Overview

Internally at the 3DN network, we’re not using IPv6. There was no need for it until now since our internal LAN uses RFC 1918 non-routable IP addresses. As I’ve recently started coding functionality into Vuurmuur and a fellow coder is coding support for IPv6 into Vuurmuur, I will also have to look into supporting IPv6 into the NFLOG code I added to Vuurmuur.

The Debian Wiki has a good article on how to set up IPv6. I will follow most of the directions in this article, add some of my own, and also document how to adapt vuurmuur’s nflog part code to IPv6.

Setting it up

The configuration I have at home is a pretty straightforward one:

• A Debian server with two NICs, one connected to the internet through a broadband modem, and one connected to the internal LAN
• The LAN interface on the NIC is set up as a bridge which bridges traffic to a few virtual hosts running on the server as well.
• A few IP aliases are set up on the LAN NIC to emulate subnetting and experiment with this using vuurmuur (ofcourse having subnets on one physical interface don’t give any kind of added security)
• One of the subnets above is a wireless subnet, another one is the wired subnet, yet another one is the virtual hosts subnet and the last one is a ‘rogue’ wireless subnet where all unsuspecting wireless neighbors with unknown MAC addresses get pushed in.

Describing how and why I set up the above may be subject of some later articles. My ISP UPC does not have any native IPv6 support nor am I aware of any IPv6 tunneling they do. At the time I start writing this article I do not know yet if this means I cannot send IPv6 traffic out to the internet some way so I decided to set up one of the virtual servers as a native IPv6 client, while the Debian server shall do both IPv4 and IPv6.

to be continued