A SECOND LIFE FOR THE LINKSYS PArt 2 By Michiel van der Vlist, 2:280/5555 Last week I described how to set up a 6in4 tunnel on the Linksys WRT54GL. This article describes how to provide IPv6 connectivity to your machines connected to the LAN. First you have to enable IPv6 on your systems if it isn't already. Go to the command line and type "Ipconfig" for Windows or "ifconfig" for *nix. If you see an address that starts with fe80:: then IPv6 is ena- bled. That address is a so called link local address. Windows XP SP2/3 is IPv6 capable, but it is not enabled by default. From an account with administrator rights type "IPV6 INSTALL" on the command line to enable it. IPv6 has a mechanism called "router advertisements". A router announces itself on the local link by regularly sending out router advertisements to all nodes on the local link. A node that needs router information can also send out a router sollicitaion message to have all routers on the link send out a router advertisement message instead of waiting for the next broadcast. The router adverisement contains, among other thing, the subnet prefix to be used by the nodes on the local link. There is a mechanism called "prefix delegation" to let a router be assigned a subnet from its uplink, but this mechanism is not supported by the he.net and sixxs tunnels and AFAIK, openwrt does not support it either, so the subnet has to be configured manually. The he.net tunnels come with a /64 subnet by default, sixxs gives you a /48 on request. Note that the subnet address and the tunnel address are not the same. The tunnel address also uses a full /64, but that can not be used a a subnet. Use cut and paste for the addresses if you can. a typo is easily made you will have a hard time finding the error if it does not work. Go to the file /etc/config/network and find the following section: [code] #### LAN configuration config interface lan option type bridge option ifname "eth0.0" option proto static option ipaddr 192.168.1.1 option netmask 255.255.255.0 [/code] Add the following lines: [code] # add the subnet prefix to the LAN interface option ip6addr 2001:470:1f15:1117::1/64 [code] Do not ommit the /64, it won't work without it. For the address use the one that the tunnel broker gave you as the subnet prefix. If you have a /48 use any /64 within the /48 range. We also need to tell the firewall to forward packets from the LAN to the tunnel. Add the following section to /etc/config/firewall [code] # Forwarding van lan naar de he.net tunnel config forwarding option src lan option dst henet [/code] That completes the basic setup to have all your machines on the LAN access the IPv6 internet. They should all get a at least one global IPv6 address and you should be able to make outgoing IPv6 connections. Surf to http://www.kame.net. If you see the turtke dance, you have IPv6. Surf to http://www.test-ipv6.com to see more details about your IPv6 connection. That site BTW, is run by a former FideNet sysop: Jason Fesler, the author of GIGO. Other useful test sites are ipv6-test.com and ipv6-speedtest.net. This completes the setup for client use. The OpenWrt firewall - as any decent firewall should - blocks all unsolicited incoming packets by default. If you wish to run IPv6 capable servers on any of your systems, you have to open the required ports and enable IPv6 forwar- ding. I have not experimented with that yet. You can find the infor- mation on the the official openwrt site, where you can find almost all of the information on how to play with your new toy. http://openwrt.org Enjoy. ¸ Michiel van der Vlist, all rights reserved. Permission to publish in the FIDONEWS file scho and the FIDONEWS discussion echo as originating from 2:2/2