Get your network IPv6 ready with ease

June 8, 2011 is World IPv6 Day. If you don't know what that means (and you want to find out), then here are some links. This post is targeted toward tech-savvy people who (1) haven't had a chance to IPv6-enable their networks, (2) want to do it, and (3) don't want it to be a big hassle. I am one such person, and I decided to forgo #3 in order to help others to do this.

Chances are, your ISP doesn't give you native IPv6 addresses. In this case, you still have the ability to access IPv6 resources on the Internet. You just have to go through an intermediary. There are multiple methods and protocols to do this - Teredo, 6to4, and 6in4, to name a few. In this post I'll focus on the one I used, 6to4. The reason I used it is that it's very easy to set up as well as to test whether the method is available to you.

Let's start with the requirements. First, you'll need a router that is compatible with the Tomato custom firmware. See the compatibility table here. Since you're IPv6-enabling your entire network, this must be done at the router level. If your router doesn't support Tomato, then this guide will be of limited use to you. Second, the client computers on your network should be IPv6 ready. Modern operating systems come with IPv6 fully functional. Third, you'll need to check whether 6to4 is available to you. It's very simple: just ping the IPv4 address 192.88.99.1. If you can successfully ping it, then you can use 6to4! And fourth, you must have a way to let your router recognize your external (public) IPv4 address as its own WAN IP. I have AT&T U-verse, so in my case, I just need to have the 2Wire gateway put my Tomato router in DMZ mode. Different ISPs and gateways/modems work differently, so YMMV.

Once you've verified the requirements, you'll need to flash your router. There are plenty of tutorials on how to do this in case it's not obvious. Also, I must add the mandatory warning that I AM NOT RESPONSIBLE for what you might do to your hardware or software and the issues it might cause. Flashing can be a dangerous procedure and you may end up with a bricked router. Don't say I didn't warn you. Flash it with a version of the Toastman compiles. I used "tomato-K26USB-1.28.7475.2MIPSR2-Toastman-RT-VPN.trx" for my Asus RT-N16. The default gateway is 192.168.1.1 and the default username/password combo is admin/admin.

After configuring your standard router settings, go to the Overview page and make sure "IP Address" under "WAN" shows your public IP. If it doesn't, then you'll need to figure out why and fix it. See above for what I did. Then go to the IPv6 page under the Basic section. Choose "6to4 Anycast Relay" and leave the rest of the fields as they are. Save the configuration.

Believe it or not, you're pretty much done. At this point, if you refresh your IPv6-ready computer's network settings (maybe do a DHCP release/renew just in case), you should have a public and fully functional IPv6 address. By default, Tomato blocks all TCP and UDP packets to your IPv6 devices. However, it doesn't block ICMPv6 Echo, otherwise known as Ping. If you want your router and your client computers to not receive IPv6 pings from the Internet, do the following. Go to the Scripts page under Administration, and select the Firewall tab. Add the following two lines to it:

ip6tables -I INPUT -i v6to4 -p icmpv6 --icmpv6-type echo-request -j DROP  
ip6tables -I FORWARD -i v6to4 -p icmpv6 --icmpv6-type echo-request -j DROP

The first line prevents the router from responding to pings from the Internet, and the second one does the same for all the clients. Save the configuration and reboot the router. Congratulations, you're done! Wasn't that easy?


About

Hi, I'm Sasha. On this site I blog about what's on my mind - be it a discussion of a news article, a rant, a project, or whatever else.

If you'd like to contact me, the easiest way to do so is via Twitter.

 
comments powered by Disqus