Onderwerp bekijken
Alle modems geleverd door XS4ALL, waaronder de FRITZ!Box 7170.
 Onderwerp afdrukken
IPv6 routing xs4all 7390
jwillem
Ik heb een 7390. Heb prima werkend IPv6.
Alleen alle adressen komen uit op lokale lan.
Ik wil graag experimenteren met ipv6 en verkeer bijvoorbeeld door cisco firewall sturen, en dan intern op verschillende netwerken zetten.
Maar daarvoor moet ik eigenlijk ipv6 static kunnen routen.
Maar die optie is er niet ( wel ipv4)

Wat is een slimme truuk om ipv6 routeerbaar te krijgen, achter fritzbox?
Een linux computer die zich als een soort proxy-arp voordoet ( proxy arp is ipv4 term) voor alle mogelijke adressen en waarmee ik in de linx route statements kan geven?

Deze jongens zoeken ook zo'n soort een oplossing,
http://www.ipsidixit.net/2010/03/24/239/
met een computer die met Neighbor Discovery reargeerd op alle adressen.

Of ik snap het niet -> ik ben nieuw in ipv6.

Eventueel kan ik ook een ander modem kopen, maar een linksys die mij door xs4all-vraagbaak werd aangeprezen lijkt ook niet echt ipv6 routing te hebben
http://www.draytek.com/.upload/Demo/Vigor2750_v1.4.1/

iemand een idee?
 
hvegt
Een extra tunnel inrichten naar een linux systeem en vandaar firewalls en netwerken inrichten is dat een optie ?
Zelf zit ik ook met ongeveer die vraag maar dan net iets anders, nl heb nu een beperkte ip6 tunnel via mijn server met eigen ingerichte firewall, maar als ik een nieuwe router krijg krijg ik ook IP6 standaard binnen, ben dan bang dat alles onbeperkt naar binnen en buiten gaat zonder dat ik daar veel invloed op heb.
Gewijzigd door hvegt op 10 January 2013, 09:56
Henry
 
gandalf
[img][/img]Goh misschien zit de oplossing in bijgevoegd schema.

Als ipv de fritzbox een router die ipv6 neemt kan je aan de andere zijde naar hartelus andere netwerken definieren.
Wel graag nummer in de hobby sfeer nemen en de nameserver in de router goed instellen zodat jouw interne nummers niet op het grote netwerk gezocht gaan worden.
Maar je moet wel zeker weten wat je doet want van XS4ALL hoef je dan geen hulp te verwachten. En er kan een hoop fout gaan. de fritzbox staat standaard dicht en een eigen router zul je eerst zelf dicht moeten maken.
 
teushagen
The next is describing how I made my home LAN subnet using IPV6 to the outside world.
This is a solution from a newbee for a LAN IPV6 subnet behind a Fitz!Box and a subnet LAN router based on Linux.

How To have your own IPV6 Home LAN subnet behind a FritzBox

The poblem:
FritzBox (in my case FB 7390) did not route IPV6 traffic back to a machine on my home server LAN.
Eg a LAN station did not get responses from any internet IPV6 host.
Or e.g. a wifi F!B laptop could not connect via IPV6 to a Home LAN station behind the DMZ/LAN routerFrown

Situation:
outside world IPV6-> F!B <-DMZ IPV6 subnet 1
->eth1 (Ubuntu) LAN router eth2 <-LAN IPV6 subnet fc
->LAN machines/stations.

The FritzBox is running firmware 05.22 international (latest April 2013).
I have tried the solution with F!B firmware 05.50 (Int beta, 3 weeks ago). I received the beta firmware from AVM to do some tests on this problem. This firmware gave the same results. Pity enough the AVM did njot send me solutions either.

The following is based on an article of Ruud@ xs4all.ipv6.narkive.com, subject: Linux ipv6 router *achter* de Fritz of 29 April 2012 (google for it!).
If you have a dynamic IPV6 address from your ISP these instructions should be followed.

Intro
I received a fixed IPV6 prefix from my ISP (48 bis). Which allowed me to configure own IPV6 addresses and make my domain names IPV6 ready. (Even: My ISP talks about prefix number preservation, which would be cool.).
I prefer to use static IPV6 addresses (e.g. internal DNS, ssh and other applications need that for security reasons).
So I had to look for a not dynamic and less automatic F!B IPV6 subnet routing solution.

First a quick and dirty solution:Secret
With a telnet connection to the F!B you can add manualy the IPV6 route ("ip -6 route add PREFIXsubnet/64 via FE80::MACid dev XYZ"; where MACid of the NIC of your home server, and dev XYZ of your FB DMZ side). And ... avoid an FB power cycle!
Warning Bye-sad: AVM will when they discover configuration changes done not from the web interface to support you!

The following does not use this telnet trick and avoids the AMV telnet we-do-not-support excuse.
My solution:
Use http://service.avm.de/support/en/SKB/...me-network to make the F!B aware that you have a Home LAN subnet as well to force the F!B to answer requests on subnet information, your home lan subnet ID.

Warning: Do not invent an own subnet ID!
Be aware that the F!B will use subnets 0 (outside world), 1 (DMZ subnet) and (!) subnet 2 (guest!). So /62-/64 bits are used by your F!B. E.g. a subnet 2 for your LAN will never succeed.
http://fritz.box/html/support.html will provide you with information about your F!B configuration and in much more detail (IPV4 FritzBox guest network is 192.168.179.0/24).

Conclusion: you need to get a routed subnet ID from your F!B somehow!
Something like this prefix YourISPprefix:SubnetID::/62. E.g. 2001:1234:5678:fc:59a2:14e8:cab:a559, where 2001:1234:5678::/48 is your IPOV6 prefix, where 59a2:14e8:cab:a559 is identifying your home router network interface card and where eg :fc: (16 subnet bits /48 - /64) is the subnet ID to be used, the one where we are looking for.
With the subnet ID provided by the F!B we can configure now the IPV6 addresses on the LAN machines:
eg "ip -6 address add PREFIX:fc:MACid", where PREFIX is the prefix given by your ISP (first 48 bits or more max 56 bits!), :fc: is the subnet ID and MACid is eg obtained via the link address fe80::MACid as shown by an ifconfig command.

How to obtain your LAN subnet ID?

Use the following 4 steps on your home LAN Linux router:
Note: change "eth1" (DMZ Linux subnet router) and "eth2" (LAN Linux subnet router) to your situation.

1. Use the wide-dhcpv6-client package (eg "apt-get install wide-dhcpv6-client").
/etc/defaults/wide-dhcpv6-client has now: INTERFACES="eth1 eth2"
stop the deamon: /etc/init.d/wide-dhcpv6-client stop
The /etc/wide-dhcpv6/dhcp6c.conf should look like this:
--------------------- /etc/wide-dhcpv6/dhcp6c.conf
# eth1 is DMZ part, FritzBox connection
interface eth1 {
# Identity Association for Prefix Delegation
send ia-pd 0;
# Identity Association for Non-temp Addresses
# send ia-na 0;
# and wait for immediate reply
send rapid-commit;
# script will update resolv.conf
#script "/etc/wide-dhcpv6/dhcp6c-script";
request domain-name-servers;
};

# Identity Assopciation for Prefix Delegation
id-assoc pd 0 {
# how the prefix is built eth2 interface to LAN
prefix-interface eth2 {
sla-id 1;
# more as 2 bits did not fly with F!B
sla-len 2;
# ifid default EUI-64 as address
};
};

--------------------
Note: the shell "dhcp6c-script" will update /etc/resolv.conf for DNS lookups.

2. The Linux subnet router needs to forward packages from/to LAN machines,
so make sure /etc/sysctl.conf has the following:
-------------------- /etc/sysctl.conf
...
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1

# router advertisement accept
net.ipv6.conf.eth1.accept_ra=2
net.ipv6.conf.eth2.accept_ra=0

# do not use MAC in ipv6 address
#net.ipv6.conf.all.use_tempaddr=2
#net.ipv6.conf.default.use_tempaddr=2

...
--------------------
and activate the new settings: sysctl -p
Note: eg echo 2 >/proc/net/ipv6/conf/eth1/accept_ra does the same, but this setting will not survive a reboot.

3. The Linux subnet router needs to be advertised.
The /etc/radvd.conf (install via apt-get install radvd) should look like this:
-------------------- /etc/radvd.conf
# using conf hints from
# April 2012, Ruud subject: Linux ipv6 router *achter* de Fritz
# article on xs4all.ipv6.narkive.com
#

# DMZ interface to eg F!B and outside world: eth1

# Home LAN interface eth2
interface eth2
{
AdvSendAdvert on; # send advertisements on this interface
MinRtrAdvInterval 3; # how often advertisements are sent
MaxRtrAdvInterval 30; # at least every seconds
AdvDefaultPreference low; # other advertisements are better
AdvHomeAgentFlag off; #
AdvOtherConfigFlag on; # force non RFC 6106 clients a dns address

prefix ::/64
{
AdvOnLink on; # each sharing this prefix is on same local link
AdvAutonomous on; # use this prefix to autoconfig your address
AdvRouterAddr off; # advertise router address
};
};

----------------------
and restart the radvd deamon: /etc/init.d/radvd restart

4. And NOW: get the subnet ID from the F!B box:
start dhcp6c from the command line, in the foreground and debugging on:
"dhcp6c -D -f -c /etc/wide-dhcpv6/dhcp6c.conf eth1 eth2"
and look at the output for update_prefix message, eg:
update_prefix: create a prefix 2001:1234:5678:fc::/62 pltime=3600, vltime=7200
Here is your subnet ID ":fc:" and your ISP prefix is: "2001:1234:5678::/48".
Denote the /62 prefix size! (the reason why sla-len is 2 in radvd.conf.)

With the ISP prefix and subnet info (probably "fc") we have enough information to assign IPV6 addresses to the interfaces on the LAN machines, eg:
"ip -6 address add 2001:1234:5678:fc:MACid/64 dev eth2" (where MACid is obtained from the fe80::MACid address via the "ifconfig eth2" command for the eth2 interface of the LAN subnet router.
If no default route appears on a LAN machine or you are impatient to wait for the automatic route addition, you can try:
"ip -6 route add default via fe80::MACid dev eth0 proto kernel"
where MACid is the link address of eth2 of the LAN subnet router and eth0 is the interface of the LAN machine.

Cross your fingers that the F!B will not change ISPprefix and subnet ID (eg "fc") somewhere in the future.
Add manual (static) interface and routing changes eg to or /etc/network/interfaces, /etc/NetworkManager/system-connections/* or /etc/rc.local in order to survive a reboot.

If you notice errors, or have better suggestions, or an easier way do not hesitate say so.
 
Deze website gebruikt Awin affiliate links en Google advertenties, om deze service voor iedereen gratis te houden.
Spring naar forum:
Nieuw onderwerp Antwoorden
Gebruik BBcode of HTML om naar; 'IPv6 routing xs4all 7390', te verwijzen!
BBcode:
HTML:
Vergelijkbare onderwerpen
Onderwerp Forum         Laatste bericht
New service by KPN for XS4ALL VOIP Customers Eigen telefoon netwerk : 3 05 Jun 2022
Migratie XS4ALL naar KPN problemen VPN Usenet : 12 05 May 2022
F-SAFE by XS4ALL batterijverbruik Algemeen : 2 30 Nov 2021
overstappen naar xs4all grote fout? Algemeen : 10 11 Aug 2021
Config for VLAN Tags required? - XS4ALL with Draytek Vigor 167 XS4ALL met eigen modem/router : 5 19 Jun 2021
Advertentie