IPv6 on Fedora
After hearing about the activation
of IPv6 (AAAA) records for four of the root DNS servers I got very
curious about IPv6 and its current state of adoption. Well, it turns
out IPv6 may
not be the solutions to all Internet woes but we will have to learn to
live with it anyway.
And so I did. Like 99.999% percent of Internet users I don't have a
native IPv6 connection, but enabling a IPv6 tunnel on Fedora is very,
very easy. I decided for the simplest type of tunnel, called 6to4. This type of tunnel
is very convenient as I don't need to register it anywhere nor do I
need to ask permission to anyone. It is based on the kindness of
people that run 6to4 routers in the IPv4 Internet at the 192.88.99.1
anycast address. Usually people disregard this type of tunnel as being
slow, but routing from Brazil to the world is already so slow I found
the performance acceptable. Besides, there isn't much yet to do in the
current IPv6 Internet.
Enabling a 6to4 tunnel on Fedora is ridiculously simple. First put
the following lines in /etc/sysconfig/network:
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=tun6to4
IPV6FORWARDING=yes
The last line is only required if you are going to share the IPv6
connection with a local network. The rest of this recipe assumes you
are. Now find the configuration file for the interface connected to
the Internet. If it is eth1 the file should be
/etc/sysconfig/networking/devices/ifcfg-eth1. Put the
following lines there:
IPV6INIT=yes
IPV6TO4INIT=yes
IPV6_CONTROL_RADVD=yes
IPV6TO4_ROUTING="eth0-:1::1/64 wlan0-:2::1/64"
Once again, the last two lines are only required if you have a local
network you want to provide with IPv6 connectivity. If not, remove the
extra lines and you are set. Restart the interface and you are
connected to the IPv6 Internet! When using 6to4, probably due to the
performance concerns, Fedora prefers IPv4 addresses. So, go to a IPv6
only site (like http://www.ipv6.bieringer.de/)
to test it. And remember to define a IPv6 firewall. Your current
iptables firewall only covers IPv4, use ip6tables to create a IPv6
one.
A nice thing about this setup is that a 6to4 tunnel gives me a
whole /48 netblock based on my IPv4 address. So, no NAT in my local
IPv6 network! The last two lines
lines above allow the networking scripts to control the RADV daemon
and to create IPv6 addresses to other interfaces (besides the one you
are actually configuring). Just treat the /48 of your 6to4 address as
a prefix and create a /64 netblock for each interface. Create a
/etc/radvd.conf file with an entry like this for each
interface:
interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2002:XXXX:XXXX:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
Where 2002:XXXX:XXXX is your automatically configured 6to4
adress. Start RADV daemon and the hosts in you internal network should
receive an automatically generated address.
For me, the next step would be to do the same to this site and add
a little bit more content to the IPv6 Internet. Unfortunately, the Xen
kernel used by my VPS provider doesn't support stateful iptables
support for IPv6. I though IPv6 support on Linux was a done deal, but
this critical functionality was only added about and year ago in
kernel 2.6.20. It seems IPv6 may be a bit farther in the future than I
expected. But it was surely fun to set it up anyway.
Syndicated 2008-02-25 22:27:45 from Gustavo M. D. Vieira