Quick and Easy IPv6 for Debian

January 19th, 2004


A lot of people have asked about IPv6 in Debian. There have been some instructions floating around, but all of them I’ve seen are overly complex. Here’s how to set up your own 6to4 tunnel in about 5 minutes (assuming your kernel is IPV6-ready), without the need of freenet6 or any other tunnel broker. You need only a real IP address (static is best) and a basic understanding of IPv6 to proceed. This article will configure your host or your router.




These instructions set you up with 6to4, which requires no outside tunnel broker. However, there are not many 6to4 routers out there. If you are connecting to other non-6to4 sites, chances are god that performance will not be good. This is not a flaw in IPv6 itself. I suggest setting up 6to4 first, since it is fairly easy; once you have it working, then move on to others if you like.



First, you need to obtain an IPV6-ready kernel. I strongly recommend 2.6.1 or above if possible. Check the IPv6 kernel system check page to make sure your kernel is IPV6-ready, and for info on compiling a new kernel if not. In addition to basic IPv6, I also recommend that you compile in IPv6 netfilter support.


Next, you need to add a tunnel to your /etc/network/interfaces file. First, you will need to know your public IP address in IPv4. It will look something like 10.20.30.40. Next, you need to get that in IPv6 notation. Here’s a quick shell script to do that:



#!/bin/sh
printf “2002:%x%02x:%x%02x::\n” `echo $1 | sed ‘s/\./ /g’`


Just run that with your IP address as an argument. In this example, for 10.20.30.40, the result is 2002:a14:1e28::. This is your prefix. All your IP addresses will begin with that. Please see the link above for more on IPv6 addressing if you don’t understand the “::” part of this.


Now, you have all the information to create your own IPv6 tunnel. Edit /etc/network/interfaces and add these lines:



iface sit1 inet6 v4tunnel
address 2002:a14:1e28::2
netmask 64
endpoint any
local 10.20.30.40
up ip -6 route add 2000::/3 via ::192.88.99.1 dev sit1
down ip -6 route flush dev sit1
up /etc/network/ipv6rules.sh
ttl 64


The address line contains the IPv6 address you calculated above, followed by a “2”. The local line contains your local IP address. Now bring up the link with ifup sit1. You should now be able to run ping6 www.ipv6.org and get results back. If you don’t have ping6 on your system, install the iputils-ping package. If this works, add sit1 to the auto line in /etc/network/interfaces.


The /etc/network/ipv6rules.sh is a little script that closes off some ports to your system. If you don’t want to use it, delete that “up” line. Here’s one version that I recommend:



#!/bin/bash
ip6tables -F
ip6tables -I INPUT -i sit+ -p tcp –syn -j DROP
ip6tables -I FORWARD -i sit+ -p tcp –syn -j DROP
ip6tables -I INPUT -i sit+ -p udp \! –dport 32768:60999 -j DROP
ip6tables -I FORWARD -i sit+ -p udp \! –dport 32768:60999 -j DROP
ip6tables -I INPUT -i sit+ -p tcp –dport 22 -j ACCEPT
ip6tables -I FORWARD -i sit+ -p tcp –dport 22 -j ACCEPT
# Uncomment the following lines if this is a router
#echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
#echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
#echo 0 > /proc/sys/net/ipv6/conf/all/accept_redirects
#echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
#echo 0 > /proc/sys/net/ipv6/conf/all/router_solicitations


This script will close off incoming TCP connections, and UDP connections to low UDP ports, except for TCP to port 22 (ssh).


If you are setting up a host, you’re done. If this is a router, read on…


Router Configuration


If you’re setting up a router, there are a couple more quick steps. First, you need to configure your ethernet interface for ipv6. Insert a clause like this in /etc/network/interfaces:



iface eth0 inet6 static
address 2002:a14:1e28:1::1
netmask 64


Of course, replace the first first part of “address” with your real IPv6 address. (Note the added “:1::1″ after the address.) Now run ifdown eth0; ifup eth0 to make the changes take effect.


Next, apt-get install radvd and edit /etc/radvd.conf. It should end up looking like this:



interface eth0
{
AdvLinkMTU 1480;
AdvSendAdvert on;
prefix 2002:a14:1e28:1::1/64
{
};
};


Mind the semicolons (and lack thereof); radvd is picky. Now /etc/init.d/radvd restart and use ps to make sure it’s running. radvd is similar to dhcp for IPv6, but a lot easier.


At this point, your IPv6 network is ready. All clients on your network that are IPv6 capable should automatically assign themselves an IPv6 address and be ready to go. For Debian clients, all you need is IPv6 support in your kernel; you do not need to do anything on them at all.


Revisions


  • Added a note about performance (1/19/2003 7PM). Suggested by Jeroen Massar.

  • Adjusted netmasks and router subnet (1/20). Suggested by Jeroen Massar.

  • Added ttl 64 (1/20). Adapted from a suggested from Thomas Habets.

  • Corrected sit0 to read sit1

Categories: Linux

Tags: , , Leave a comment

Comments Feed13 Comments

  1. Anonymous

    “If this works, add sit0 to the auto line in /etc/network/interfaces.”

    Do you mean sit1?

    Reply

  2. Anonymous

    Yes i think so, sit1

    incontri

    Reply

    jgoerzen Reply:

    Yes, you are both correct. I’ve fixed it in the article.

    Reply

  3. Sigitas

    > /etc/network/interfaces
    > [skip]
    > local 10.20.30.40
    > [skip]
    > The local line contains your local IP address.

    well.. but 10.20.30.40 is used as an external ip address in this example (although 10.*.*.* address space is reserved for internal networks). So, given all that, I am rather confused what should be entered in that “local” line?

    Reply

    jgoerzen Reply:

    You’re right, it should be a public IP address… I didn’t want to use a real public IP address for this example.

    Reply

  4. AnonymousCoward

    what is this 192.88.99.1 address?

    Reply

    jgoerzen Reply:

    That is the anycast IP address that results in the nearest IPv4-to-IPv6 gateway.

    Reply

  5. Pedro Neto

    Very cool, but I have some questions:

    Why that number ‘2’ at the end of the generated IPv6? Could be another number?

    Why ttl is configured to ’64’? any especial motivation?

    What means “endpoint any”?

    thanks

    Reply

    Timothy Reply:

    endpoint any means it will go to any ipv4 address (think default gateway for ipv4 or routed to 0.0.0.0/0

    Reply

  6. Anonymous

    How can I configure my eth0 to work with ipv6 when using dhcp?

    Reply

  7. Zarrar

    I installed radvd using apt-get install radvd on my debian machine but the /etc/radvd.conf is missing.
    Am i supposed to create it myself or it is created automatically durign radvd package installation?
    please help

    Reply

    jgoerzen Reply:

    You’ll need to create it yourself. I believe there is a manpage for that.

    Reply

  8. volter

    Help about create a lab ipv6 networking…please
    I am just a newer to study Linux for IPV6,and I have referenced Ipv6+linux’s howto
    and i got a similiar problem when i tried to form an experimental ipv6 web,could you help me?
    And my problem is as follow:
    there are two ipv6 websites isolated by one ipv4 web ,and i want to enable both ends ipb6 web can visit each other,and the whole web is simulated by five pc ,each with two network cards, the physical topological struct is formed as :
    A[eth0,eth1]–B[eth0,eth1]–C[eth0,eth1]–D[eth0,eth1]–E[eth0,eth1]
    A:
    eth0:Not used at present
    eth1:202.192.1.1 2002:cac0:0102:1::3/64
    B:
    eth0:202.192.1.2 2002:cac0:0102:1::2/64
    eth1:202.192.2.2 —-tun6to4 2002:cac0:0102:1::1/64
    C:
    eth0:202.192.2.3
    eth1:202.192.3.3
    D:
    eth0:202.192.3.4 —-tun6to4 2002:cac0:0404:1::1/64
    eth1:202.192.4.4 2002:cac0:0404:1::2/64
    E:
    eth0:202.192.4.5 2002:cac0:0404:1::3/64
    eth1:Not used at present
    and i have configed the web to make all the nodes can connect with each other as ipv4 network first, then i created a tunnel between B:eth0 and D:eth1,I wanted to ues them as tunnel server,my operating system is redhat 9.0,and my operration is as following:
    B:eth0
    >ip tunnel add tun6to4 mode sit ttl 254 remote 202.192.4.4 local 202.192.1.2
    >ip link set dev tun6to4 up
    >ip addr add 2002:cac0:0102:1::1/16 dev tun6to4
    >ip route add 2002::/16 dev tun6to4

    D:eth1
    >ip tunnel add tun6to4 mode sit ttl 254 remote 202.192.1.2 local 202.192.4.4
    >ip link set dev tun6to4 up
    >ip addr add 2002:cac0:0404:1::1/16 dev tun6to4
    >ip route add 2002::/16 dev tun6to4

    and these two ends can connect smoothly with each other with ipv6 address

    then, i created bidirectional tunnels between A:eth1 and B:eth0 ,between D:eth! and E:eth0 and each created tunnel’s end can connect with the other, but i A could not visit D and E,E could not visit A and B, and i have been at a loss at this focus, please help me,Thanks!

    Reply

Leave a comment

 

Feed

http://changelog.complete.org / Quick and Easy IPv6 for Debian