't want any ports open inbound from the internet apart from a couple of ports.

Regards

David
Logged

rfc1180

  • Newbie
  • *
  • Posts: 2
Re: New to IPv6
« Reply #4 on: May 09, 2009, 02:25:36 PM »

David,

You will want to read up on access-lists and IOS Firewall;

I am not familiar with the Cisco 877W, but you can add IPv6 access-lists.

 (Going from memory)

ipv6 access-list ipv6-in
 permit tcp any any established
 deny ipv6 any any log

interface tunnelx (x being the tunnel number)
ipv6 traffic-filter ipv6-in in

you will want to modify to your needs.

you can also get down and dirty with ipv6 inspect commands for stateful inspection,
but ACLs should suffice.

good luck.

Billy

Logged