Jeff Forman put up a blog post on his website detailing how he got the Comcast IPV6 working through the trial. His setup explains exactly how to do this if you’re trying to get it to work on a Linux box, but not how to do this on your router and put it through your entire network. I’m running the custom DD-WRT build by crushedhat that gets IPV6 working, and have been using it with a HurricaneElectric tunnel for awhile. With the help of my friend whfsdude on Mozor I’ve been able to make this work. I can’t guarantee that it will work for you, and whenever you’re trying to install custom firmware on a router, you should be careful, as you can brick your router.
First off, you may want to read through Jeff’s post. You’re going to need your WANIP as he calls it, and you’ll need it converted into HEX.
To start with, in DD-WRT, you need to enable IPV6 and RADVD in Management. In the config section, put something like this:
interface br0 {
AdvSendAdvert on;
prefix 2001:55c:[WAN IP in hex form ####.####]::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
Then, in the Commands tab, you need to run the following for startup:
ip tunnel add he-ipv6 mode sit remote 69.252.80.66 local [WAN IP in ###.###.###.### form] ttl 255 ip link set he-ipv6 up ip addr add 2001:55c:[WAN IP in hex form ####.####]::1/32 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip addr add 2001:55c:[WAN IP in hex form ####.####]::/64 dev br0
Additionally, due to the security vulnerability found in DD-WRT (patched already, but not in crushedhat’s build), you should run the following firewall script:
insmod ip6t_REJECT ip6tables -F ip6tables -A FORWARD -p tcp -i he-ipv6 --syn -m multiport --dports ftp-data,ftp,ssh,smtp,http,https,ntp,domain -j ACCEPT ip6tables -A FORWARD -p tcp -i he-ipv6 --syn -j REJECT --reject-with adm-prohibited ip6tables -A FORWARD -p udp -i he-ipv6 -m multiport --dports ntp,domain -j ACCEPT ip6tables -A FORWARD -p udp -i he-ipv6 -j REJECT --reject-with adm-prohibited
That’s it. It was easy for me because I just swapped my he settings for the comcast ones that Jeff (and whfsdude) provided. It may not work for you, but good luck!
Richard is a software developer in Northern Illinois.
Hi Richard,
Thanks for the mention on your blog. To be specific, I’m not running Linux on my firewall/router, it is actually OpenBSD. I say this because the command line structure for ifconfig might be slightly different, although I have not tried to run the commands in my blog entry on a Linux box to test.
Glad to see you got it working.
Cheers,
Jeff
[...] originally posted this on my own blog, but have decided it should be here as well since whfsdude is the one who made this possible. Plus, [...]