Configurando IPv6 en mi casa: Usando 6to4 y DD-WRT
10 Noviembre, 2008 - 01:34 — Roque GaglianoHola,
Les quería pasar cómo configuré IPv6 con 6to4 en mi casa usando el "tunnel broker" de ANTEL.
Tengo un ASUS WL-500W
Aqui van los pasos:
1) instalar version de dd-wrt-24 con ipv6 habilitado. Bajandolo de:
http://www.crushedhat.com/downloads/DD-WRT/
2) en la Pantalla: Administration/Management:
a) "Enable IPv6"
b) "Enable Radvd"
c) Radvd config:
interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1280;
AdvSendAdvert on;
prefix 0:0:0:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
Base6to4Interface ppp0;
};
};
3) En la pantalla Administration/Commands escribir:
sleep 5
WANIP=$(ip -4 addr show dev ppp0 | awk '/inet/ {print $2}' | cut -d/ -f1)
if [ -n "$WANIP" ]
then
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
ip link set tun6to4 mtu 1280
ip link set tun6to4 up
ip addr add $V6PREFIX:0::1/48 dev tun6to4
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
kill -HUP $(cat /var/run/radvd.pid)
fi
Salvar con "Save Startup"
4) ANTEL cambia de direccion IPv4 de tiempo en tiempo y en particular cuando se desconecta el equipo, así que voy a colocar en el cron (yo lo puese cada 1 minutos) el siguiente script:
--------------
#!/bin/sh
# Primero chequeo si la interfaz WAN cambio:
WANIP=$(ip -4 addr show dev ppp0 | awk '/inet/ {print $2}' | cut -d/ -f1)
IPv4tun=$(ip -6 addr show dev tun6to4 | awk '/inet6/ {print $2}' | grep -e "^::" | cut -d/ -f1 | cut -d: -f3)
if [ -n "$WANIP" ]; then
if [ -n "$IPv4tun" -a $WANIP != $IPv4tun ] || [ ! -n "$IPv4tun" ]; then
# Elimino el tunel actual para borrar las direcciones.
if ifconfig | grep tun6to4 > /dev/null; then
ip tunnel del tun6to4
fi
# Elimino direcciones de la interfaz LAN
LANIPv6=$(ip -6 addr show dev br0 | awk '/inet6/ {print $2}' | grep -e "^2002:")
if [ -n "$LANIPv6" ]; then
for i in $LANIPv6; do
ip addr del $i dev br0
done
fi
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
ip link set tun6to4 mtu 1280
ip link set tun6to4 up
ip addr add $V6PREFIX:0::1/48 dev tun6to4
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
kill -HUP $(cat /var/run/radvd.pid)
fi
fi
--------------
Para eso:
a) Hacer ssh al equipo.
b) grabar un archivo script6to4.sh con el script en la memoria flash: /jffs y darle derechos de ejecucion.
c) en la pantalla Administration/Management habilitar el Con y agregar: */1 * * * * root /jffs/script6to4.sh
5) IP6TABLES:
Ejecutar los siguientes comandos, para deshabilitar las conexiones entrantes tcp. Al parecer el ip6tables no es "statefull" en DD-WRT, tengo que trabajar mas en esto...
insmod ip6t_REJECT
ip6tables -F
ip6tables -A FORWARD -i tun6to4 -p tcp --syn -j DROP
ip6tables -A INPUT -i tun6to4 -p tcp --syn -j DROP
Estos comandos tambien hay que grabarlos en el "Startup" com el mismo mecanismo que 3), por lo que el script de arranque tiene la siguiente forma:
-----------------
sleep 5
WANIP=$(ip -4 addr show dev ppp0 | awk '/inet/ {print $2}' | cut -d/ -f1)
if [ -n "$WANIP" ]
then
V6PREFIX=$(printf '2002:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP
ip link set tun6to4 mtu 1280
ip link set tun6to4 up
ip addr add $V6PREFIX:0::1/48 dev tun6to4
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4
kill -HUP $(cat /var/run/radvd.pid)
fi
ip6tables -F
ip6tables -A FORWARD -i tun6to4 -p tcp --syn -j DROP
ip6tables -A INPUT -i tun6to4 -p tcp --syn -j DROP
-----------------
6) Pruebas desde el router:
Aqui algunas pruebas:
root@home:/jffs# traceroute6 www.antelv6.net.uy
traceroute to www.antelv6.net.uy (2800:a0:2:102::123) from 2002:be00:840e::1, 30 hops max, 16 byte packets
1 2002:c058:6301::1 (2002:c058:6301::1) 22.67 ms 89.384 ms 136.112 ms
2 2800:a0:4:2::19 (2800:a0:4:2::19) 151.61 ms 20.022 ms 19.945 ms
3 2800:a0:0:a::12 (2800:a0:0:a::12) 330.679 ms 21.609 ms 87.155 ms
4 2800:a0:2:2::a (2800:a0:2:2::a) 23.17 ms 23.737 ms 18.962 ms
5 2800:a0:2:2::a (2800:a0:2:2::a) 19.655 ms !S 21.77 ms !S 19.455 ms !S
root@home:/jffs#
root@home:/jffs# ifconfig
br0 Link encap:Ethernet HWaddr 00:1F:C6:21:5F:59
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2002:be00:840e:1::1/64 Scope:Global
inet6 addr: fe80::21f:c6ff:fe21:5f59/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11974 errors:0 dropped:0 overruns:0 frame:0
TX packets:11612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1232751 (1.1 MiB) TX bytes:6224932 (5.9 MiB)
br0:0 Link encap:Ethernet HWaddr 00:1F:C6:21:5F:59
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:1F:C6:21:5F:59
inet6 addr: fe80::21f:c6ff:fe21:5f59/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:440 errors:0 dropped:0 overruns:0 frame:0
TX packets:612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69492 (67.8 KiB) TX bytes:83936 (81.9 KiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 00:1F:C6:21:5F:5A
inet6 addr: fe80::21f:c6ff:fe21:5f5a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2269 errors:0 dropped:0 overruns:0 frame:0
TX packets:2287 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:1000
RX bytes:1580121 (1.5 MiB) TX bytes:586076 (572.3 KiB)
Interrupt:5
eth2 Link encap:Ethernet HWaddr 00:1F:C6:21:5F:5B
inet6 addr: fe80::21f:c6ff:fe21:5f5b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11517 errors:2 dropped:0 overruns:0 frame:12101
TX packets:11500 errors:22 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1330861 (1.2 MiB) TX bytes:6340639 (6.0 MiB)
Interrupt:2 Base address:0x4000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3970 (3.8 KiB) TX bytes:3970 (3.8 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:190.0.132.14 P-t-P:200.40.19.67 Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:1928 errors:0 dropped:0 overruns:0 frame:0
TX packets:1924 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1504637 (1.4 MiB) TX bytes:484384 (473.0 KiB)
tun6to4 Link encap:IPv6-in-IPv4
inet6 addr: 2002:be00:840e::1/48 Scope:Global
inet6 addr: ::190.0.132.14/128 Scope:Compat
UP RUNNING NOARP MTU:1280 Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2915 (2.8 KiB) TX bytes:2104 (2.0 KiB)
root@home:/jffs#
root@home:/jffs# traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2001:4860:0:2001::68) from 2002:be00:840e::1, 30 hops max, 16 byte packets
1 2002:c058:6301::1 (2002:c058:6301::1) 22.811 ms 20.887 ms 21.179 ms
2 2800:a0:4:1::19 (2800:a0:4:1::19) 19.291 ms 21.54 ms 19.938 ms
3 2800:a0:4:1::2 (2800:a0:4:1::2) 19.404 ms 20.425 ms 21.211 ms
4 2001:41a8:4020:2::d (2001:41a8:4020:2::d) 312.163 ms 312.056 ms 311.429 ms
5 2001:504:0:2:0:1:5169:1 (2001:504:0:2:0:1:5169:1) 312.858 ms 362.055 ms 313.909 ms
6 2001:504:0:2:0:1:5169:1 (2001:504:0:2:0:1:5169:1) 314.608 ms 318.452 ms 314.867 ms
7 * * *
8 2001:4860:0:2001::68 (2001:4860:0:2001::68) 314.477 ms 318.186 ms 314.67 ms
root@home:/jffs#