User Tools

Site Tools


topics:raspberrypi:ipv6gateway

Pi as an IPv6 gateway using SixXS

Currently we don't have IPv6 at the office, an in the current state of the internet there's no need to: there's no exclusive IPv6 content available.

So why bother? Just for fun! And it's easy!

Have your Raspberry IPv6 connected to the internet

Step 1: request an IPv6 tunnel

You can request an IPv6 tunnel at SixXS. You have to register and fill out some web forms to request your IPv6 tunnel. After a few days you'll receive notice of your new tunnel. Meanwhile you can process some of th efollowing steps.

Step 2: Enable IPv6

Now you have to enable IPv6 on your Pi, this is described on this page.

Step 3: Install AICCU

AICCU is the Automatic IPv6 Connectivity Client Utility, see also the AICCU page at SixXS. To install AICCU on your Pi is easy, execute the following:

sudo apt-get install aiccu

Step 4: Configure AICCU

After you received notice of your SixXS tunnel, you have to configure /etc/aiccu.conf:

sudo nano /etc/aiccu.conf

Follow SiXXS directions on editing this file.

Step 5: start AICCU

Now (re)start AICCU so the config will be active:

sudo service aiccu restart

There you have it: your Raspberry Pi has an IPv6 connection to the internet, try:

ping6 www.google.com

The Raspberry Pi has a new network interface aiccu for it's IPv6 connection:

ifconfig aiccu

Now it would be interresting of course to have all your PC's connected to the internet…

Have your PC's IPv6 connected to the internet

Step 1: lookup your IPv6 subnet

Lookup your IPv6 subnet associated with your SixXS tunnel at SixXS. It looks (somewhat) like 2001:18fa:fd00:37f0::/64.

Step 2: Assign an IPv6 IP address to eth0

Now assign one IP adress in the subnet to your eth0 interface, e.g. 2001:18fa:fd00:37f0::1. This can be done by adding the following lines to your Raspberry's /etc/network/interfaces file . On the command line:

sudo edit /etc/network/interfaces

Add the following lines (fill in your own IP address!):

iface eth0 inet6 static
address 2001:18fa:fd00:37f0::1
netmask 64

Step 3: install radvd

Now install radvd, execute following command:

sudo apt-get install radvd

Step 4: configure radvd

Configure radvd by editing the /etc/radvd.conf file:

sudo nano /etc/radvd.conf

Make the contents of the file like this (again: fill in your own IP address!):

interface eth0 {
      AdvSendAdvert on;
      AdvManagedFlag on;
      AdvOtherConfigFlag on;
      AdvLinkMTU 1280;
      MinRtrAdvInterval 3;
      MaxRtrAdvInterval 4;
      prefix 2001:18fa:fd00:37f0::1/64 {
            AdvOnLink on;
            AdvAutonomous on;
            AdvRouterAddr on;
      };
};

step 5: start radvd

Now (re)start radvd to activate the new configuration:

sudo service radvd restart

Now the magic should happen: all your IPv6 enabled devices suddenly have an IPv6 connection to the internet. This can be checked by browsing to http://ipv6.google.com.

Firewalling

An issue now is the fact that you have an open connection to the internet! You need an iptables firewall on your Raspberry Pi to address this issue.

  • step 1: You should add the following lines to the /etc/rc.local file (Check that these lines are before any exit 0 line, otherwise they won't be executed!!):
/sbin/ip6tables -F

/sbin/ip6tables -A INPUT -m state --state RELATED,ESTABLISHED    -j ACCEPT
/sbin/ip6tables -A INPUT -m state --state INVALID                -j DROP
/sbin/ip6tables -A INPUT -i aiccu -p icmpv6                      -j ACCEPT
/sbin/ip6tables -A INPUT -i aiccu --log-prefix ip6tables:DROP:   -j LOG
/sbin/ip6tables -A INPUT -i aiccu                                -j DROP

/sbin/ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED  -j ACCEPT
/sbin/ip6tables -A FORWARD -m state --state INVALID              -j DROP
/sbin/ip6tables -A FORWARD -i aiccu --log-prefix ip6tables:DROP: -j LOG
/sbin/ip6tables -A FORWARD -i aiccu                              -j DROP
  • step 2: execute the rc.local script manually: enter /etc/rc.local on the commandline.
  • step 3: check the firewall is there by running ip6tables -L -n, this should render the following output:
Chain INPUT (policy ACCEPT)
target     prot opt source destination         
ACCEPT     all      ::/0   ::/0        state RELATED,ESTABLISHED
DROP       all      ::/0   ::/0        state INVALID
ACCEPT     icmp     ::/0   ::/0                
DROP       all      ::/0   ::/0                

Chain FORWARD (policy ACCEPT)
target     prot opt source destination         
ACCEPT     all      ::/0   ::/0        state RELATED,ESTABLISHED
DROP       all      ::/0   ::/0        state INVALID
DROP       all      ::/0   ::/0                

Chain OUTPUT (policy ACCEPT)
target     prot opt source destination         
topics/raspberrypi/ipv6gateway.txt · Last modified: 2013/01/12 23:01 by rolf