Community discussions

 
Xenhat
just joined
Topic Author
Posts: 3
Joined: Fri Dec 30, 2016 9:41 pm

Working 6rd/6to4 script for modems without native IPV6 in firmware operating on native IPV6 network

Sun May 20, 2018 3:16 pm

This was mainly done for Videotron's IPV6 network, which appears as "Native" on http://ipv6-test.com/ but can easily be adapted to other networks.

For Videotron clients, there is a calculator available for you: http://support.videotron.com/residentia ... calculator

This imports sucessfully on defconf for me (RB951G-2HnD).

Fill in the values as required.

6to4.rsc
# 6to4.rsc
# Notes
# We cannot use variables here, somehow the router rejects them.
/interface 6to4

# The first value to replace here is your WAN IPv4 address (the one you get when you type "my ip" in google search
# The second value is the one called "IPv4 Relay" in the calculator.
add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit local-address=<WAN_IP_HERE> mtu=1480 name=6rd remote-address=<IPV4_RELAY_ADDRESS_HERE>

# "IPv6 6RD Adress"
/ipv6 pool add name=ip6 prefix=<IPV6_6RD_ADDRESS_HERE_MINE_ENDS_IN_/60> prefix-length=64

/ipv6 address
# "Prefix 6RD"/"Mask 6RD"
# i.e
# Prefix 6RD: AAAA::BBBB::CCCC::
# Mask 6RD:   DD
# Would give something like: AAAA::BBBB::CCCC::/DD
add address=<PREFIX_HERE/MASK_HERE> advertise=no disabled=no eui-64=no from-pool="" interface=6rd no-dad=no
add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ip6 interface=bridge no-dad=no

/ipv6 route
add disabled=no distance=1 dst-address=2000::/3 gateway=6rd scope=30 target-scope=10

The three other scripts do not really require modifications.

ip6ra.rsc
# ip6ra.rsc
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes                               \
                         disabled=no hop-limit=unspecified interface=all                           \
                         managed-address-configuration=no mtu=unspecified                          \
                         other-configuration=yes ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
                         reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

firewall6.rsc
# firewall6.rsc
/ipv6 firewall filter
# WARNING: This will wipe your entire ipv4 firewall. Remove this line if you wish to keep
# your existing rules, but your script will need adjustments.
remove [ find where dynamic=no ]
add action=accept chain=input comment="accept established connections" connection-state=established,related
add action=accept chain=input comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6
add action=accept chain=input comment="accept DHCP6 messages" dst-port=546 protocol=udp src-address=fe80::/64
add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1
add action=accept chain=forward comment="accept established connections" connection-state=established,related
add action=accept chain=forward comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid
add action=drop chain=forward comment="drop remaining incoming from WAN" in-interface=ether1

firewall4.rsc
# firewall4.rsc
/ip firewall filter
# WARNING: This will wipe your entire ipv4 firewall. Remove this line if you wish to keep
# your existing rules, but your script will need adjustments.
remove [ find where dynamic=no ]
add action=accept chain=input comment="accept established connections" connection-state=established,related
add action=accept chain=input comment="accept ICMP4 messages" limit=100,10:packet protocol=icmp
add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1
add action=accept chain=forward comment="accept established connections" connection-state=established,related
add action=accept chain=forward comment="accept new connections if DSTNAT forward" connection-nat-state=dstnat connection-state=new in-interface=ether1
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid
add action=drop chain=forward comment="drop remaining incoming from WAN" in-interface=ether1

Upload all the scripts and import them in order like the following:
:import 6to4.rsc ; :import ip6ra.rsc ; :import firewall4.rsc ; :import firewall6.rsc

Who is online

Users browsing this forum: No registered users and 2 guests