From c7c21b770973ad14e6513dbdd9b3b8b86a2f39f0 Mon Sep 17 00:00:00 2001 From: mhnoyes Date: Wed, 10 Dec 2003 07:05:07 +0000 Subject: [PATCH] DocBook XML conversion git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@819 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/6to4.xml | 149 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 Shorewall-docs/6to4.xml diff --git a/Shorewall-docs/6to4.xml b/Shorewall-docs/6to4.xml new file mode 100644 index 000000000..cd478a30c --- /dev/null +++ b/Shorewall-docs/6to4.xml @@ -0,0 +1,149 @@ + + +
+ + 6to4 Tunnels + + + + Eric + + de Thouars + + + + Tom + + Eastep + + + + 2003-05-18 + + + + The 6to4 tunnel feature of Shorewall only facilitates IPv6 over IPv4 + tunneling. It does not provide any IPv6 security measures. + + + 6to4 tunneling with Shorewall can be used to connect your IPv6 network + to another IPv6 network over an IPv4 infrastructure. + + More information on Linux and IPv6 can be found in the Linux IPv6 HOWTO. + Details on how to setup a 6to4 tunnels are described in the section Setup + of 6to4 tunnels. + +
+ Connecting two IPv6 Networks + + Suppose that we have the following situation: + +
+ + + + + + + +
+ + We want systems in the 2002:100:333::/64 subnetwork to be able to + communicate with the systems in the 2002:488:999::/64 network. This is + accomplished through use of the /etc/shorewall/tunnels file and the + "ip" utility for network interface and routing configuration. + + Unlike GRE and IPIP tunneling, the /etc/shorewall/policy, + /etc/shorewall/interfaces and /etc/shorewall/zones files are not used. + There is no need to declare a zone to represent the remote IPv6 network. + This remote network is not visible on IPv4 interfaces and to iptables. All + that is visible on the IPv4 level is an IPv4 stream which contains IPv6 + traffic. Separate IPv6 interfaces and ip6tables rules need to be defined + to handle this traffic. + + In /etc/shorewall/tunnels on system A, we need the following: + + + + + + TYPE + + ZONE + + GATEWAY + + GATEWAY ZONE + + + + + + 6to4 + + net + + 134.28.54.2 + + + + + + + + This entry in /etc/shorewall/tunnels, opens the firewall so that the + IPv6 encapsulation protocol (41) will be accepted to/from the remote + gateway. + + Use the following commands to setup system A: + + >ip tunnel add tun6to4 mode sit ttl 254 remote 134.28.54.2 +>ip link set dev tun6to4 up +>ip addr add 3ffe:8280:0:2001::1/64 dev tun6to4 +>ip route add 2002:488:999::/64 via 3ffe:8280:0:2001::2 + + Similarly, in /etc/shorewall/tunnels on system B we have: + + + + + + TYPE + + ZONE + + GATEWAY + + GATEWAY ZONE + + + + + + 6to4 + + net + + 206.191.148.9 + + + + + + + + And use the following commands to setup system B: + + >ip tunnel add tun6to4 mode sit ttl 254 remote 206.191.148.9 +>ip link set dev tun6to4 up +>ip addr add 3ffe:8280:0:2001::2/64 dev tun6to4 +>ip route add 2002:100:333::/64 via 3ffe:8280:0:2001::1 + + On both systems, restart Shorewall and issue the configuration + commands as listed above. The systems in both IPv6 subnetworks can now + talk to each other using IPv6. +
+
\ No newline at end of file