IPv6 on Fedora Core mini-HOWTO

Menu:

• Serial ATA
• IPv6
• DNS
• Current projects

Thanks to David Woodhouse for showing me how to do this. IPv6 appears to be very, very close to a Just Works(tm) state.

IPv6 automatic tunnelling ("6to4") is a method designed to ease the introduction of IPv6 into existing IPv4 networks. The designers of IPv6 created a special prefix, 2002, under which the entire IPv4 address space can be mapped, with enough address bits left over for 65,536 subnets behind the IPv4 address. A 6to4 host tunnels IPv6 packets over IPv4 to a special anycast prefix, which selects the closest IPv6 router, thus providing seamless connectivity to the IPv6 universe. No special setup required at the ISP at all.

These instructions are for Fedora Core 1 or 2 users, and describe how to set up IPv6 automatically tunnelling (6to4) on an IPv4 network. If you are stuck on an IPv4-only network (like most of us), this enables communication with IPv6 hosts quickly, easily, and transparently.

For further reading, Fedora users may investigate /usr/share/doc/initscripts-$ver/ipv6-6to4.howto and /usr/share/doc/initscripts-$ver/sysconfig.txt.

Debian users may look here for IPv6 setup information.

Windows users may look here for IPv6 setup information.

MacOS users may look here for IPv6 setup information. Also browse Evan Jones' IPv6 MacOS notes.

Simple setup

1. (Fedora Core 2 only) Append to /etc/sysconfig/network:

   NETWORKING_IPV6=yes
   IPV6_DEFAULTDEV=tun6to4
   

   (Fedora Core 1 only) Append to /etc/sysconfig/network:

   NETWORKING_IPV6=yes
   IPV6_GATEWAYDEV=tun6to4
   

2. Append to /etc/sysconfig/network-scripts/ifcfg-eth0:

   IPV6INIT=yes
   IPV6TO4INIT=yes
   

That's it! Recycle the network or reboot, and your previously IPv4-only network node is now up and running on IPv6.

Additional setup: firewall

If you have an iptables ipv4 firewall, you'll want to

1. allow ipv6 tunnelled packets to pass through to ip6tables, by allowing protocol 41

   iptables -A block -p 41 -j ACCEPT 
   

   ("block" is a custom chain on my firewall)

2. duplicate your ipv4 firewall rules for ipv6, using ip6tables. Some things, like masquerade, are not applicable to ipv6.

Additional setup: routing

If you have an ipv4 NATing firewall, which serves as a router for a local network, you'll want to set up radvd and routing rules, so that your hosts autoconfigure ipv6 automatically based on your router's advertisements, and also so that your hosts truly speak native ipv6 without tunneling [the router does the tunnel wrap/unwrap].

1. edit /etc/radvd.conf
   1. set "interface ethX" to reflect your router's local LAN interface (eth1 on my own firewall).
   2. comment out "example of a standard prefix" prefix {} block
   3. edit the line "prefix 0:0:0:1234::/64" and change "1234" to a network number of your choice. Note that the network number 110 is used in the examples below.
   4. edit line "Base6to4Interface ppp0" to reflect the interface doing the 6to4 tunnelling (eth0 on my own firewall).

2. add routing rules for the local network.

	# ip -6 route add 2002:184a:9ab9:110::/64 dev eth1
	# ip -6 addr add 2002:184a:9ab9:110::1 dev eth1

You can get the 2002:... address (your 6to4 address, formed from your ipv4 address) from your ifconfig. In this example, "eth1" is my local LAN interface. eth0 is the interface to my ISP (DSL modem).

Here is what my ifconfig output looks like, after everything is set up on my router/firewall:

eth0      Link encap:Ethernet  HWaddr 00:00:21:DE:DE:B5  
          inet addr:24.74.155.XXX  Bcast:255.255.255.255  Mask:255.255.248.0
          inet6 addr: fe80::200:21ff:fede:deb5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8759136 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2238155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1647432957 (1571.1 Mb)  TX bytes:166256535 (158.5 Mb)
          Interrupt:209 Base address:0x8c00 

eth1      Link encap:Ethernet  HWaddr 00:C0:9F:39:CD:B0  
          inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: 2002:184a:9ab9:110::1/128 Scope:Global
          inet6 addr: 2002:184a:9ab9:110:2c0:9fff:fe39:cdb0/64 Scope:Global
          inet6 addr: fe80::2c0:9fff:fe39:cdb0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9073144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10916350 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1820645725 (1736.3 Mb)  TX bytes:3611957866 (3444.6 
          Base address:0xece0 Memory:fe3e0000-fe400000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:440 errors:0 dropped:0 overruns:0 frame:0
          TX packets:440 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:54209 (52.9 Kb)  TX bytes:54209 (52.9 Kb)

tun6to4   Link encap:IPv6-in-IPv4  
          inet6 addr: 2002:184a:9ab9::1/16 Scope:Global
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:1520 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1614 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:886384 (865.6 Kb)  TX bytes:224041 (218.7 Kb)

Additional resources

• Read /usr/share/doc/initscripts-*/sysconfig.txt
• SixXS IPv6 deployment and tunnel broker. Very well maintained, highly reliable and on good networks.
• Avoid Hurricane Electric's tunnel broker, it's slow (overloaded?) and appears to be poorly routed.

---

Copyright © 2008 Jeff Garzik