- _ NAT Home network
) IPv4 |
)<----> ISP <----> Router-|
Public ) |
Internet )<----> Broker <=================> Gateway machine
) IPv6 | ^
) |<----> Client <-' IPv6
IPv4
The 6-to-4 tunnel is provided by Hurricane Electric.
$CLIENT_IPV6_ADDRESS: Client IPv6 address /64 (e.g.AAAA:BBBB:1f08:CCCC::/64)$ROUTING_PREFIX: First 4 quads of routed /64 (e.g.AAAA:BBBB:1f09:CCCC)$SERVER_IPV4_ADDRESS: Server IPv4 Address (e.g.216.66.80.26)$LOCAL_IPV4_ADDRESS: The gateway machine's IPv4 address inside the NAT'd network (e.g.192.168.0.100)
Add/change:
iface eth0 inet6 static
address $ROUTING_PREFIX::1
endpoint $CLIENT_IPV6_ADDRESS
netmask 64
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint $SERVER_IPV4_ADDRESS
local $LOCAL_IPV4_ADDRESS
address $CLIENT_IPV6_ADDRESS
netmask 64
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6
Add/change:
IPV6=yes
DEFAULT_FORWARD_POLICY="ACCEPT"
Add/change:
net.ipv6.conf.all.forwarding=1
Create:
interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix $ROUTING_PREFIX::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvPreferredLifetime 30; # testing only
AdvValidLifetime 30; # testing only
};
};
With sudo:
apt-get install radvd
sysctl -w net.ipv6.conf.all.forwarding=1
/etc/init.d networking restart
/etc/init.d networking start
Clients should work automatically.
If you're using ufw for firewall configuration – and you really should use something, as IPv6 leaves you open to the world – you'll need to turn on support.
Set IPV6=yes in /etc/default/ufw, and then:
sudo ufw disable
sudo ufw enable
And then add any rules. You might need to re-add rules that were previously defined, as these will only apply to IPv4.
sudo ufw enable ssh
etc.