[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Beta 1.3b12 released
 Date:  Tue, 08 Jul 2008 09:16:32 +0200
Installed over here... works great.
Tried to activate IPv6, which didn't cause any problem - but I just 
can't use it somehow.
I've added a rule, to allow my LAN to get outside (just a plain default 
rule : * * * * -> any)

I always worked on IPv4 (disabled IPv6), and I tried to activate IPv6 as 
the only protocol, but it simply won't get an address... mind you, I'm 
still using the Realtek NICs as LAN cards - the Intel one is on it's way 
(it's really hard to find an Intel card in retail stores in Belgium - 
all the cards were equipped with realtek chipsets) :)

I shall first have a look on the net, maybe I'm missing some information 
on how to use IPv6 on an IPv4 internet...

Manuel Kasper wrote:
> Hello m0n0wall users,
>
> in case you've been wondering - no, I haven't fallen off the face of 
> the earth yet - just had other things than m0n0wall to keep me busy.
>
> But not to worry - m0n0wall 1.3b12 is out, and there's a new feature: 
> IPv6 support (routing and firewalling)! I realize that IPv6 is still a 
> bit of a geeky thing without much use/demand in real life, but maybe, 
> hopefully, one day... The base for this was actually contributed by 
> Michael Hanselmann way back in 2005, and with some modifications to 
> reflect the changes in m0n0wall since then, as well as a few 
> fixes/improvements (most notably easy to configure 6to4 support), it 
> is now finally in an official release. (Belated) Thanks, Michael!
>
> IPv6 support must be explicitly enabled on the System: Advanced setup 
> page before any of the new options will become available. Also, by 
> default there are no firewall rules for IPv6, so everything is 
> blocked. Make sure to add at least a rule on your LAN interface for 
> outbound connections if you want to use IPv6.
>
> Since it's the first release with IPv6 support, bugs in the 
> implementation are likely. As always, please post on the mailing list 
> or in the forum if you've found something odd (with a detailled 
> description of what you did, please). Also let us know if everything 
> worked "out of the box". :)
>
> If you don't have native IPv6 connectivity yet, don't worry: 6to4 
> tunneling is supported, which should work anywhere you've got a 
> (non-firewalled) public IPv4 address. Simply choose "6to4" for the 
> IPv6 mode on both the WAN and LAN interfaces - no need to manually 
> configure any IPv6 addresses (check the IPv6 RA option on the LAN 
> interface and your LAN hosts will be able to automatically obtain an 
> IPv6 address). It can also work with dynamic WAN IPv4 addresses 
> (LAN/OPT IPv6 subnets are adjusted automatically). Note that some 
> operating systems do not use IPv6 when connecting to a host that 
> supports both IPv4 and IPv6 if they are configured with a 6to4 IPv6 
> address (-> RFC 3484), so use an IPv6-only host (try 
> http://ipv6.m0n0.ch) for browser testing, or simply do a "ping6".
>
> If you've got native IPv6 connectivity (not supported over PPPoE/PPTP 
> yet), remember that you'll have to statically route your m0n0wall's 
> LAN subnet from your upstream router - there's no NAT for IPv6 in 
> m0n0wall (and it would be pretty pointless in most cases anyway :).
>
> Also, if you've gotten it to work and need some IPv6 capable web sites 
> to try it out, have a look at http://sixy.ch (or http://ipv6.sixy.ch), 
> a directory of IPv6 enabled web sites.
>
> In other news, m0n0wall now generates a self-signed SSL certificate 
> and key pair for the webGUI on the fly if there's none when switching 
> from HTTP to HTTPS - this should be much more secure than the default, 
> shared one. There's also a button on the System: Advanced page to 
> regenerate the cert/key - you may want to use that one if you've got 
> existing configs with HTTPS and no custom certificate.
>
> Finally, a bug in ipnat has been fixed that I have found to cause rare 
> and thus hard to diagnose kernel panics on a non-m0n0wall system that 
> I'm managing.
>
> Detailed change log and downloads:
>
> http://m0n0.ch/wall/beta.php
>
> Enjoy,
>
> Manuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>