IPv6, HE Tunnel, and /etc/network/interfaces
The loopback interface
auto lo
iface lo inet loopback
Configuration for eth0 and aliases
This line ensures that the interface will be brought up during boot.
auto eth0 eth0:0
eth0 - This is the main IP address that will be used for most outbound connections.
The address, netmask and gateway are all necessary.
iface eth0 inet static
address 173.230.xxx.xxx
netmask 255.255.255.0
gateway 173.230.xxx.1
eth0:0 - Private IPs have no gateway (they are not publicly routable) so all you need to
specify is the address and netmask.
iface eth0:0 inet static
address 192.168.xxx.xxx
netmask 255.255.128.0
````
13 Replies
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 97.107.134.213
netmask 255.255.255.0
gateway 97.107.134.1
# This is for an IP in the routed /64.
iface eth0 inet6 static
address 2001:470:1f07:f41::dead:beef
netmask 64
auto eth0:1
iface eth0:1 inet static
address 192.168.137.246
netmask 255.255.128.0
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:1f06:f41::2
netmask 64
endpoint 209.51.161.14
local 97.107.134.213
gateway 2001:470:1f06:f41::1
ttl 64
Note the IP in eth0… this is an address in the routed /64, used for outgoing connections, such that the reverse IP can be set away from the default one for the point-to-point /64.
@hoopycat:
Here's mine:
Interesting. I do a lot more with mine, mainly because Ubuntu (in my experience) eventually begins complaining about no buffer space being available after enough networking restarts. I tracked it down to a crappy error message coming out of the stack in the kernel, and then couldn't be bothered to go much further.
Here's my router at home:
auto he0
iface he0 inet6 v4tunnel
endpoint 209.51.161.14
local 98.225.x.x
ttl 255
address 2001:470:1f06:86a::2
netmask 64
mtu 1480
up ip6tables-restore /etc/firewall6.conf
# Kill
down ip -6 tunnel del he0
I'm probably doing it wrong, but it works and I don't feel like screwing with it. There's a bridge and all kinds of other goodness in there.
Does your configuration set up routing correctly? I could never get mine to do so without an up/down route add/del.
I used to have an up/down for adding routes, but commented it out awhile back with no deleterious effects:
# commented out 2010/04/10 by rtucker, from advice on #linode:
# danieldg the reason for 2000::/3 from #ipv6 topic: manual defaultroute broken in 2.6.20.[5..13], 2.6.21.[0..4], RHEL/CentOS 5.[012], use 2000::/3 or update
#up ip -6 route add 2000::/3 dev he-ipv6
#down ip -6 route flush dev he-ipv6
But yeah, the routing goes in OK out of the box.
modules=( "iproute2" )
config_eth0=( "74.207.244.17/24" "74.207.244.169/24" "192.168.141.153/17" )
# linoder's I got lucky because both my ip addresses are on the same subnet ;) you may need another entry
# like "default via 74.x.x.1 metric 2" but not outgoing traffic will go out the interface with the lower metric
routes_eth0=( "default via 74.207.244.1" )
fallback_eth0=( "dhcp" )
# loopback is set up for you by gentoo scripts. configuration optional
#config_lo=( "127.0.0.1/8" "::1")
#coo hiddern network - stop leakage to wan. Private
config_dummy0=( "172.16.31.254/20" "2001:470:1f05:430:ef1b::ffff/64" "2001:470:83de:c00:ffff:ffff:ffff:ffff/48" )
modules_hetunnel=("iptunnel")
depend_hetunnel() {
need net.eth0
}
iptunnel_hetunnel=("mode sit remote 72.52.104.74 local 74.207.244.17 ttl 255")
config_hetunnel=("2001:470:1f04:430::2/64")
routes_hetunnel=( "2000::/3 dev hetunnel metric 0" "::/0 dev hetunnel metric 1")
modules_pub6tun0=("iptunnel")
depend_() {
need net.eth0
}
# when i set up this alternate way of setting up ip6 addresses HE.net in fremont weren't providing this service on multicast addr
# but now they are - so there are two ways to get your ip6 addresses nice and quick.
iptunnel_pub6tun0=("mode sit remote any local 74.207.244.17 ttl 255")
config_pub6tun0=( "2002:4acf:f411::ef1b/48" )
routes_pub6tun0=( "2000::/3 via ::192.88.99.1 dev pub6tun0 metric 200" )
modules_pub6tun1=("iptunnel")
depend_pub6tun1() {
need net.eth0
}
iptunnel_pub6tun1=("mode sit remote any local 74.207.244.169 ttl 64")
config_pub6tun1=("2002:4acf:f4a9::c00/48")
routes_pub6tun1=( "2000::/3 via ::192.88.99.1 dev pub6tun1 metric 300" )
# doesn't work like the howto's say. It's broken :P
#depend_6to4() {
# need net.eth0
#}
#link_6to4="eth0"
#RC_NEED_6to4="net.eth0"
#config_6to4=("ip6to4")
Yes Sabayon 5.2 works on linode.
You can install it by unzipping a squashfs image and cleaning out some install cruft. What is better is using it as gentoo and using entropy (equo) to push out your gentoo binaries to other hosts. I recommend gentoo-ers upgrade by using layman -a sabayon, emerge entropy equo entropy-server and seeing it's much better than using Gentoo's binary packages. I have a i7 intel core optomized version of Sabayon for anyone who is interested (perfect for linode hardware).
I have followed the /etc/network/interfaces example from
However, the tunnel keeps vanishing which is not what I want. As I can't have a native address, that tunnel needs to stay up for ever.
The problem would appear to be some sort of timeout, as far as I can see. If I don't make an inbound IPv6 connection for a short time, I can't ping6/otherwise connect IN. However, if I ping6 OUT (generally to ipv6.he.net,) I can then ping6 IN again.
Didn't know if the TTL line in the example interfaces file had any bearing on it, so I removed it. No difference.
Ideas, anyone?
UPDATE: I have run ifconfig on the interface both whilst it is and is not accepting inbound connections. Entries are identical, barring the data conuters.
auto 6in4
iface 6in4 inet6 v4tunnel
endpoint <he ipv4="">local <my ip="">ttl 255
address <my tunnel="" end="">netmask 64
mtu 1480
up ip -6 route add ::/0 dev 6in4 metric 1
post-up sysctl -w net.ipv6.conf.all.forwarding=1
up ip -6 addr add <my 64="">::/64 dev eth0</my></my></my></he>
The forwarding line is likely not needed for what you want it for.
@smiffy:
Not sure whether I should start a new thread on this, but since it's relevant to the discussion, here goes:
…
I saw your post over at tunnelbroker.net
The resolution is:
iptables -A INPUT -s XXXXXXXX/32 -p ipv6 -j ACCEPT
…where XXXXXXXX is listed as "Server IPv4 address" under "IPv6 Tunnel Endpoints."
Note that this is the SAME rule quoted on the TunnelBroker forum - this is just how iptables-save dumps it out.
Kudos to @jimb for this solution.
@smiffy:
I set up the firewall rule about an hour ago and disabled the keep-alive cron job - it appears to work.
The resolution is:
iptables -A INPUT -s XXXXXXXX/32 -p ipv6 -j ACCEPT
…where XXXXXXXX is listed as "Server IPv4 address" under "IPv6 Tunnel Endpoints."
Note that this is the SAME rule quoted on the TunnelBroker forum - this is just how iptables-save dumps it out.
Kudos to @jimb for this solution.
Good to know! I had something similar to that because I also had to forward protocol 41 in my home router. Now I see the source bit (-s XXXXXXXX), but if you know the exact address of the IPv4 server would you need the slash 32?
Important: setting this rule means that inbound IPv6 is now bypassing your IPv4 firewall. You will need to duplicate your iptables settings with ip6tables, so you will have an IPv6 firewall too.
@smiffy:
… You will need to duplicate your iptables settings with ip6tables, so you will have an IPv6 firewall too.
Yeah, did it!
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 173.230.xxx.xxx
netmask 255.255.255.0
gateway 173.230.xxx.1
iface eth0 inet6 static
address 2001:470:1f05:ffff::aaaa
netmask 64
auto eth0:1
iface eth0:1 inet static
address 192.168.xxx.xxx
netmask 255.255.128.0
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint 72.52.xxx.xxx
local 173.230.xxx.xxx
address 2001:470:1f04:ffff::2
gateway 2001:470:1f04:ffff::1
ttl 255
netmask 64
mtu 1480
Thanks to all previous posters for helping me put this configuration together!