[ previous ] [ next ] [ threads ]
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 Cc:  m0n0wall dash announce at lists dot m0n0 dot ch, m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Beta 1.3b12 released
 Date:  Tue, 08 Jul 2008 02:09:18 +0200
Wow, IPv6 support !!!

This are great news for all IPv6 afficionados (like me).
With this (huge) step m0m0wall rise into the very close club of the IPv6 firewalls.

So people out there, switch to IPv6 when you can and don't wait until you have to !


Manuel Kasper wrote:
> Hello m0n0wall users,
> in case you've been wondering - no, I haven't fallen off the face of the 
> earth yet - just had other things than m0n0wall to keep me busy.
> But not to worry - m0n0wall 1.3b12 is out, and there's a new feature: 
> IPv6 support (routing and firewalling)! I realize that IPv6 is still a 
> bit of a geeky thing without much use/demand in real life, but maybe, 
> hopefully, one day... The base for this was actually contributed by 
> Michael Hanselmann way back in 2005, and with some modifications to 
> reflect the changes in m0n0wall since then, as well as a few 
> fixes/improvements (most notably easy to configure 6to4 support), it is 
> now finally in an official release. (Belated) Thanks, Michael!
> IPv6 support must be explicitly enabled on the System: Advanced setup 
> page before any of the new options will become available. Also, by 
> default there are no firewall rules for IPv6, so everything is blocked. 
> Make sure to add at least a rule on your LAN interface for outbound 
> connections if you want to use IPv6.
> Since it's the first release with IPv6 support, bugs in the 
> implementation are likely. As always, please post on the mailing list or 
> in the forum if you've found something odd (with a detailled description 
> of what you did, please). Also let us know if everything worked "out of 
> the box". :)
> If you don't have native IPv6 connectivity yet, don't worry: 6to4 
> tunneling is supported, which should work anywhere you've got a 
> (non-firewalled) public IPv4 address. Simply choose "6to4" for the IPv6 
> mode on both the WAN and LAN interfaces - no need to manually configure 
> any IPv6 addresses (check the IPv6 RA option on the LAN interface and 
> your LAN hosts will be able to automatically obtain an IPv6 address). It 
> can also work with dynamic WAN IPv4 addresses (LAN/OPT IPv6 subnets are 
> adjusted automatically). Note that some operating systems do not use 
> IPv6 when connecting to a host that supports both IPv4 and IPv6 if they 
> are configured with a 6to4 IPv6 address (-> RFC 3484), so use an 
> IPv6-only host (try http://ipv6.m0n0.ch) for browser testing, or simply 
> do a "ping6".
> If you've got native IPv6 connectivity (not supported over PPPoE/PPTP 
> yet), remember that you'll have to statically route your m0n0wall's LAN 
> subnet from your upstream router - there's no NAT for IPv6 in m0n0wall 
> (and it would be pretty pointless in most cases anyway :).
> Also, if you've gotten it to work and need some IPv6 capable web sites 
> to try it out, have a look at http://sixy.ch (or http://ipv6.sixy.ch), a 
> directory of IPv6 enabled web sites.
> In other news, m0n0wall now generates a self-signed SSL certificate and 
> key pair for the webGUI on the fly if there's none when switching from 
> HTTP to HTTPS - this should be much more secure than the default, shared 
> one. There's also a button on the System: Advanced page to regenerate 
> the cert/key - you may want to use that one if you've got existing 
> configs with HTTPS and no custom certificate.
> Finally, a bug in ipnat has been fixed that I have found to cause rare 
> and thus hard to diagnose kernel panics on a non-m0n0wall system that 
> I'm managing.
> Detailed change log and downloads:
> http://m0n0.ch/wall/beta.php
> Enjoy,
> Manuel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.