Onderwerp bekijken
Alle modems geleverd door XS4ALL, waaronder de FRITZ!Box 7170.
IPv6 routing xs4all 7390
|
|
jwillem |
Geplaatst op 09 January 2013, 13:05
|
Activiteit » Rotterdam » 3053ej » FRITZ!Box 7390 glas Berichten: 1 Lid sinds: 09 Jan 2013 |
Ik heb een 7390. Heb prima werkend IPv6. Alleen alle adressen komen uit op lokale lan. Ik wil graag experimenteren met ipv6 en verkeer bijvoorbeeld door cisco firewall sturen, en dan intern op verschillende netwerken zetten. Maar daarvoor moet ik eigenlijk ipv6 static kunnen routen. Maar die optie is er niet ( wel ipv4) Wat is een slimme truuk om ipv6 routeerbaar te krijgen, achter fritzbox? Een linux computer die zich als een soort proxy-arp voordoet ( proxy arp is ipv4 term) voor alle mogelijke adressen en waarmee ik in de linx route statements kan geven? Deze jongens zoeken ook zo'n soort een oplossing, http://www.ipsidixit.net/2010/03/24/239/ met een computer die met Neighbor Discovery reargeerd op alle adressen. Of ik snap het niet -> ik ben nieuw in ipv6. Eventueel kan ik ook een ander modem kopen, maar een linksys die mij door xs4all-vraagbaak werd aangeprezen lijkt ook niet echt ipv6 routing te hebben http://www.draytek.com/.upload/Demo/Vigor2750_v1.4.1/ iemand een idee? |
|
|
hvegt |
Geplaatst op 10 January 2013, 09:50
|
Activiteit Berichten: 10 Lid sinds: 13 Mar 2010 |
Een extra tunnel inrichten naar een linux systeem en vandaar firewalls en netwerken inrichten is dat een optie ? Zelf zit ik ook met ongeveer die vraag maar dan net iets anders, nl heb nu een beperkte ip6 tunnel via mijn server met eigen ingerichte firewall, maar als ik een nieuwe router krijg krijg ik ook IP6 standaard binnen, ben dan bang dat alles onbeperkt naar binnen en buiten gaat zonder dat ik daar veel invloed op heb. Gewijzigd door hvegt op 10 January 2013, 09:56 Henry
|
|
|
gandalf |
Geplaatst op 10 January 2013, 22:03
|
Activiteit » eindhoven » 5642AG » Internet » FRITZ!Box 7390 glas Berichten: 7 Lid sinds: 16 Oct 2012 |
[img][/img]Goh misschien zit de oplossing in bijgevoegd schema. Als ipv de fritzbox een router die ipv6 neemt kan je aan de andere zijde naar hartelus andere netwerken definieren. Wel graag nummer in de hobby sfeer nemen en de nameserver in de router goed instellen zodat jouw interne nummers niet op het grote netwerk gezocht gaan worden. Maar je moet wel zeker weten wat je doet want van XS4ALL hoef je dan geen hulp te verwachten. En er kan een hoop fout gaan. de fritzbox staat standaard dicht en een eigen router zul je eerst zelf dicht moeten maken. |
|
|
teushagen |
Geplaatst op 06 April 2013, 14:04
|
Activiteit » Internet & TV » FRITZ!Box 7390 glas » Basispakket » Motorola VIP1963 Berichten: 1 Lid sinds: 05 Apr 2013 |
The next is describing how I made my home LAN subnet using IPV6 to the outside world. This is a solution from a newbee for a LAN IPV6 subnet behind a Fitz!Box and a subnet LAN router based on Linux. How To have your own IPV6 Home LAN subnet behind a FritzBox The poblem: FritzBox (in my case FB 7390) did not route IPV6 traffic back to a machine on my home server LAN. Eg a LAN station did not get responses from any internet IPV6 host. Or e.g. a wifi F!B laptop could not connect via IPV6 to a Home LAN station behind the DMZ/LAN router Situation: outside world IPV6-> F!B <-DMZ IPV6 subnet 1 ->eth1 (Ubuntu) LAN router eth2 <-LAN IPV6 subnet fc ->LAN machines/stations. The FritzBox is running firmware 05.22 international (latest April 2013). I have tried the solution with F!B firmware 05.50 (Int beta, 3 weeks ago). I received the beta firmware from AVM to do some tests on this problem. This firmware gave the same results. Pity enough the AVM did njot send me solutions either. The following is based on an article of Ruud@ xs4all.ipv6.narkive.com, subject: Linux ipv6 router *achter* de Fritz of 29 April 2012 (google for it!). If you have a dynamic IPV6 address from your ISP these instructions should be followed. Intro I received a fixed IPV6 prefix from my ISP (48 bis). Which allowed me to configure own IPV6 addresses and make my domain names IPV6 ready. (Even: My ISP talks about prefix number preservation, which would be cool.). I prefer to use static IPV6 addresses (e.g. internal DNS, ssh and other applications need that for security reasons). So I had to look for a not dynamic and less automatic F!B IPV6 subnet routing solution. First a quick and dirty solution: With a telnet connection to the F!B you can add manualy the IPV6 route ("ip -6 route add PREFIXsubnet/64 via FE80::MACid dev XYZ"; where MACid of the NIC of your home server, and dev XYZ of your FB DMZ side). And ... avoid an FB power cycle! Warning : AVM will when they discover configuration changes done not from the web interface to support you! The following does not use this telnet trick and avoids the AMV telnet we-do-not-support excuse. My solution: Use http://service.avm.de/support/en/SKB/...me-network to make the F!B aware that you have a Home LAN subnet as well to force the F!B to answer requests on subnet information, your home lan subnet ID. Warning: Do not invent an own subnet ID! Be aware that the F!B will use subnets 0 (outside world), 1 (DMZ subnet) and (!) subnet 2 (guest!). So /62-/64 bits are used by your F!B. E.g. a subnet 2 for your LAN will never succeed. http://fritz.box/html/support.html will provide you with information about your F!B configuration and in much more detail (IPV4 FritzBox guest network is 192.168.179.0/24). Conclusion: you need to get a routed subnet ID from your F!B somehow! Something like this prefix YourISPprefix:SubnetID::/62. E.g. 2001:1234:5678:fc:59a2:14e8:cab:a559, where 2001:1234:5678::/48 is your IPOV6 prefix, where 59a2:14e8:cab:a559 is identifying your home router network interface card and where eg :fc: (16 subnet bits /48 - /64) is the subnet ID to be used, the one where we are looking for. With the subnet ID provided by the F!B we can configure now the IPV6 addresses on the LAN machines: eg "ip -6 address add PREFIX:fc:MACid", where PREFIX is the prefix given by your ISP (first 48 bits or more max 56 bits!), :fc: is the subnet ID and MACid is eg obtained via the link address fe80::MACid as shown by an ifconfig command. How to obtain your LAN subnet ID? Use the following 4 steps on your home LAN Linux router: Note: change "eth1" (DMZ Linux subnet router) and "eth2" (LAN Linux subnet router) to your situation. 1. Use the wide-dhcpv6-client package (eg "apt-get install wide-dhcpv6-client"). /etc/defaults/wide-dhcpv6-client has now: INTERFACES="eth1 eth2" stop the deamon: /etc/init.d/wide-dhcpv6-client stop The /etc/wide-dhcpv6/dhcp6c.conf should look like this: --------------------- /etc/wide-dhcpv6/dhcp6c.conf # eth1 is DMZ part, FritzBox connection interface eth1 { # Identity Association for Prefix Delegation send ia-pd 0; # Identity Association for Non-temp Addresses # send ia-na 0; # and wait for immediate reply send rapid-commit; # script will update resolv.conf #script "/etc/wide-dhcpv6/dhcp6c-script"; request domain-name-servers; }; # Identity Assopciation for Prefix Delegation id-assoc pd 0 { # how the prefix is built eth2 interface to LAN prefix-interface eth2 { sla-id 1; # more as 2 bits did not fly with F!B sla-len 2; # ifid default EUI-64 as address }; }; -------------------- Note: the shell "dhcp6c-script" will update /etc/resolv.conf for DNS lookups. 2. The Linux subnet router needs to forward packages from/to LAN machines, so make sure /etc/sysctl.conf has the following: -------------------- /etc/sysctl.conf ... # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1 # router advertisement accept net.ipv6.conf.eth1.accept_ra=2 net.ipv6.conf.eth2.accept_ra=0 # do not use MAC in ipv6 address #net.ipv6.conf.all.use_tempaddr=2 #net.ipv6.conf.default.use_tempaddr=2 ... -------------------- and activate the new settings: sysctl -p Note: eg echo 2 >/proc/net/ipv6/conf/eth1/accept_ra does the same, but this setting will not survive a reboot. 3. The Linux subnet router needs to be advertised. The /etc/radvd.conf (install via apt-get install radvd) should look like this: -------------------- /etc/radvd.conf # using conf hints from # April 2012, Ruud subject: Linux ipv6 router *achter* de Fritz # article on xs4all.ipv6.narkive.com # # DMZ interface to eg F!B and outside world: eth1 # Home LAN interface eth2 interface eth2 { AdvSendAdvert on; # send advertisements on this interface MinRtrAdvInterval 3; # how often advertisements are sent MaxRtrAdvInterval 30; # at least every seconds AdvDefaultPreference low; # other advertisements are better AdvHomeAgentFlag off; # AdvOtherConfigFlag on; # force non RFC 6106 clients a dns address prefix ::/64 { AdvOnLink on; # each sharing this prefix is on same local link AdvAutonomous on; # use this prefix to autoconfig your address AdvRouterAddr off; # advertise router address }; }; ---------------------- and restart the radvd deamon: /etc/init.d/radvd restart 4. And NOW: get the subnet ID from the F!B box: start dhcp6c from the command line, in the foreground and debugging on: "dhcp6c -D -f -c /etc/wide-dhcpv6/dhcp6c.conf eth1 eth2" and look at the output for update_prefix message, eg: update_prefix: create a prefix 2001:1234:5678:fc::/62 pltime=3600, vltime=7200 Here is your subnet ID ":fc:" and your ISP prefix is: "2001:1234:5678::/48". Denote the /62 prefix size! (the reason why sla-len is 2 in radvd.conf.) With the ISP prefix and subnet info (probably "fc") we have enough information to assign IPV6 addresses to the interfaces on the LAN machines, eg: "ip -6 address add 2001:1234:5678:fc:MACid/64 dev eth2" (where MACid is obtained from the fe80::MACid address via the "ifconfig eth2" command for the eth2 interface of the LAN subnet router. If no default route appears on a LAN machine or you are impatient to wait for the automatic route addition, you can try: "ip -6 route add default via fe80::MACid dev eth0 proto kernel" where MACid is the link address of eth2 of the LAN subnet router and eth0 is the interface of the LAN machine. Cross your fingers that the F!B will not change ISPprefix and subnet ID (eg "fc") somewhere in the future. Add manual (static) interface and routing changes eg to or /etc/network/interfaces, /etc/NetworkManager/system-connections/* or /etc/rc.local in order to survive a reboot. If you notice errors, or have better suggestions, or an easier way do not hesitate say so. |
|
|
Deze website gebruikt Awin affiliate links en Google advertenties, om deze service voor iedereen gratis te houden.
| |
Spring naar forum: |
Gebruik BBcode of HTML om naar; 'IPv6 routing xs4all 7390', te verwijzen!
BBcode: | |
HTML: |
Vergelijkbare onderwerpen
Onderwerp | Forum | Laatste bericht | |
---|---|---|---|
New service by KPN for XS4ALL VOIP Customers | Eigen telefoon netwerk | : 3 | 05 Jun 2022 |
Migratie XS4ALL naar KPN problemen VPN | Usenet | : 12 | 05 May 2022 |
F-SAFE by XS4ALL batterijverbruik | Algemeen | : 2 | 30 Nov 2021 |
overstappen naar xs4all grote fout? | Algemeen | : 10 | 11 Aug 2021 |
Config for VLAN Tags required? - XS4ALL with Draytek Vigor 167 | XS4ALL met eigen modem/router | : 5 | 19 Jun 2021 |
Advertentie