This IPv6 multi-subnet Linux based router runs Ubuntu Server 12.04 in a VirtualBox virtual machine. Setup is simply a matter of setting IPv6 forwarding, net.ipv6.conf.all.forwarding=1 in the sysctl.conf file and setting static addresses on the interfaces.
The bind9 and squid3 packages are installed to support domain name service forwarding and http proxying for the DMZ nodes which have no internet access.
Lastly, the main router needs some static routes since the local network addresses need to be specified and I didn't subnet the router interfaces for the tier 1 LAN.
Squid cache proxy needs a few tweaks to enable ACLs for the new subnets. The private block is already included so I added the tier 1 block in the ACLs: acl localnet src fd00::/7 2001:470:f379:31::/64.
NTP is not used here but other virtual machines may need time synchronization so plan for it if your clock drifts while running in the virtual machine. You would set your NTP host to the corresponding router's tier network address.
I wanted to build an IPv6 only environment, but Ubuntu's repository's doesn't always respond with a quad A records (AAAA) so I have to enable IPv4 on eth0 (dhclient eth0) so the proxy on the router can reach IPv4 sites for updates. This series of articles is configured for IPv6 only and the firewall script removes the IPv4 interface when run.
The router software was installed with the Basic Server option menu choice in the Ubuntu server config screen. The unique local addresses are not pseudorandom, as the RFC 4193 calls for.
/etc/resolv.conf
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
domain chickenkiller.com
search chickenkiller.com
Add Static IPv6 Routes to DD-WRT
/etc/network/interfaces
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface
auto eth0
iface eth0 inet6 static
address 2001:470:f379::30
netmask 64
gateway 2001:470:f379::1
auto eth1
iface eth1 inet6 static
address 2001:470:f379:31::1
netmask 64
auto eth2
iface eth2 inet6 static
address fd01:470:f379:32::1
netmask 64
auto eth3
iface eth3 inet6 static
address fd01:470:f379:33::1
netmask 64
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// Added Forwarders to an IPv6 Address since it can't reach IPv4
forwarders {
2001:4860:4860::8888;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Previous: Design | Next: Firewall Rules |