[mdlug] ipv6 in Centos -- ouch

Jay Nugent jjn at nuge.com
Sun Jan 22 15:02:55 EST 2012 

Greetings Carl (et al),

On Sun, 22 Jan 2012, Carl T. Miller wrote:

> I'm still trying to decide if I want to brag that
> I have IPv6 working or if I want to rant about the
> fact that it was painful to set up.  I can't believe
> that I'm the first person who got iptables, ip6tables,
> radvd, sysctl and the various files in /etc/sysconfig
> to work.
>
> I thought the Hurricane Electric certification would
> walk me through the setup.  Not really.  I spent hours
> in their blogs and searching Google to find how to
> configure everything using standard Centos files.
> I could not find a single website that correctly lists
> how to setup an IPv6 router!  Hopefully later today
> there will be a listing on LinuxQuestion.org and/or
> at the Hurricane Electric forums.
>
> Now that I know what to do, it's rather simple and it
> would take me only a few minutes to set up a new system.
>
> I'm already looking forward to working through the
> certification.

    I bought a book before I started.  After much looking around and only 
finding books that delved FAR TOO DEEP into the software, or described 
each single BIT used in the protocol, I settled on a book that skipped all 
that and just described the config files used in Debian (Sarge), FreeBSD 
6.1, and Solaris 10.  The author outright *refused* to discuss WinBlows, 
as that was just a constantly churning calron of Monkey Poop (my words, 
not his - but pretty close).

    Though this book IS NOT a plug-and-play step by step - it did help me 
to better understand how IPv6 was supposed to 'play' with other IPv6 
boxes, and how to configure them to do so.  And though the tools described 
in this book have moved on and developed over the years since 2007, it got 
me enough into the ball park I could make the thing run :)

    My IPv6 network is probably simpler than most.  A 'sit' tunnel to 
Hurricane Electric where they send me a /64 prefix.  An "RA" server to 
deploy those prefixes to my servers and workstations.  And I opted to 
allow SLAAC autoconfiguration for Link-Local, while using the *SAME* lower 
64 bits (based on the MAC) plus my prefix to assign Global routable 
addresses.  As many of you know me, I have NO DAMN WINBLOWS boxes on my 
network and thus *NEVER* use any firewalls anywhere for any reason!  But 
then I am lucky enough to have a pair of /25 blocks of IPv4 addresses to 
play with  :)


    The book is:

    "IPv6 in Practice - A Unixer's Guide to the Next Generation Internet"
    by: Benedikt Stockebrand
    published by:  Springer

    ISBN-10  3-540-24524-3
    ISBN-13  978-3-540-24524-7


    Something to keep in mind folks....  *ANY* of your internal NATed 
(RFC1918 192.168/16) boxes *can* be the endpoint termination of the SIT 
tunnel !!!  From the public Internet's perspective, ALL of your boxes look 
like just ONE box - they all 'appear' to be inside your gateway.  So if 
you have a DNS or Web or Email box on your network, go ahead and make it 
your SIT endpoint and RA server.  As long as your off-the-shelf cheapie 
gateway router can pass "SIT" (Protocol 41) it won't matter where your 
tunnel *actually* terminates.  So if you are thinking you need to replace 
your D-Link or LinkSys router with one that can do IPv6, or can terminate 
the SIT tunnel, or run RA, you don't need to replace it.


    Enjoy!
       --- Jay Nugent

         () ascii ribbon campaign in
         /\ support of plain text e-mail

"No free man shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is, as a
last resort, to protect themselves against tyranny in government"--
Thomas Jefferson, 1 Thomas Jefferson Papers, 334
+------------------------------------------------------------------------+
| Jay Nugent   jjn at nuge.com    (734)484-5105    (734)649-0850/Cell       |
|   Nugent Telecommunications  [www.nuge.com]                            |
|   Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.org] ISP & Modem Performance Monitoring |
| Web-Pegasus    [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
+------------------------------------------------------------------------+
  14:01:01 up 139 days, 20:39,  3 users,  load average: 0.10, 0.04, 0.01

More information about the mdlug mailing list