Questions about IPv6

ludist · 03-09-2024, 01:33 PM

Hello,

My Slackware-15.0 computer is serving the wifi for IPv4. I updated with IPv6.

On computer I have created a bridge (brwifi) and I attached there eth0 and wlan1. MAC of brwifi is MAC address of eth0 + 1. All network adapters have different mac. I have success but several questions.

My setup is:
hostapd
radvd
dnsmasq

The script I wrote:

Code:

#!/bin/bash
# Script to share internet connection via eth0 with bridge method.
# After hibernate or standby you have to restart this.

BRIDGE=brwifi
BRIDGEMAC=00:ff:ff:ff:ff:fe # change with your ETH MAC address + 1
BRIDGEIP=192.168.1.162
GW=192.168.1.1
SLEEP=3
ETH=eth0
WLAN=wlan1

# kernel options to make sure the settings are sane
for NETDEV in $BRIDGE $ETH $WLAN
do
        sysctl -w net.ipv6.conf.$NETDEV.forwarding=0
        sysctl -w net.ipv6.conf.$NETDEV.accept_ra=1
done

# reset network interfaces
ip link set $ETH down
rfkill unblock wifi
ip link set $WLAN down
iwconfig $WLAN txpower 3 #optional

killall dhclient

# not all wifi cards support access point mode.
# Use `iw list` and check if reports *AP for your wifi adapter.

# hostapd shutdown all the network intefaces. First thing to run.
bash /etc/rc.d/rc.hostapd restart

# create bridge
ip link add name $BRIDGE address $BRIDGEMAC type bridge
ip link set dev $BRIDGE address $BRIDGEMAC
ip link set $ETH up
# attach eth to bridge. hostapd attaches wlan to bridge.
ip link set $ETH master $BRIDGE
ip link set dev $BRIDGE up

sleep $SLEEP
bash /etc/rc.d/rc.radvd restart

# radvd enables forwarding on eth0. But if forwarding is enabled RA
# is not working.
# Disable forwarding so we cat get IPv6 from RA
sysctl -w net.ipv6.conf.$ETH.forwarding=0
sysctl -w net.ipv6.conf.$BRIDGE.forwarding=0
bash /etc/rc.d/rc.dnsmasq restart

# Get ip via dhcp if we don't have RA
# dhclient -6 brwifi
# dhclient brwifi # ipv4
ip -6 r add default via fe80::1 dev brwifi
# Dual Stack baby (IPv4 enabled).
ip a add $BRIDGEIP/24 dev brwifi
ip r add default via $GW dev brwifi

The questions:
1. My setup is valid?
2. My eth0 does not get IPv6 via RA. Why? This is a serious problem. Since if my router has new IPv6 I have to restart radvd to change the prefix. To my understanding radvd gives is the advertiser.
3. My IPv6 ports are firewalled from my ISP router. But if one day the ISP also exposes the IPv6 ports I have to block traffic to internal devices with global ipv6's with ip6tables. Right?
4. While I was trying to setup the network interfaces I managed to have IPv6 internet access WITHOUT IPv6's on any network interfaces. Yes, I know what I am writing. Probaly some caching / bug from kernel or userspace programs?
5. I can't ping my internal ipv4 network if I eth0 has ip with `ping INTERNAL_IP -I eth0`. Why? I remove the IPv4 from eth0 and I can ping my internal network with `ping INTERNAL_IP`. I thought that brwifi is like a switch and eth0 has the same access as the brwifi.

Thanks to AWS for the crazy price on IPv4. Now I am somewhat prepared for IPv6.

Code:

ip -6 a                       ludist: Sat Mar  9 08:05:38 2024

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::XX/64 scope link
       valid_lft forever preferred_lft forever
33: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::ZZ/64 scope link
       valid_lft forever preferred_lft forever
34: brwifi: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a02:85f:WW/128 scope global dynamic
       valid_lft 84252sec preferred_lft 1452sec
    inet6 fe80::WW/64 scope link
       valid_lft forever preferred_lft forever

Code:

ip r
default via 192.168.1.1 dev brwifi 
127.0.0.0/8 dev lo scope link 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.162 
192.168.1.0/24 dev brwifi proto kernel scope link src 192.168.1.163

Code:

ip -6 r
::1 dev lo proto kernel metric 256 pref medium
2a02:xx:yy:xx::/64 dev brwifi proto kernel metric 256 expires 86396sec pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev brwifi proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::1 dev brwifi metric 1024 pref medium

Thank you for reading this.

jayjwa · 03-10-2024, 11:17 PM

It doesn't look like you are getting an ip6 prefix, just a single address. You want a bank of addresses if you are serving ip6 addresses. I vaguely recall something about setting "2" as the forwarding type (be a router and a host). I set it everywhere, like net.ipv6.conf.all.forwarding = 2. I leave my external interface out of the bridge because dhcpcd was giving problems when things attached and disconnect. I serve radvd on br0, with the prefix I get from dhclient -P -6 -v eth0. Paste an ip6 address on br0. I have to add the global ip6 route manually (I do this by script) but that's probably because I don't use dnsmasq. Forwarding for ip4 I handle via iptables. wlan0 and various tuntaps go in br0. Note anything with a global ip6 address will be reachable from outside, which can be both good or bad. You only need one global ip6 address per host. I'm sure there's various ways to do this.

ludist · 03-11-2024, 10:23 AM

Thank you for your effort to answer so many questions and to de-cipher my data.

Quote:

Originally Posted by jayjwa

It doesn't look like you are getting an ip6 prefix, just a single address.

Oops. My bad. In reality the address is /64 in the end from ISP router RA, not /128. /128 is when I am using dhclient -6 brwifi. For that reason I want RA to be working properly. But as you stated with `dhclient -P` option I can have the proper prefix. Right? To my understanding I have to grab the prefix and to update and restart radvd.conf when my ISP changes IP(v6).

Quote:

Originally Posted by jayjwa

I vaguely recall something about setting "2" as the forwarding type (be a router and a host). I set it everywhere, like net.ipv6.conf.all.forwarding = 2.

Forwarding is not needed to my understanding since everything are bridged. My setup is working as I stated. I don't a problem but the listed queries. In reality I have to check what will happen if my routers changes IP(v6).

I have another one script with IPv6 forwarding (NAT66). I abandoned the idea. I think the dynamic ip's are more convenient.

Quote:

Originally Posted by jayjwa

a) I leave my external interface out of the bridge because dhcpcd was giving problems when things attached and disconnect. b) I serve radvd on br0, with the prefix I get from dhclient -P -6 -v eth0. Paste an ip6 address on br0. c) I have to add the global ip6 route manually (I do this by script) but that's probably because I don't use dnsmasq. d) Forwarding for ip4 I handle via iptables. wlan0 and various tuntaps go in br0. Note anything with a global ip6 address will be reachable from outside, which can be both good or bad. You only need one global ip6 address per host. I'm sure there's various ways to do this.

a) In that case the eth0 will be communicating with bridge?
b) I do that.
d) Yes, I already do / did that. But it does not work for internal network unless I remove IPv4 from eth0!

Thanks, you were helpful.