| reply to TSI Gabe
Re: IPv6 beta I'm having a lot of issues with youtube when logged into the hsiservice account.. It tries to connect but always times out.. When i log in with my wiredhighspeed one the problem doesn't seem to exist.. It's also just youtube i am having the problem with but to be honest I don't visit that wide of a selection of sites either. |
|
|
|
| reply to TSI Gabe
Is there any facility within Tomato/MLPPP/IPv6 for a basic IPv6 firewall? ip6tables? If not, is it planned for future release? |
|
 AOD
join:2008-01-24
Toronto, ON
kudos:1
 ·voip.ms
| said by dmz:Is there any facility within Tomato/MLPPP/IPv6 for a basic IPv6 firewall? ip6tables? If not, is it planned for future release? I have this question as well. |
|
1 edit | reply to dmz
said by dmz:Is there any facility within Tomato/MLPPP/IPv6 for a basic IPv6 firewall? ip6tables? If not, is it planned for future release? Stateless firewalling could be done. However statefull firewalling would require upgrading the kernel. A very brief check seems to show that even 2.4.37 doesn't seem to have contrac for ipv6. So that would probably mean upgrading to a 2.6 kernel. While that can be done, the WRT54G* and the like have no wireless driver in 2.6. That's a hefty trade-off. |
|
AOD
join:2008-01-24
Toronto, ON
kudos:1 Reviews:
·voip.ms
| said by DSL_Ricer:said by dmz:Is there any facility within Tomato/MLPPP/IPv6 for a basic IPv6 firewall? ip6tables? If not, is it planned for future release? Stateless firewalling could be done. However statefull firewalling would require upgrading the kernel. A very brief check seems to show that even 2.4.37 doesn't seem to have contrac for ipv6. So that would probably mean upgrading to a 2.6 kernel. While that can be done, the WRT54G* and the like have no wireless driver in 2.6. That's a hefty trade-off. Yeah for me that is huge. I use wireless a lot. by firewall i mean NAT Translation for ipv6. |
|
| said by AOD: by firewall i mean NAT Translation for ipv6. A brief check seems to indicate that even 2.6 might not support that.
Is there a reason why you need NAT in IPv6? |
|
brad
join:2007-09-06
Etobicoke, ON | said by DSL_Ricer:said by AOD: by firewall i mean NAT Translation for ipv6. A brief check seems to indicate that even 2.6 might not support that. Is there a reason why you need NAT in IPv6? He just said. He thinks NAT is a firewall. |
|
| reply to DSL_Ricer
The question will become: what is the best "default" firewall for consumer IPv6?
Right now, with IPv4, people basically use NAT as a firewall. And then they use uPNP (or NAT-PMP) to automatically forward specific ports for applications that need to receive unsolicited traffic.
With IPv6, lets say by default we block all unsolicited traffic. What happens when an end-user wants to run an application like VoIP, or a game server, skype, etc? Do they have to manually go and allow access in their firewall? That seems like a step-backwards for the end user. Is there any mechanism that enables an application to notify the firewall to permit certain traffic through? (Much in the same way that applications can notify a router to port forward.) |
|
| said by dmz:The question will become: what is the best "default" firewall for consumer IPv6? In tomato, the answer is simple. You have no choice, it's none.
said by dmz: Is there any mechanism that enables an application to notify the firewall to permit certain traffic through? (Much in the same way that applications can notify a router to port forward.) I'd presume UPnP does, but I must admit, I haven't looked into it much.
MS's page on requirements for home routers suggests this:
»www.microsoft.com/whdc/device/ne···IGD.mspx |
|
| Interesting thread:
»www.ops.ietf.org/lists/v6ops/v6o···225.html |
|
| reply to DSL_Ricer
This is still a draft, but it looks to address this very question:
»tools.ietf.org/html/draft-ietf-v···urity-09 |
|
Tack
join:2007-10-23
Waterloo, ON | reply to DSL_Ricer
said by DSL_Ricer:A brief check seems to indicate that even 2.6 might not support that. Right, Linux doesn't. I've seen patches floating around a year or two back but haven't tried them.
Is there a reason why you need NAT in IPv6? I need NAT in order to load balance TCP sessions between multiple ISPs. It isn't a problem right now since my other ISP doesn't support IPv6 (and won't for a while), but near as I can tell, NAT is the only option for small users. |
|
 InssomniakThe GlitchPremium
join:2005-04-06
Cayuga, ON
kudos:1 | reply to TSI Gabe
Im not understanding this at all, Feel rather stupid about it too.
Im using Mikrotik beta, I got assigned a /64 and a /56.
So. I set up the /64 on the ppp interface, and from the router, I can ping the ipv6 google IP OK. There seems to be no auto-assigning of the ipv6 address during ppp negotiation.
What I cant figure out is how to assign the /56
so I got this:
2607:f2c0:f00f:f400::/56
the router doesnt let me assign 2607:f2c0:f00f:f400::1/56 to it, saying it cant advertise anything but a /64.
If I change it to 2607:f2c0:f00f:f400::1/64 to my lan facing interface the router never hands out an ipv6 address to a windows 7 machine. so Im lost.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca |
|
1 edit | said by Inssomniak:What I cant figure out is how to assign the /56 You don't. You have 256 /64's to assign as you wish. Auto-configuration only happens in a /64.
I don't know about Mikrotik, but most OSs need to have an extra service running to do the router advertisements needed for autoconfigration. On linux it's radvd. You may wish to make sure it's ruining, but I suspect it's just a configuration problem. |
|
InssomniakThe GlitchPremium
join:2005-04-06
Cayuga, ON
kudos:1 | said by DSL_Ricer:said by Inssomniak:What I cant figure out is how to assign the /56 You don't. You have 256 /64's to assign as you wish. Auto-configuration only happens in a /64. I don't know about Mikrotik, but most OSs need to have an extra service running to do the router advertisements needed for autoconfigration. On linux it's radvd. You may wish to make sure it's ruining, but I suspect it's just a configuration problem. After some playing I got it working, (no DNS though).
I used a /64 on the router and advertised it (radvd) and it worked to give out IPs to hosts.
There is a few bugs in this beta, the pppoe client doesnt get the IP from TSI automatically, and one other related to a few mikrotik products that use a switch, which can be worked around.
Statically assigning the IP to the pppoe client works though.
This is very beta stuff, but it does have a full working stateful ipv6 firewall.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca |
|
 TSI GabePremium,VIP
join:2007-01-03
Chatham, ON
kudos:2 | I think it's time to make the somewhat official announcement.
IPv6 recursive DNS is now available as well. You can use
2607:f2c0::1
and
2607:f2c0::2
Auth DNS is in the works.
--
TSI Gabe - TekSavvy Solutions Inc.
Authorized TSI employee ( »TekSavvy FAQ »Official support in the forum )
|
|
| Hi Gabe,
Do we put this in the Static DNS in the router or our Windows DNS under the IPv6 section? |
|
| reply to TSI Gabe
For all the MikroTik RouterOS people it looks like IPv6 over PPP will be supported in V5. It's in beta now. |
|
| reply to TSI Gabe
so what user advantage is there to having IPv6 other then making it totally confusing for routing |
|
 clusty
join:2009-05-15
Montreal, QC
kudos:1 | reply to TSI Gabe
Hey,
Any news on Tomato ND Ipv6?
There is some alpha 7 build, but am still waiting for the Ipv6 one... |
|
