iptables

Setting up IPv6 connectivity for my home LAN and my laptop

Our ISP has been saying that they will be rolling out a trial of IPv6 for more than 3 years now. Since this does not appear to be forthcoming I decided instead to make use of an IPv6 tunnel.

This tunnel behaves in much the same way as a VPN tunnel. You use IPv4 to connect to an endpoint, then use IPv6 addresses on the tunnel virtual interfaces. I used the Hurricane Electric tunnelbroker.net for my home IPv6 access, and a sixxs.net AYIYA tunnel for my laptop when away from home. I chose the AYIYA for my laptop since it is NAT friendly and is a better choice if your IPv4 address changes regularly. Both services are free.

Since I have a simple Linux machine as my main router this was actually a straightforward process. If you have a router that supports IPv6 tunnels, this can be even easier. In my case I had to setup the tunnel interface in /etc/network/interfaces (this is a Debian install, this should be the same for Ubuntu). The actual IPs have been obfuscated):

iface eth1 inet6 static
address 2001:a:b:c::3
netmask 64

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:aaaa:b:cccc::2
netmask 64
endpoint 216.218.226.238
local 1.2.3.4
ttl 255
gateway 2001:aaaa:b:c::1

Updated iptables host firewall rules

I am working on a wireless security project, which involves bridging, routing, and packet filtering (but not NAT). As I was looking at my current default iptables rule set, I noticed that it could use some cleaning up.

This firewall script is designed for stand alone hosts that provide some services.

The script takes a single argument for the interface to run on, but will default to eth0 if you do nothing.


#!/bin/sh
# firewall-up.sh
#v3.07

if [ "$#" = "0" ]; then
EXT_INT="eth0"
exit 1
else
EXT_INT=$1
fi

PATH=/bin:/sbin:/usr/local/sbin/:/usr/sbin

Syndicate content