Struggling to enable IPv6 (Comcast) on WNDR4300 router

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2  Next
Author Message
billt_3
DD-WRT Novice


Joined: 17 Jul 2017
Posts: 2

PostPosted: Mon Jul 17, 2017 15:38    Post subject: Struggling to enable IPv6 (Comcast) on WNDR4300 router Reply with quote
I've been going through the threads online on this topic (e.g. http://www.dd-wrt.com/phpBB2/viewtopic.php?t=307768&postdays=0&postorder=asc&start=15 and https://www.dd-wrt.com/wiki/index.php/IPv6#Enabling_IPv6_Support and https://www.dd-wrt.com/phpBB2/viewtopic.php?t=257493&postdays=0&postorder=asc&start=465, with minimal success outside of gaining an IPv6 address on the router WAN port. (at least that's some progress) I'm a bit of novice here, but with "some" experience in the network arena; not a newbie, although you are much more seasoned with the IPv6 networking than I am here.

Here is my router details, configuration, and log:

router: Netgear WNDR4300
firmware: DD-WRT v3.0-r32170 std (06/01/17)
cpu: Atheros AR9344 ver 1 rev 1.2 (0x2122)

dhcp server: enabled
Use DNSMasq for DHCP: enabled
dhcp authoritative: enabled

ipv6:enabled
ipv6 type : dhcpv6 with prefix delegation
prefix length: 56
static dns: 2001:4860:4860:0:0:0:0:6464
static dns: 2001:4860:4860:0:0:0:0:64
mtu: 1280
DHCP6s: disabled
RADVD: disabled

DNSMasq: enabled
LocalDNS: enabled
No DNS Rebind: disabled
Query DNS in Strict Order: disabled
Add Requestor MAC to DNS Query: disabled

DNSMasq Options:
Code:
# -- HE IPv6 DNSMasq --
#
# Log the results of DNS queries with EXTRAs
log-queries=extra
# Best to store DNS Cache in file for viewing
log-facility=/tmp/DNSCache.log
# IPv6 DNS Crypt Resolver
server=::1#30
# Reject & Log addresses from upstream nameservers which are in the private IP ranges
stop-dns-rebind
# Increase local DNS queries
cache-size=5000
# IPv6 and RA configuration
enable-ra
# Listen to br0 with follow services
interface=br0
ra-param=br0,60,1800
dhcp-range=br0,::1000,::FFFF,constructor:br0,ra-stateless,ra-names,4h
dhcp-option=br0,option6:dns-server,[::]
dhcp-option=br0,option6:ntp-server,[2001:470:0:50::2]
# Dont fill syslog
quiet-ra
quiet-dhcp
#quiet-dhcp6


Startup Script:
Code:

insmod /lib/modules/`uname -r`/kernel/net/ipv6/sit.ko
sleep 5
HOST6RD=$(nslookup 6rd.comcast.net |grep "Address"|awk '{ print $3 }'|grep -v 192.168.1.1 -m1)
WANIP="$(ifconfig vlan2 | sed -n '/inet /{s/.*addr://;s/ .*;p}')"
if [ -n "$WANIP" ]
then
V6PREFIX=$(printf ' 2001:55c:%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
ip tunnel add tun6rd mode sit ttl 255 remote any local $WANIP
ip link set tun6rd mtu 1280
ip link set tun6rd up
ip addr add $V6PREFIX:0::1/32 dev tun6rd
ip addr add $V6PREFIX:1::1/64 dev br0
ip -6 route add 2000::/3 via ::$HOST6RD dev tun6rd
kill -HUP $(cat /var/run/radvd.pid)
fi
echo "interface br0 { \
MinRtrAdvInterval 3; MaxRtrAdvInterval 10; AdvLinkMTU 1280; AdvSendAdvert on; \
prefix $V6PREFIX::/64 { AdvOnLink on; AdvAutonomous on; AdvValidLifetime 86400; \
AdvPreferredLifetime 86400; }; };" \
> /tmp/radvd.conf
radvd -C /tmp/radvd.conf start


Firewall script:
Code:

# HE-IPv6 Firewall Script
#
# IPv6 GUI only sets up br0, Load missing brX routes
ip addr add 2001:470:CCCC:2::/64 dev br1
ip addr add 2001:470:CCCC:3::/64 dev br2
ip addr add 2001:470:CCCC:4::/64 dev br3
#
# Use OpenDNS IPv6 DNS Servers
echo "nameserver 2620:0:ccc::2" > /tmp/resolv.dnsmasq
echo "nameserver 2620:0:ccd::2" >> /tmp/resolv.dnsmasq
#
# Respond to HE Tunnel Server PING
iptables -I INPUT 2 -p icmp -s 66.220.2.74 -j ACCEPT
#
# More IPv6 Configuartion
ip6tables -I INPUT 5 -i br3 -j ACCEPT
ip6tables -I INPUT 5 -i br2 -j ACCEPT
ip6tables -I INPUT 5 -i br1 -j ACCEPT
ip6tables -I INPUT 2 -i br+ -p udp --dport 53 -j ACCEPT
ip6tables -I INPUT 2 -i br+ -p udp --dport 547 -j ACCEPT
#
# Force Users to use Encypt DNS by blocking port 53
ip6tables -I FORWARD -p tcp --dport 53 -j DROP
ip6tables -I FORWARD -p udp --dport 53 -j DROP


And here is the output I am receiving so far:

ifconfig:
Code:

ath0      Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1F 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23764 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:4190009 (3.9 MiB)
ath1      Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:20 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c20/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23710 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:4183461 (3.9 MiB)
br0       Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          inet6 addr: 2601:cf:8200:1e88:2ac6:8eff:fe9a:7c1e/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:176710 errors:0 dropped:5815 overruns:0 frame:0
          TX packets:180029 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43877360 (41.8 MiB)  TX bytes:142994930 (136.3 MiB)
br0:0     Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth0      Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:355938 errors:0 dropped:0 overruns:2 frame:0
          TX packets:329743 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:187636600 (178.9 MiB)  TX bytes:185382753 (176.7 MiB)
          Interrupt:4
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MULTICAST  MTU:65536  Metric:1
          RX packets:10020 errors:0 dropped:141 overruns:0 frame:0
          TX packets:10020 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1138249 (1.0 MiB)  TX bytes:1138249 (1.0 MiB)
vlan1     Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:176733 errors:0 dropped:12 overruns:0 frame:0
          TX packets:180039 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43878562 (41.8 MiB)  TX bytes:142995838 (136.3 MiB)
vlan2     Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet addr:24.125.194.91  Bcast:24.125.195.255  Mask:255.255.252.0
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:179205 errors:0 dropped:8 overruns:0 frame:0
          TX packets:149694 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:137351154 (130.9 MiB)  TX bytes:41067075 (39.1 MiB)



Ip -6 route:
Code:

2601:cf:8200:1e88::/64 dev br0  proto kernel  metric 256  expires 74561sec mtu 1492
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev vlan1  proto kernel  metric 256
fe80::/64 dev br0  proto kernel  metric 256  mtu 1492
fe80::/64 dev ath0  proto kernel  metric 256
fe80::/64 dev ath1  proto kernel  metric 256
fe80::/64 dev vlan2  proto kernel  metric 256
default dev vlan2  metric 2048
unreachable default dev lo  proto kernel  metric -1  error -128
ff00::/8 dev eth0  metric 256
ff00::/8 dev vlan1  metric 256
ff00::/8 dev br0  metric 256  mtu 1492
ff00::/8 dev ath0  metric 256
ff00::/8 dev ath1  metric 256
ff00::/8 dev vlan2  metric 256
unreachable default dev lo  proto kernel  metric -1  error -128


radvdump:
Code:

#
# radvd configuration generated by radvdump 2.16
# based on Router Advertisement from fe80::201:5cff:fe7d:2446
# received by interface vlan2
#
interface vlan2
{
   AdvSendAdvert on;
   # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
   AdvManagedFlag on;
   AdvOtherConfigFlag on;
   AdvReachableTime 3600000;
   AdvRetransTimer 1000;
   AdvCurHopLimit 0;
   AdvDefaultLifetime 1800;
   AdvHomeAgentFlag off;
   AdvDefaultPreference medium;
   prefix 2001:558:4011:6e::/64
   {
      AdvValidLifetime 604800;
      AdvPreferredLifetime 302400;
      AdvOnLink off;
      AdvAutonomous off;
      AdvRouterAddr off;
   }; # End of prefix definition
   prefix 2001:558:5001:50::/64
   {
      AdvValidLifetime 604800;
      AdvPreferredLifetime 302400;
      AdvOnLink off;
      AdvAutonomous off;
      AdvRouterAddr off;
   }; # End of prefix definition
   prefix 2001:558:6011:6e::/64
   {
      AdvValidLifetime 604800;
      AdvPreferredLifetime 302400;
      AdvOnLink off;
      AdvAutonomous off;
      AdvRouterAddr off;
   }; # End of prefix definition
   prefix 2001:558:8000:4c::/64
   {
      AdvValidLifetime 604800;
      AdvPreferredLifetime 302400;
      AdvOnLink off;
      AdvAutonomous off;
      AdvRouterAddr off;
   }; # End of prefix definition
}; # End of interface definition
#
# radvd configuration generated by radvdump 2.16
# based on Router Advertisement from fe80::2ac6:8eff:fe9a:7c1e
# received by interface br0
#
interface br0
{
   AdvSendAdvert on;
   # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
   AdvManagedFlag off;
   AdvOtherConfigFlag off;
   AdvReachableTime 0;
   AdvRetransTimer 0;
   AdvCurHopLimit 64;
   AdvDefaultLifetime 30;
   AdvHomeAgentFlag off;
   AdvDefaultPreference medium;
   AdvLinkMTU 1280;
   AdvSourceLLAddress on;
   prefix 2601:cf:8200:1e88::/64
   {
      AdvValidLifetime 86400;
      AdvPreferredLifetime 86400;
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
   }; # End of prefix definition
}; # End of interface definition
#
# radvd configuration generated by radvdump 2.16
# based on Router Advertisement from fe80::c2c1:c0ff:fe39:2acb
# received by interface br0
#
interface br0
{
   AdvSendAdvert on;
   # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
   AdvManagedFlag off;
   AdvOtherConfigFlag on;
   AdvReachableTime 0;
   AdvRetransTimer 0;
   AdvCurHopLimit 64;
   AdvDefaultLifetime 30;
   AdvHomeAgentFlag off;
   AdvDefaultPreference medium;
   AdvLinkMTU 1492;
   AdvSourceLLAddress on;
   prefix 2601:cf:8200:1e88::/64
   {
      AdvValidLifetime 86400;
      AdvPreferredLifetime 14400;
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
   }; # End of prefix definition
   RDNSS 2001:558:feed::1 2001:558:feed::2
   {
      AdvRDNSSLifetime 10;
   }; # End of RDNSS definition
}; # End of interface definition


I have been obtaining code from a few threads and need assistance in aligning them. ...unsure where else to ask at the moment. The IPv4 works great, my goal is to enable the IPv6 to compliment the network. ...and feel free to point me another direction to research some more, if that is necessary.

Thanks in advance for your help.
Sponsor
husky55
DD-WRT User


Joined: 19 Nov 2008
Posts: 242
Location: Madison, CT, US

PostPosted: Tue Jul 18, 2017 14:07    Post subject: Reply with quote
I have netgear r7500v2 and have not been able to get ipv6 to work either. Some people mentioned adding ifconfig eth0 promisc to the command line, then it worked for them. It did not work for me.
I hesitated to add any more code to the startup or custom scripts because frankly I did not think they would help.

_________________
Netgear R7500V2(2) WDS, Asus RT-AC68R (2)
billt_3
DD-WRT Novice


Joined: 17 Jul 2017
Posts: 2

PostPosted: Tue Jul 18, 2017 22:52    Post subject: Almost there, but no cigar Reply with quote
After significant effort, here are the results of my efforts to align my configuration:

ifconfig:
Code:

ath0      Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1F 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:304156 errors:0 dropped:0 overruns:0 frame:0
          TX packets:487363 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:93128419 (88.8 MiB)  TX bytes:418900888 (399.4 MiB)
ath1      Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:20 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c20/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39072 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:6237383 (5.9 MiB)
br0       Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          inet6 addr: 2601:cf:8200:1e88:2ac6:8eff:fe9a:7c1e/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1004505 errors:0 dropped:6755 overruns:0 frame:0
          TX packets:1196421 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:221106231 (210.8 MiB)  TX bytes:1041545694 (993.2 MiB)
br0:0     Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth0      Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1848628 errors:0 dropped:0 overruns:5 frame:0
          TX packets:1671247 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1171115804 (1.0 GiB)  TX bytes:871116186 (830.7 MiB)
          Interrupt:4
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MULTICAST  MTU:65536  Metric:1
          RX packets:848 errors:0 dropped:0 overruns:0 frame:0
          TX packets:848 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:73724 (71.9 KiB)  TX bytes:73724 (71.9 KiB)
vlan1     Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:707900 errors:0 dropped:56 overruns:0 frame:0
          TX packets:762561 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:134044343 (127.8 MiB)  TX bytes:643721446 (613.9 MiB)
vlan2     Link encap:Ethernet  HWaddr 28:C6:8E:9A:7C:1E 
          inet addr:24.125.194.91  Bcast:24.125.195.255  Mask:255.255.252.0
          inet6 addr: fe80::2ac6:8eff:fe9a:7c1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:1140728 errors:0 dropped:0 overruns:0 frame:0
          TX packets:908676 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1003796157 (957.2 MiB)  TX bytes:220708884 (210.4 MiB)


ip -6 route:
Code:

2601:cf:8200:1e88::/64 dev br0  proto kernel  metric 256  expires 72619sec mtu 1492
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev vlan1  proto kernel  metric 256
fe80::/64 dev br0  proto kernel  metric 256  mtu 1492
fe80::/64 dev ath0  proto kernel  metric 256
fe80::/64 dev ath1  proto kernel  metric 256
fe80::/64 dev vlan2  proto kernel  metric 256
default via fe80::201:5cff:fe7d:2446 dev vlan2  proto ra  metric 1024  expires 1797sec
unreachable default dev lo  proto kernel  metric -1  error -128
ff00::/8 dev eth0  metric 256
ff00::/8 dev vlan1  metric 256
ff00::/8 dev br0  metric 256  mtu 1492
ff00::/8 dev ath0  metric 256
ff00::/8 dev ath1  metric 256
ff00::/8 dev vlan2  metric 256
unreachable default dev lo  proto kernel  metric -1  error -128


ip route:
Code:

default via 24.125.192.1 dev vlan2
24.125.192.0/22 dev vlan2  proto kernel  scope link  src 24.125.194.91
127.0.0.0/8 dev lo  scope link
169.254.0.0/16 dev br0  proto kernel  scope link  src 169.254.255.1
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1


startup script:
Code:

# establish foundational fields
# HOST6RD=6rd.comcast.com
PREFIX=2601:cf
ROUTER_LAN_IP=192.168.1.1

# add script
insmod /lib/modules/`uname -r`/ipv6.ko
insmod /lib/modules/`uname -r`/kernel/net/ipv6/sit.ko

# 5 second sleeper
sleep 5

#define parameters
HOST6RD=$(nslookup $HOST6RD |grep "Address"|awk '{ print $3 }'|grep -v 192.168.1.1 -m1)
WANIP="$(ifconfig vlan2 | sed -n '/inet /{s/.*addr://;s/ .*;p}')"
IP6RD=$(nslookup $HOST6RD 2>/dev/null | grep "Address" | awk '{ print $3 }'|\
        grep -v $ROUTER_LAN_IP)

# check if exists
if [ -n "$WANIP" ]
then
  V6PREFIX=$(printf $PREFIX':%02x%02x:%02x%02x' $(echo $WANIP | tr . ' '))
  ip tunnel add tun6rd mode sit ttl 255 remote any local $WANIP
  ip tunnel 6rd dev tun6rd 6rd-prefix $PREFIX::/32
  ip link set tun6rd mtu 1476
  ip link set tun6rd up
  ip addr add $V6PREFIX:0::1/32 dev tun6rd
  ip addr add $V6PREFIX:1::1/64 dev br0
  ip route add ::/0 via ::$IP6RD dev tun6rd

kill -HUP $(cat /var/run/radvd.pid)
fi

# create radvd.conf file
echo "interface br0 { \
MinRtrAdvInterval 3; MaxRtrAdvInterval 60; AdvLinkMTU 1476; AdvSendAdvert on; \
prefix $V6PREFIX::/64 { AdvOnLink on; AdvAutonomous on; AdvValidLifetime 86400; \
AdvPreferredLifetime 86400; }; };" \
> /tmp/radvd.conf

#start radvd service
radvd -C /tmp/radvd.conf start


firewall script:
Code:

# HE-IPv6 Firewall Script (this is in work in progress)
#
# IPv6 GUI only sets up br0, Load missing brX routes
# ip addr add 2001:470:CCCC:2::/64 dev br1
#  ip addr add 2001:470:CCCC:3::/64 dev br2
#  ip addr add 2001:470:CCCC:4::/64 dev br3
#
# IPv6 DNS Servers - Google
echo "nameserver 2001:4860:4860::8888" > /tmp/resolv.dnsmasq
#echo "nameserver 2001:4860:4860::8844" >> /tmp/resolv.dnsmasq
#IPv4 Servers - Google
# echo "nameserver 8.8.8.8" >> /tmp/resolv.dnsmasq
# echo "nameserver 8.8.4.4" >> /tmp/resolv.dnsmasq
# Use Comcast IPv6 DNS Servers
echo "nameserver 2001:558:FEED::1" >> /tmp/resolv.dnsmasq
#echo "nameserver 2001:558:FEED::2" >> /tmp/resolv.dnsmasq
# Use Comcast IPv4 DNS Servers
# echo "nameserver 75.75.75.75" >> /tmp/resolv.dnsmasq
# echo "nameserver 75.75.76.76" >> /tmp/resolv.dnsmasq
# Use OpenDNS IPv6 DNS Servers
echo "nameserver 2620:0:ccc::2" >> /tmp/resolv.dnsmasq
echo "nameserver 2620:0:ccd::2" >> /tmp/resolv.dnsmasq
#
# Respond to HE Tunnel Server PING
#  iptables -I INPUT 2 -p icmp -s 66.220.2.74 -j ACCEPT
#
# More IPv6 Configuration
#  ip6tables -I INPUT 5 -i br3 -j ACCEPT
#  ip6tables -I INPUT 5 -i br2 -j ACCEPT
#  ip6tables -I INPUT 5 -i br1 -j ACCEPT
#  ip6tables -I INPUT 2 -i br+ -p udp --dport 53 -j ACCEPT
#  ip6tables -I INPUT 2 -i br+ -p udp --dport 547 -j ACCEPT
#
# Force Users to use Encypt DNS by blocking port 53
# ip6tables -I FORWARD -p tcp --dport 53 -j DROP
# ip6tables -I FORWARD -p udp --dport 53 -j DROP


DNSMasq script:
Code:

# -- BT IPv6 DNSMasq --
#
# Log the results of DNS queries with EXTRAs
log-queries=extra
# Best to store DNS Cache in file for viewing
log-facility=/tmp/DNSCache.log
# IPv6 DNS Servers - Google
server=2001:4860:4860::8888
server=2001:4860:4860::8844
#IPv4 Servers - Google
server=8.8.8.8
server=8.8.4.4
# IPv4 DNS Servers - Comcast
server=75.75.75.75
server=75.75.76.76

# IPv6 DNS Crypt Resolver
server=::1#30

# expand host names without domains or dots
expand-hosts

# Reject & Log addresses from upstream nameservers which are in the private IP ranges
stop-dns-rebind

# Increase local DNS queries
cache-size=5000
# IPv6 and RA configuration
enable-ra
# Listen to br0 with follow services
interface=br0
ra-param=br0,60,1800
dhcp-range=br0, ::1000, ::FFFF, constructor:br0 ,ra-stateless ,ra-names, 24h
dhcp-option=br0,option6:dns-server,[::]
dhcp-option=br0,option6:ntp-server,[2001:470:0:50::2]
dhcp-option=vendor:MSFT,2,1i

# Dont fill syslog
quiet-ra
quiet-dhcp
#quiet-dhcp6


Providing the following results:
Code:

C:\WINDOWS\system32>tracert -6 ipv6.google.com

Tracing route to ipv6.l.google.com [2607:f8b0:4002:806::200e]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  2601:cf:8200:1e88:2ac6:8eff:fe9a:7c1e
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.



Any thoughts what's up? I know I'm really close as it is hitting the router that has an v6 IP address on it. It seems to me that there is an issue with the default gateway that is causing my problem. ...perception?

I'm open for ideas and suggestions.

Thanks in advance.
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Fri Jul 21, 2017 22:22    Post subject: Reply with quote
comcast uses dhcpv6-pd

get rid of startup and fw script. the startup script is trying to configure competing technologies. ex 6rd vs dhcpv6-pd & dnsmasq vs radvd

first step just config setup-ipv6. dhcpv6-pd defaults + disable other settings. keep dnsmasq. cleanup dmsmasq once you get ipv6 running

_________________
IPv6 Ready - HE IPv6 Tunnel
http://test-ipv6.com (10/10)
http://ipv6-test.com (20/20)
http://test-ipv6.netiter.dk (20/20)

wub901
DD-WRT Novice


Joined: 22 Jun 2017
Posts: 19

PostPosted: Sat Jul 22, 2017 11:32    Post subject: Reply with quote
Got mine working using

DHCP with prefix delegation

leave dns blank

leave mtu default

disable radvd

Go to sevices tab

copy into Additional DNSMasq Options

local=/local/
expand-hosts
interface=br0
dhcp-range=::1000,::FFFF,constructor:br0,ra-stateless,12h
dhcp-option=option6:dns-server,[::]
ra-param=br0,10,300
enable-ra

go to administration click commands and copy

ip6tables -I INPUT 3 -i br0 -j ACCEPT
ip6tables -I FORWARD 2 -p icmpv6 --icmpv6-type echo-request -j ACCEPT

save as firewall rule

done now reboot
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Sun Jul 23, 2017 1:15    Post subject: Reply with quote
you should be able to delete the two FW rules as ddwrt incorporated them in their base rules ages ago (late 2015 if memory serves)
_________________
IPv6 Ready - HE IPv6 Tunnel
http://test-ipv6.com (10/10)
http://ipv6-test.com (20/20)
http://test-ipv6.netiter.dk (20/20)

wub901
DD-WRT Novice


Joined: 22 Jun 2017
Posts: 19

PostPosted: Wed Jul 26, 2017 22:22    Post subject: Reply with quote
so I do not need the firewall as startup ?
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Thu Jul 27, 2017 5:00    Post subject: Reply with quote
wub901 wrote:
so I do not need the firewall as startup ?


these rules are no longer needed:
ip6tables -I INPUT 3 -i br0 -j ACCEPT
ip6tables -I FORWARD 2 -p icmpv6 --icmpv6-type echo-request -j ACCEPT

only diff is ddwrt default rules rate limits ping

_________________
IPv6 Ready - HE IPv6 Tunnel
http://test-ipv6.com (10/10)
http://ipv6-test.com (20/20)
http://test-ipv6.netiter.dk (20/20)

wub901
DD-WRT Novice


Joined: 22 Jun 2017
Posts: 19

PostPosted: Thu Jul 27, 2017 16:15    Post subject: Reply with quote
So is there a way I can get a hostname for ipv6 as the ipv6 test says that there is no hostname?
NiTrus
DD-WRT User


Joined: 25 Dec 2010
Posts: 295
Location: Twin Cities, MN

PostPosted: Thu Jul 27, 2017 16:34    Post subject: Reply with quote
wub901 wrote:
So is there a way I can get a hostname for ipv6 as the ipv6 test says that there is no hostname?


nope, not as yet

_________________
NETGEAR R9000 | RT | 40134
NETGEAR R7800 | AP | 40134

jean019
DD-WRT User


Joined: 25 Apr 2015
Posts: 115

PostPosted: Fri Aug 11, 2017 15:56    Post subject: Reply with quote
JAMESMTL wrote:
wub901 wrote:
so I do not need the firewall as startup ?


these rules are no longer needed:
ip6tables -I INPUT 3 -i br0 -j ACCEPT
ip6tables -I FORWARD 2 -p icmpv6 --icmpv6-type echo-request -j ACCEPT

only diff is ddwrt default rules rate limits ping


Hi,
I'm new to ipV6 (and not an ipV4 expert).
Is ipV6 firewall now included in standard dd-wrt ?
If so does it block almost everything like a classic ipV4 firewall ?

I wonder because of that :
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=309438&highlight=ipv6+firewall
and
https://secure.dd-wrt.com/wiki/index.php/IPv6_%28tutorial%29

My ISP is going to give us an IPv6 address, I don't want all my machines to accessible from the internet, I want to keep everything safe...
thanks
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Fri Aug 11, 2017 19:09    Post subject: Reply with quote
yes there is a default ipv6 firewall
_________________
IPv6 Ready - HE IPv6 Tunnel
http://test-ipv6.com (10/10)
http://ipv6-test.com (20/20)
http://test-ipv6.netiter.dk (20/20)

jean019
DD-WRT User


Joined: 25 Apr 2015
Posts: 115

PostPosted: Fri Aug 11, 2017 21:42    Post subject: Reply with quote
Perfect ! Very Happy
_________________
netgear R9000 : BS 39267 firmware
netgear R7800 : Kong 39715M firmware
tp-link archer C7v2 : BS 33772 firmware
tp-link archer C5v1.2@C7v2 : BS 33772 firmware
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 584
Location: Illinois

PostPosted: Thu Jul 12, 2018 14:53    Post subject: Reply with quote
JAMESMTL wrote:
...keep dnsmasq. cleanup dmsmasq once you get ipv6 running


Noobie question. what is the dnsmasq code doing; what its purpose?

Code:
local=/local/
expand-hosts
interface=br0
dhcp-range=::1000,::FFFF,constructor:br0,ra-stateless,12h
dhcp-option=option6:dns-server,[::]
ra-param=br0,10,300
enable-ra



Is it still necessary in recent builds?
I did not use it, and I have IPv6 Working on an EA8500 and R7800. Am I exposing my IPv6 without the code?
_sky.captain_
DD-WRT Novice


Joined: 02 Jul 2018
Posts: 21

PostPosted: Wed Jul 25, 2018 4:27    Post subject: Thank you, wub901 and JAMESMTL! Reply with quote
I know this is an old post, but after trying many sources for information on how to enable IPv6 in DD-WRT, this post worked for me. Setting up IPv6 is so easy in stock firmware - it would be nice for DD-WRT to include an easy mode, too, as so many of us (and I am guilty as charged) have been delinquent about familiarizing ourselves with IPv6. So thank you, very much! I had given up on IPv6 for DD-WRT until I saw this.

And in case anyone in my area and on my ISP is facing the same problem, the following line is for Google:

IPv6 settings DD-WRT Mediacom Cedar Rapids Iowa


wub901 wrote:
Got mine working using

DHCP with prefix delegation

leave dns blank

leave mtu default

disable radvd

Go to sevices tab

copy into Additional DNSMasq Options

local=/local/
expand-hosts
interface=br0
dhcp-range=::1000,::FFFF,constructor:br0,ra-stateless,12h
dhcp-option=option6:dns-server,[::]
ra-param=br0,10,300
enable-ra

go to administration click commands and copy

ip6tables -I INPUT 3 -i br0 -j ACCEPT
ip6tables -I FORWARD 2 -p icmpv6 --icmpv6-type echo-request -j ACCEPT

save as firewall rule

done now reboot
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum