IPv6 day fun is beginning!

Harry Hoffman hhoffman at ip-solutions.net
Wed Jun 8 11:59:44 UTC 2011


I have the same setup as you, except a Linux box that does the firewalling.
The actiontec is pretty bad-ass, hardware-wise, and latest firmware versions
give you a bit more freedom.

Eth0 is the public addr and eth1 is the private addr. On Eth1 I've got a
address from the routed /48 and then everything behind eth1 also gets addrs
in that /48.
(Maybe a firmware update is available for the Linksys? Or open/dd wrt).

One thing to note, if you're not doing ipv6 filtering at the router. TCP/135
is open by default on a Windows 7 laptop here so if you're not filtering at
the laptop then you're potentially allowing the world to access that port.

Cheers,
Harry

-----Original Message-----
From: Jamie Bowden [mailto:jamie at photon.com] 
Sent: Wednesday, June 08, 2011 7:40 AM
To: NANOG list
Subject: RE: IPv6 day fun is beginning!

Thanks to HE's tunnel broker service, I've got fully functional dual
stack at home (well, mostly, like most folks, VZ gives me a single
address and I live behind that with NATv4, but otherwise, I loves me
some FiOS) and yesterday went by for me without a hitch, including
accessing Facebook (I'd hear from the wife and kid really quickly if
they weren't working).  For a working tunnel, I put my DIR-825 as the
"DMZ" host behind the cheesy Actiontec router VZ requires, forward all
traffic with zero firewalling to it, and let the D-Link appliance handle
all my firewall needs (and it terminates my v6 tunnel obviously).  The
one thing I haven't quite figured out how to make it do (and maybe it's
just not capable) is use the /48 HE routes to me.  The box insists that
the internal interface be on the same subnet as the external, and it
hands out v6 addresses from that /64.

Jamie

-----Original Message-----
From: Jared Mauch [mailto:jared at puck.nether.net] 
Sent: Tuesday, June 07, 2011 7:15 PM
To: Iljitsch van Beijnum
Cc: NANOG list
Subject: Re: IPv6 day fun is beginning!


On Jun 7, 2011, at 7:13 PM, Iljitsch van Beijnum wrote:

> www.facebook.com has AAAA but doesn't load for me over IPv6, it does
for others though

If you go to www.v6.facebook.com it works, but it seems they have some
problem on their main site.  I am seeing some issues reaching them over
IPv6.

- Jared









More information about the NANOG mailing list