• A second life for the Linksys, part 2

    From Michiel van der Vlist@2:280/5555 to All on Tue Aug 6 11:46:53 2019
    From Fidonews #32 2011:

    A SECOND LIFE FOR THE LINKSYS PArt 2
    By Michiel van der Vlist, 2:280/5555


    Last week I described how to set up a 6in4 tunnel on the Linksys
    WRT54GL. This article describes how to provide IPv6 connectivity
    to your machines connected to the LAN.

    First you have to enable IPv6 on your systems if it isn't already. Go
    to the command line and type "Ipconfig" for Windows or "ifconfig" for
    *nix. If you see an address that starts with fe80:: then IPv6 is ena-
    bled. That address is a so called link local address.

    Windows XP SP2/3 is IPv6 capable, but it is not enabled by default.
    From an account with administrator rights type "IPV6 INSTALL" on the
    command line to enable it.

    IPv6 has a mechanism called "router advertisements". A router announces
    itself on the local link by regularly sending out router advertisements
    to all nodes on the local link. A node that needs router information
    can also send out a router sollicitaion message to have all routers on
    the link send out a router advertisement message instead of waiting for
    the next broadcast.

    The router adverisement contains, among other thing, the subnet prefix
    to be used by the nodes on the local link. There is a mechanism called
    "prefix delegation" to let a router be assigned a subnet from its
    uplink, but this mechanism is not supported by the he.net and sixxs
    tunnels and AFAIK, openwrt does not support it either, so the subnet
    has to be configured manually. The he.net tunnels come with a /64
    subnet by default, sixxs gives you a /48 on request. Note that the
    subnet address and the tunnel address are not the same. The tunnel
    address also uses a full /64, but that can not be used a a subnet.

    Use cut and paste for the addresses if you can. a typo is easily made
    you will have a hard time finding the error if it does not work.

    Go to the file /etc/config/network and find the following section:

    [code]

    #### LAN configuration
    config interface lan
    option type bridge
    option ifname "eth0.0"
    option proto static
    option ipaddr 192.168.1.1
    option netmask 255.255.255.0
    [/code]

    Add the following lines:

    [code]

    # add the subnet prefix to the LAN interface
    option ip6addr 2001:470:1f15:1117::1/64
    [code]

    Do not ommit the /64, it won't work without it. For the address use the
    one that the tunnel broker gave you as the subnet prefix. If you have
    a /48 use any /64 within the /48 range.

    We also need to tell the firewall to forward packets from the LAN to
    the tunnel. Add the following section to /etc/config/firewall

    [code]

    # Forwarding van lan naar de he.net tunnel

    config forwarding
    option src lan
    option dst henet
    [/code]


    That completes the basic setup to have all your machines on the LAN
    access the IPv6 internet. They should all get a at least one global
    IPv6 address and you should be able to make outgoing IPv6 connections.

    Surf to http://www.kame.net. If you see the turtke dance, you have
    IPv6. Surf to http://www.test-ipv6.com to see more details about your
    IPv6 connection. That site BTW, is run by a former FideNet sysop:
    Jason Fesler, the author of GIGO.

    Other useful test sites are ipv6-test.com and ipv6-speedtest.net.


    This completes the setup for client use. The OpenWrt firewall - as
    any decent firewall should - blocks all unsolicited incoming packets
    by default. If you wish to run IPv6 capable servers on any of your
    systems, you have to open the required ports and enable IPv6 forwar-
    ding. I have not experimented with that yet. You can find the infor-
    mation on the the official openwrt site, where you can find almost all
    of the information on how to play with your new toy. http://openwrt.org

    Enjoy.


    ¸ Michiel van der Vlist, all rights reserved.
    Permission to publish in the FIDONEWS file scho and the FIDONEWS
    discussion echo as originating from 2:2/2

    ---
    * Origin: he.net certified sage (2:280/5555)