From 5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Mon, 11 Mar 2002 22:42:29 +0000 Subject: *BIG* IPv6 syncup. --- ipv6-6to4.howto | 98 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 70 insertions(+), 28 deletions(-) (limited to 'ipv6-6to4.howto') diff --git a/ipv6-6to4.howto b/ipv6-6to4.howto index 28543ff8..b42704b8 100644 --- a/ipv6-6to4.howto +++ b/ipv6-6to4.howto @@ -1,5 +1,4 @@ -v1.1 18th Apr 2001, Pekka Savola -v1.2 23th May 2001, Pekka Savola +v1.4 10th Jan 2002, Pekka Savola HOW TO SET UP IPV6 WITH 6TO4 ---------------------------- @@ -30,82 +29,122 @@ ASSUMPTIONS 3. You have a static, globally unique IPv4 address. This is not an absolute requirement, but the only scenario discussed here. -4. Protocol 41 (IPv6) is not being filtered in any firewall. +4. Protocol 41 (IPv6-in-IPv4) is not being filtered in any IPv4 firewall. 5. 'iproute' package is installed. This is used by default for a lot more powerful tunneling capabilities. +Note: even though 6to4 was supported with earlier releases of Red Hat Linux, +below it is assumed that the initscripts package version this +document comes with is used. + INFORMATION NEEDED ------------------ -You need to know: - -1. The IPv4 address of a 6to4 relay router +Nothing :-). -See: http://www.kfu.com/~nsayer/6to4/ for public ones. +If you want to select a specific relay (rather than automatically +selecting the closest one), you can define it with IPV6TO4_RELAY +using the list below: -Here, 194.95.108.191 (6to4.ipv6.fh-regensburg.de) is used. +http://www.kfu.com/~nsayer/6to4/ SETTING UP THE 6TO4 CONFIGURATION --------------------------------- Now, set up the configuration as follows: -1. Add 'NETWORKING_IPV6=yes' to /etc/sysconfig/network: +1. Enable IPv6 and set 6to4 pseudo-interface as default gateway in + /etc/sysconfig/network: echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network + echo "IPV6_GATEWAYDEV=tun6to4">> /etc/sysconfig/network -2. Add static routes to IPv6 Internet (this includes 6bone): - - echo "sit0 2000::/3" >> /etc/sysconfig/static-routes-ipv6 +2. Edit your outbound (Internet) interface configuration. This can be + e.g. ippp0, ppp0, eth0, or the like. Here, eth1 is used. -NOTE: sit0 is used for 6to4 routing. - -3. Edit your outbound (Internet) interface configuration. This can be -e.g. ippp0, eth0, or the like. Here, eth0 is used. /etc/sysconfig/network-scripts/ifcfg-eth0: --- DEVICE=eth0 BOOTPROTO=static ONBOOT=yes -IPADDR=xx.yy.zz.ww +IPADDR=xx.yy.zz.ww [Globally unique IPv4 address] NETMASK=aa.bb.cc.dd [IPv4 settings up to this point] IPV6INIT=yes IPV6TO4INIT=yes -IPV6TO4_RELAY=194.95.108.191 --- + Note: [i]ppp - interfaces need to be called in /etc/ppp/ip-up|down.local; + if you are not using local files by yourself, this can easily be done with: + + cd /etc/ppp + ln -s ip-up.ipv6to4 ip-up.local + ln -s ip-down.ipv6to4 ip-down.local + + USING 6TO4 ---------- 6to4 automatic tunneling is brought up when the interface is brought up. -You will see your 6to4 address prefix in device sit0 when done: +You will see your 6to4 address prefix in device tun6to4 when done: - inet6 addr: 2002:c15e:a001::1/48 Scope:Global + inet6 addr: 2002:c15e:a001::1/16 Scope:Global Note that 'c15e:a001' is the hexadecimal representation of dotted-quad IPv4 address (IPADDR= above), here '193.94.160.1'. NOTE: iproute tools give more reliable data, try e.g. '/sbin/ip addr ls'. -SUBNETTING ----------- +PROVIDING IPV6 TO YOUR LAN +-------------------------- -If you want to provide IPv6 for your LAN using your Linux system as a -router, this can be done rather easily with 6to4. +If you want to provide IPv6 for your LAN (e.g. connected on eth1) +using your Linux system as a router, this can be done rather easily with 6to4. You will need to enable IPv6 forwarding (IPV6FORWARDING=yes in /etc/sysconfig/network) and install a router advertisement daemon. One such, -'radvd' is available in Powertools. +'radvd' is available in the distribution. -You must configure the prefix your IPv4 maps to (see sit0 above) in +You must configure the prefix your IPv4 maps to (see tun6to4 above) in /etc/radvd.conf or use certain automatic hooks. This is not covered here in detail; see radvd.conf(5) and /etc/sysconfig/network-scripts/ifup-ipv6 for details. +Usually the following is enough: + +1. Make sure that radvd package is installed. + +2. Configure radvd as outlined in radvd.conf(5); the file could + be something like: + + interface eth0 + { + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 10; + prefix 0:0:0:1::/64 + { + Base6to4Interface eth0; + AdvPreferredLifetime 120; + AdvValidLifetime 300; + }; + }; + +3. Make sure radvd starts at boot and start it now: + + /sbin/chkconfig radvd on + /sbin/service radvd start + +4. Make the initscripts signal radvd to recalculate the prefix when it + changes: + + /etc/sysconfig/network-scripts/ifcfg-eth0: + + IPV6_CONTROL_RADVD=yes + MORE INFORMATION ---------------- @@ -115,6 +154,9 @@ source of IPv6 related Linux-information. ftp://ftp.isi.edu/in-notes/rfc3056.txt ("Connection of IPv6 Domains via IPv4 Clouds") is the RFC about 6to4. -ftp://ftp.itojun.org/pub/paper/draft-itojun-ipv6-transition-abuse-01.txt -("Possible abuse against IPv6 transition technologies") explains some +ftp://ftp.isi.edu/in-notes/rfc3068.txt ("An Anycast Prefix for 6to4 Relay +Routers") is the RFC about finding a close 6to4 relay automatically. + +http:://www.ietf.org/internet-drafts/draft-savola-ngtrans-6to4-security-00.txt +("Security Considerations and Enhancements for 6to4") explains some security considerations in 6to4. -- cgit v1.2.1