My DSL carrier (and as far I know no Spanish ADSL carriers) has IPv6 available so my only chance to join IPv6 Launch Day is to create a tunnel to a IPv6 service provider. I've choose the well known Hurricane Electric Tunnel Broker free service.
Easy steps using Ubuntu:
- Sign-in.
- Create your tunnel connection towards your public IPv4 address (Note: You will need to allow HE to ping your router in your firewall configuration).
- Configuration following this guide: http://davecoyle.com/documents/ubuntu-ipv6-he-tunnel.html
- Add the IPv6 DNS server at your /etc/resolv.conf file. In this cases is: nameserver 2001:470:20::2
My suggestion, and for the sake of the test, is to use only this DNS server.
And test!
How my IPv6 tunnel interface looks like:
# ifconfig he-ipv6
he-ipv6 Link encap:IPv6-in-IPv4 inet6 addr: 2001:470:1f08:16b::2/64 Scope:Global UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:24393 errors:0 dropped:0 overruns:0 frame:0 TX packets:15097 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:30140949 (30.1 MB) TX bytes:1460976 (1.4 MB) |
And the local interface. Now we have the new localhost IPv6 address ::1 (In IPv6 this is the equivalent of 127.0.0.1).
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1043 errors:0 dropped:0 overruns:0 frame:0 TX packets:1043 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:105946 (105.9 KB) TX bytes:105946 (105.9 KB) |
First, ping my interface (notice that I'm using ping6 command):
# ping6 -c 5 2001:470:1f08:16b::2
PING 2001:470:1f08:16b::2(2001:470: 64 bytes from 2001:470:1f08:16b::2: icmp_seq=1 ttl=64 time=0.033 ms 64 bytes from 2001:470:1f08:16b::2: icmp_seq=2 ttl=64 time=0.048 ms 64 bytes from 2001:470:1f08:16b::2: icmp_seq=3 ttl=64 time=0.062 ms 64 bytes from 2001:470:1f08:16b::2: icmp_seq=4 ttl=64 time=0.047 ms 64 bytes from 2001:470:1f08:16b::2: icmp_seq=5 ttl=64 time=0.032 ms --- 2001:470:1f08:16b::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3996ms rtt min/avg/max/mdev = 0.032/0.044/0.062/0.012 ms |
Then, ping the other side of the tunnel (notice the round trip time change):
| # ping6 -c 5 2001:470:1f08:16b::1 PING 2001:470:1f08:16b::1(2001:470: 64 bytes from 2001:470:1f08:16b::1: icmp_seq=1 ttl=64 time=66.7 ms 64 bytes from 2001:470:1f08:16b::1: icmp_seq=2 ttl=64 time=66.5 ms 64 bytes from 2001:470:1f08:16b::1: icmp_seq=3 ttl=64 time=66.5 ms 64 bytes from 2001:470:1f08:16b::1: icmp_seq=4 ttl=64 time=66.3 ms 64 bytes from 2001:470:1f08:16b::1: icmp_seq=5 ttl=64 time=67.4 ms --- 2001:470:1f08:16b::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4007ms rtt min/avg/max/mdev = 66.309/66.720/67.461/0.460 ms |
And then, my first IPv6 ping to Google :)
# ping6 -c 5 -n ipv6.google.com
64 bytes from 2a00:1450:400d:803::1013: icmp_seq=1 ttl=57 time=167 msPING ipv6.google.com(2a00:1450: 64 bytes from 2a00:1450:400d:803::1013: icmp_seq=2 ttl=57 time=176 ms 64 bytes from 2a00:1450:400d:803::1013: icmp_seq=3 ttl=57 time=170 ms 64 bytes from 2a00:1450:400d:803::1013: icmp_seq=4 ttl=57 time=176 ms 64 bytes from 2a00:1450:400d:803::1013: icmp_seq=5 ttl=57 time=176 ms --- ipv6.google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 167.003/173.506/176.744/3.987 ms |
And now is time for a browser and what could be better than http://whatismyipv6.com (IPv6 style of course :)
Google redirects me to the UK site although I'm at Spain. That's because among all the tunnels endpoints from Hurricane Electric I've choose the one at London. But there are more. This could become handy later.
A curios ping :)
# ping6 -n -c1 www.v6.facebook.com
PING www.v6.facebook.com(2620:0:1cfe:face:b00c::3) 56 data bytes64 bytes from 2620:0:1cfe:face:b00c::3: icmp_seq=1 ttl=51 time=197 ms --- www.v6.facebook.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 197.501/197.501/197.501/0.000 ms |
And a couple more:
2a01:4f8:d13:3a43:feed:abba:deca:f www.synchronkartei.de
2001:4cc0:1ff:40:bebe:cafe:bebe:cafe www.webtuga.com
2001:610:148:dead:beef:b00b:cafe:babe www.ist-mome.org
do you scan another ipv6 networks? ... that's not nice!
ReplyDelete# /root/showfirewall.sh
all tcp 2001:470:xxx::[80] <- 2a01:4f8:100:2ffe::4[37214] FIN_WAIT_2:FIN_WAIT_2
all tcp 2001:470:xxx::[80] <- 2a02:2918:100:480::194[60107] FIN_WAIT_2:FIN_WAIT_2
tcpdump: WARNING: snaplen raised from 116 to 160
Jun 07 23:55:10.103894 rule 2/(match) block in on axe0: 2001:470:1f08:16b::2.58716 > 2001:470:xxx::.22: S 1913004252:1913004252(0) win 14200 <[|tcp]>
Jun 07 23:55:11.105641 rule 2/(match) block in on axe0: 2001:470:1f08:16b::2.58716 > 2001:470:xxx::.22: S 1913004252:1913004252(0) win 14200 <[|tcp]>
Jun 08 02:01:36.596408 rule 2/(match) block in on axe0: 2001:470:1f08:16b::2.46029 > 2001:470:xxx::.5900: S 2489408097:2489408097(0) win 14200 <[|tcp]>
Jun 08 02:01:37.596405 rule 2/(match) block in on axe0: 2001:470:1f08:16b::2.46029 > 2001:470:xxx::.5900: S 2489408097:2489408097(0) win 14200 <[|tcp]>
Jun 08 02:15:48.764828 rule 2/(match) block in on axe0: 2001:470:1f08:16b::2.53326 > 2001:470:xxx::.3389: S 1986041610:1986041610(0) win 14200 <[|tcp]>
Jun 08 02:15:49.770596 rule 2/(match) block in on axe0: 2001:470:1f08:16b::2.53326 > 2001:470:xxx::.3389: S 1986041610:1986041610(0) win 14200 <[|tcp]>
...
BrainfoodDE,
DeleteYes, I did. And also an article about it http://blog.domenech.org/2012/06/ipv6-security-back-to-square-one.html
I'm glad to see that you pay attention to IP security. Well done!
Thanks for comment.
Juan