News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Native IPV6 - m0n0wall to m0n0wall
Pages: [1]
Topic: Native IPV6 - m0n0wall to m0n0wall  (Read 3107 times)
« on: January 22, 2009, 11:27:35 »
r00ster *
Posts: 5
Guys,

I've a little problem, for a project, I need to be able to connect two m0n0walls (both 1.3B15) to each other via native IPV6.

The situation is this: both monowalls are currently connected on a old Linksys router (which only has IPV4), it shouldn't matter they don't have to connect to the outside world via IPV6 in this test setup. on both ends i have a ubuntu installed which runs Apache2. I want to show that i can get to that Apache website using IPV6. It works on the local network.

-----------------------------

Local-computer1:
IP:           2001.:2353::1428:57aa (static)
netmask: 64
gatewat: 2001.:2353::1428:57ab

Monowall 1:
LAN IP:  2001.:2353::1428:57ab (static)
WAN IP: 2001.:2353::1428:57ac (static)
netmask: 64
Gateway: 2001.:2353::1428:57ad

Monowall 2
LAN IP: 2001.:2353::1428:57ae (static)
WAN IP: 2001.:2353::1428:57ad
netmask: 64
Gateway: 2001.:2353::1428:57ac

Local-computer2
IP:           2001.:2353::1428:57af (static)
netmask: 64
gatewat: 2001.:2353::1428:57ae

-----------------------------

As you might see I've set both monowall to use the other monowall as there IPV6 gateway, I don't know if this the right way to proceed.

The current situation is that I can ping from a local computer to the Lan interface of monowall over IPV6. But i am unable to ping to the WAN interface with a local computer.

I've also added the rule on the WAN and LAN interface of both firewall to allow everything (IPV6 rule of course).

I am able to connect to the website using IPV4 (with an IPSEC tunnel).

Is there anybody who can tell me what I am doing wrong.

Thanks,
r00ster
« Reply #1 on: January 22, 2009, 11:46:36 »
Manuel Kasper
Administrator 		*****
Posts: 364
Quote from: r00ster on January 22, 2009, 11:27:35
Monowall 1:
LAN IP:  2001.:2353::1428:57ab (static)
WAN IP: 2001.:2353::1428:57ac (static)

...

Monowall 2
LAN IP: 2001.:2353::1428:57ae (static)
WAN IP: 2001.:2353::1428:57ad

For a start, you've got both the LAN and WAN interface on your m0n0walls configured with an IPv6 address in the same subnet. This cannot work, as m0n0wall acts as a router. You need different subnets on LAN and WAN.
« Reply #2 on: January 22, 2009, 18:51:13 »
r00ster *
Posts: 5
Okay seems obvious... so i can just leave the local area networks as they are and i have to change the IP of the WANS and the netmask....

Native IPV6 is new to me,  if i put the IPV6 adress in a /32 would that mean that the other 96 bits in the host portion? so if i configure my WAN in a /32 and my LAN in a /64 it should work?
« Reply #3 on: January 22, 2009, 19:23:37 »
Manuel Kasper
Administrator 		*****
Posts: 364
Quote from: r00ster on January 22, 2009, 18:51:13
Native IPV6 is new to me,  if i put the IPV6 adress in a /32 would that mean that the other 96 bits in the host portion? so if i configure my WAN in a /32 and my LAN in a /64 it should work?

No - then they'd still overlap. With IPv6, one almost always uses a subnet mask (or rather "prefix length") of /64 on a network segment (like an Ethernet segment for example).

Most ISPs and tunnel brokers give you a /48 for your use. You can then split that into 65536 x /64 by varying the 7th/8th octet. E.g. if you get aabb:ccdd:eeff::/48, you could use aabb:ccdd:eeff:1::/64, aabb:ccdd:eeff:2::/64, etc.

Try reading up on IPv6 subnetting; it should clear things up for you.
« Reply #4 on: January 23, 2009, 13:03:34 »
r00ster *
Posts: 5
Okay, thanks for the detailed advise  Smiley. i'll read up on IPV6 subnetting  Roll Eyes.

i'll try putting it to the test on Monday, I get back to you then.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines