SixXS::Sunset 2017-06-06
Username: Password:

FAQ : Connectivity (Tunnels and Subnets) : I have a firewall, what ports/protocols are used?

Other FAQ sections

I have a firewall, what ports/protocols are used?

Paranoid and want to seal everything off? Or are you behind a NAT and want to know what to expect? The following ports/protocols may be used by SixXS tunnels and their configuration tools.

Protocol/PortHostIPNameWhat does it do?NAT remarks
TCP 3874tic.sixxs.netIPv4TIC (Tunnel Information & Control Protocol)Used for retrieving the tunnel information (eg by AICCU)Uses TCP and should work without problems
UDP 3740PoPIPv4Heartbeat ProtocolUsed for signaling where the current IPv4 endpoint of the tunnel is and that it is aliveoutbound from user to PoP only
protocol 41PoPIPv4IPv6 over IPv4 (6in4 tunnel)Used for tunneling IPv6 over IPv4 (static + heartbeat tunnels)One needs to appoint the internal host as the DMZ host which usually lets it pass the NAT
UDP 5072PoPIPv4AYIYA (Anything In Anything)Used for tunneling IPv6 over IPv4 (AYIYA tunnels)Should cross most NAT's and even firewalls without any issues
ICMPv6 Echo/ResponseTunnel endpointsIPv6Internet Control Message Protocol for IPv6Used for testing if a tunnel is alive by pinging the tunnel endpoint (tunnel::2) from the PoP side of the tunnel (tunnel::1) on the tunnelnone, as it happens inside the tunnel

Policy circumvention

Note that we do not provide IPv6 connectivity to locations where the IPv6 tunnel would circumvent a local policy formed by for instance a firewall. Most corporate networks forbid forms of tunneling as this would open a channel over which an attack into their corporate network could take place as it bypasses the policies implemented in their firewalls. If you are in such a situation, don't try to circumvent your administrators policy but talk to them and try and get IPv6 connectivity setup together with them according to their policies, it is their network afterall, not yours.

Network administrators can easily block the usage of SixXS by blocking the above ports.

Not logged in.
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker