SixXS::Sunset 2017-06-06

Server behind FritzBox
[de] Shadow Hawkins on Friday, 12 July 2013 09:51:39
After having the first tunnel up and running on a debian box routing the company net I would like to imply sixx setup in my home LAN, too. However, the setup there is a littel more tricky :(. I use a FritzBox (7270, newest FW) as gateway, only (expect DECT phone). DNS/DHCP (4) is done by a Debian server behind the FritzBox. As I am much more familiar with the linux CLI that with the FritzBox webinterface I would prefer to keep control of DNS/DHCP/RADVD on the server. Due to limitations I learned from the wiki: ---cut--- Enabling IPv6 will (firmware 54.04.86) unconditionally enable a DHCPv6 server on the Fritz!Box. ---cut--- I suppose it would be best to pass the Fritzbox transparently and end the tunnel on my server. I am on a cable modem line at home with (nearly, reboots of modem, seldom, every 3-4 month IP change initiated by ISP) fix IP4 address. Nonetheless I would prefer heartbeat instead of static here, but I am not sure if it will work at all. The server itself (while running 24/7) is standing behind the FritzBox and therefore lack in routeable IP4 address ... problem? Does it last to pass tcp 3847 of the FritzBox to the Server? What about protocol 41 packets? IIRC, there is no chance to configure passthrough based on the protocol in the Fritzbox, is it? Any any other advice greatly appreciated. - TIA.
Server behind FritzBox
[ch] Jeroen Massar SixXS Staff on Friday, 12 July 2013 14:30:25
The server itself (while running 24/7) is standing behind the FritzBox and therefore lack in routeable IP4 address ... problem?
Fritz!Box'es can be configured to forward to be in "DMZ-mode", if that allows it to forward packets to a host behind it is not known to me though. Otherwise AYIYA works fine behind most types of NATs.
Does it last to pass tcp 3847 of the FritzBox to the Server?
I have no idea what: "msfw-control 3847 tcp MS Firewall Control" Has to do with tunnelling in relation to SixXS, can you clarify what you are trying to accomplish?
What about protocol 41 packets?
IIRC, there is no chance to configure passthrough based on the protocol in the Fritzbox, is it? As above, there is a small change it might work.
Server behind FritzBox
[de] Shadow Hawkins on Thursday, 08 August 2013 09:02:03
Jeroen Massar wrote:
I have no idea what: "msfw-control 3847 tcp MS Firewall Control" Has to do with tunnelling in relation to SixXS, can you clarify what you are trying to accomplish?
Sorry for dealy ... holiday season here ;). I thought I have to forward this port from router as the firewall FAQ here learned me: ---cut FW-FAQ @ https://www.sixxs.net/faq/connectivity/?faq=firewalled--- TCP 3874 tic.sixxs.net IPv4 TIC (Tunnel Information & Control Protocol) Used for retrieving the tunnel information (eg by AICCU) Uses TCP and should work without problems ---cut--- I understand this as: If I want to pass the FritzBox transparently, I will have to forward its TCP 3874 to the tunnel end ... Worng?
Server behind FritzBox
[ch] Jeroen Massar SixXS Staff on Thursday, 08 August 2013 10:11:38
"msfw-control 3847 tcp MS Firewall Control"
---cut FW-FAQ @ https://www.sixxs.net/faq/connectivity/?faq=firewalled---
TCP 3874
Note that 3874 != 3847 there is difference of 27 in those numbers.
I understand this as: If I want to pass the FritzBox transparently, I will have to forward its TCP 3874 to the tunnel end ... Worng?
Very wrong, that article is about firewalling and thus allowing packets to be forwarded, it states nothing about "port forwarding". If you have a properly configured NAT that handles TCP/UDP nothing needs to be changed unless you chose to firewall things off. Note that all connections are initiated outbound, thus most standard firewalls that will do connection tracking should just work too.
Server behind FritzBox
[de] Shadow Hawkins on Friday, 06 September 2013 07:44:05
Jeroen Massar wrote:
Note that 3874 != 3847
My fault: Typo + unable to see it after review :(
there is difference of 27 in those numbers.
ACK ;)
Very wrong, that article is about firewalling and thus allowing packets to be forwarded, it states nothing about "port forwarding". If you have a properly configured NAT that handles TCP/UDP nothing needs to be changed unless you chose to firewall things off. Note that all connections are initiated outbound, thus most standard firewalls that will do connection tracking should just work too.
OK, got it. THX.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker