6to4 gateway router

This page how to create a 6to4 gateway router, which will give internal IPv6 networks access to any IPv6 internet access using only one external IPv4 address.

Assumptions
I am assuming that you have a gateway computer running Ubuntu. I also assume that this computer has 2 NICs, and that one of them has an interface connected to your ISP, which has received an IPv4 address, and that you have configured a tunnel on that interface. This is my setup, and i am having success with it.

Addressing
Addressing in IPv6 is pretty tricky when you are not familiar with it, so let's look at how it looks on my machine.

reaper@darkstar:~$ ifconfig eth0 eth0     Link encap:Ethernet  HWaddr 00:01:02:6d:44:01 inet addr:24.79.80.13 Bcast:255.255.255.255  Mask:255.255.252.0 inet6 addr: fe80::201:2ff:fe6d:4401/64 Scope:Link

So, this looks pretty normal. You can see my MAC address (HWaddr), you can see the IPv4 address assigned by my ISP (assigned by DCHP), and you can see the IPv6 address on the interface. Wait, IPv6? How did that get there? Well, it was automatically assigned by the OS, and it's based on my MAC address. See how my HWaddr is very close to the last digits of my inet6 addr? This is address autoconfiguration, used frequently in IPv6, and is called EUI-64. It basically takes your MAC address and uses that as the last part of your IPv6 address, with the first part being assigned to you by the local router. But, in this case, there is no local IPv6 router. fe80 is a reserved prefix for link-local addresses, which is why we also see "Scope:Link" at the end. The overall point is, this IPv6 address doesn't mean we are connected to anything.

So let's move on to our tunnel interface.

reaper@darkstar:~$ ifconfig tun6to4 tun6to4  Link encap:IPv6-in-IPv4 inet addr:24.79.80.13 Mask:255.255.255.255 inet6 addr: 2002:184f:500d::1/16 Scope:Global inet6 addr: ::24.79.80.13/128 Scope:Compat

Here we see no MAC address, because there is no hardware. We see our IPv4 address that we got from the ISP, and there are two IPv6 addresses. The first one is our 6to4 address. How can we tell it's a 6to4 address? Because it starts with '2002:' The form of a 6to4 address is 2002:hhee:exxx:: The hex part is your IPv4 address in hex digits, instead of dotted decimal. So that takes up the first 48 bits of the address. The next 16 bits are for the subnet (in this case 0) and the final 64 bits are for the host on that subnet (in this case 1).

All these zeros in our external interface are gonna give us some cool opportunities for our internal network, which will not use some kind of NAT or masquerading, but instead we will create subnets and route things properly.

So, i assigned an IPv6 address to my eth1 interface.

reaper@darkstar:~$ sudo ip -6 addr add 2002:184f:500d:1234:0250:04ff:fe73:db82/64 dev eth1

How did i get this address? Well the first 3 hex sets are the same as my tun6to4 address, then 1234 is my subnet number, and the final 64 bits is the EUI-64 address derived from my MAC address, which you can see below.

reaper@darkstar:~$ ifconfig eth1 eth1     Link encap:Ethernet  HWaddr 00:50:04:73:db:82 inet6 addr: 2002:184f:500d:1234:250:4ff:fe73:db82/64 Scope:Global inet6 addr: fe80::250:4ff:fe73:db82/64 Scope:Link

Again, you also see the link-local address, which is auto-configured.