SixXS::Sunset 2017-06-06

WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[de] Carmen Sandiego on Thursday, 29 January 2004 00:09:56
Hello ipv6-gurus :-) I just bought a Linksys WRT54G-router which is running linux. Of course I've upgraded the firmware to a custom 'hacked' one that brings additional features with it. (Firmware_Samadhi2_v2_2.00.8.6sv.bin) The wrt54g itself doesn't support ipv6. I'd like to establish a 6to4 tunnel between my windows xp-machine (192.168.0.100) that is sitting behind the wrt54g(192.168.0.1) and sixxs. Can someone tell me please which iptables-rules need to be set? As far as I know protocol 41 needs to be forwarded, right? Thanks for your help in advance. by the way: I've attached my current iptables-configuration # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere state NEW ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere state INVALID TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU lan2wan all -- anywhere anywhere logaccept all -- anywhere 192.168.0.100 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED logaccept all -- anywhere anywhere state NEW DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain advgrp_1 (0 references) target prot opt source destination Chain advgrp_10 (0 references) target prot opt source destination Chain advgrp_2 (0 references) target prot opt source destination Chain advgrp_3 (0 references) target prot opt source destination Chain advgrp_4 (0 references) target prot opt source destination Chain advgrp_5 (0 references) target prot opt source destination Chain advgrp_6 (0 references) target prot opt source destination Chain advgrp_7 (0 references) target prot opt source destination Chain advgrp_8 (0 references) target prot opt source destination Chain advgrp_9 (0 references) target prot opt source destination Chain grp_1 (0 references) target prot opt source destination Chain grp_10 (0 references) target prot opt source destination Chain grp_2 (0 references) target prot opt source destination Chain grp_3 (0 references) target prot opt source destination Chain grp_4 (0 references) target prot opt source destination Chain grp_5 (0 references) target prot opt source destination Chain grp_6 (0 references) target prot opt source destination Chain grp_7 (0 references) target prot opt source destination Chain grp_8 (0 references) target prot opt source destination Chain grp_9 (0 references) target prot opt source destination Chain lan2wan (1 references) target prot opt source destination Chain logaccept (2 references) target prot opt source destination LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT ' ACCEPT all -- anywhere anywhere Chain logdrop (0 references) target prot opt source destination LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP ' DROP all -- anywhere anywhere Chain logreject (0 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROP ' REJECT tcp -- anywhere anywhere tcp reject-with tcp-reset #
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[nl] Carmen Sandiego on Friday, 13 August 2004 09:34:53
Hello people, I've the same router, the WRT54G from linksys, first it didn't worked either, but now it does... Just look at this: https://noc.sixxs.net/faq/ipv6/?faq=coolthings Download the NT6TUNNEL and make a batch-file... how to do the rest you can find on that page... Greetz, Youri
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[de] Shadow Hawkins on Thursday, 29 January 2004 19:07:11
could you do a iptables -t nat -L too? try iptables -t nat -I PREROUTING -p 41 -j DNAT --to-destination tunnel.endpoint.ip.address iptables -I FORWARD -p 41 -j ACCEPT the first rule does port forwarding, the second one allows the traffic to pass. The rules could be refined for better security. If you already have DMZ host active, this might not be necessary
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[ch] Jeroen Massar SixXS Staff on Thursday, 29 January 2004 23:53:11
s/port/protocol/ ;)
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[de] Shadow Hawkins on Saturday, 31 January 2004 10:24:51
-p, --protocol [!] protocol The protocol of the rule or of the packet to check. The speci- fied protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a dif- ferent one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted.
so -p is indeed for "protocol", not port.
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[nl] Shadow Hawkins on Friday, 30 January 2004 00:20:45
I am sorry but you made a mass with that rules O-) or it was already so. If you turn off the firewall it almost would not make any differences. :o Just typing this rule will do for ipv6 assuming you do not use ip6tables: iptables -I INPUT 1 -p 41 -j ACCEPT But you can better start with flushing and deleting all user made chains and then find a basic iptables rules from internet. You can add the above rule to it for ipv6 if needed. Which rules are needed depends on your network setup and more.
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[de] Shadow Hawkins on Saturday, 31 January 2004 10:28:58
He needs to forward proto 41 from his DSL/cable router which is running Linux to a real box which can handle IPv6 tunnels. The WRT54G doesn't have support for IPv6 tunnel endpoints for now ( I might decide to patch the firmware some time later as source code is available)
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[ch] Jeroen Massar SixXS Staff on Saturday, 31 January 2004 12:27:11
I would definitly go for patching the firmware if that was possible: native IPv6 from your gate ;)
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[de] Shadow Hawkins on Saturday, 31 January 2004 23:28:03
In theory this should be possible. At my first try I got IPv6 support but radvd had problems. Testing tunnels and heartbeat-client would be after this on my TODO list. Unfortunately there are different reasons that work on that is suspended until at least April
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[ch] Jeroen Massar SixXS Staff on Sunday, 01 February 2004 02:04:04
The heartbeat client should be able to run. If you get this to work btw I'd suggest you put up a complete easy tarball or at least the instructions as I guess many more people are interrested in this.
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[fi] Shadow Hawkins on Sunday, 01 February 2004 14:27:36
I have compiled couple of programs to openwrt project (openwrt.sf.net). I also compiled zebra because I didn't get radvd work under uclibc. Programs are located at http://hiekka.kuutio.org/openwrt/ and there is also heartbeat-client. It's same that ecmh didn't compile under uclibc. I got following then trying: make[1]: Entering directory `/usr/src/ecmh/src' mipsel-uclibc-gcc -W -Wall -Wno-unused -D_GNU_SOURCE -D'ECMH_VERSION="2004.01.11"' -O9 -c -o ecmh.o ecmh.c ecmh.c: In function `mld_send_query': ecmh.c:160: `IP6OPT_PADN' undeclared (first use in this function) ecmh.c:160: (Each undeclared identifier is reported only once ecmh.c:160: for each function it appears in.) ecmh.c: In function `mld_send_report': ecmh.c:217: `IP6OPT_PADN' undeclared (first use in this function) ecmh.c: In function `l3_ipv6': ecmh.c:610: dereferencing pointer to incomplete type ecmh.c:613: dereferencing pointer to incomplete type ecmh.c:579: warning: `l' might be used uninitialized in this function make[1]: *** [ecmh.o] Error 1 make[1]: Leaving directory `/usr/src/ecmh/src' make: *** [all] Error 2
WRT54G as a gateway/nat-box for a 6to4-tunnel to sixxs
[ch] Jeroen Massar SixXS Staff on Sunday, 01 February 2004 15:33:52
That simply is because of old kernel header files. /usr/include/netinet/ip6.h contains: /* Special option types for padding. */ #define IP6OPT_PAD1 0 #define IP6OPT_PADN 1 Upgrading the header files should be sufficient to compile ecmh. If you have any other problems/suggestions that are not yet on the ecmh page, don't hesitate to contact me and mention them. I wonder why you see the line 579 uninitialiazed though but that could be because of the missing IP6OPT_PADN.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker