IPv6 Course part 2: Stable IPv6 addresses on the local network

Posted on 17. October 2010 by robert

For IPv6, Network Address Translation (NAT) not provided. Rather, it is among other Purpose IPv6, NAT to make it unnecessary. The corollary, principle that every computer has a publicly accessible IPv6 (However, the protected by the firewall or in the FritzBox. is blocked). It also means, that by default, change the local IPv6 is, if the public IPv6 change.
Also: If you have no fixed IPv6 subnet (and perhaps reasons of anonymity and will not have), then change the default, IPv6 addresses of all computers in local network accessible, if the router gets a new IPv6 subnet. Get the router using 6to4 tunnels are IPv6 subnet, then changes the IP every time IPv6, if the router gets a new IPv4.
In the local network but it can be useful, always use the same subnet. A local server can be configured in a manner, to only accept connections from that subnet. When the Web server is the apache for example with the following commands (“Ababa:Ababa:Ababa” replace the self-chosen prefix, see following paragraph):
deny from all
allow from fd00:abab:abab:abab:/64 192.168.178.0/24

To have a fixed IPv6 prefix locally, the Fritzbox offers the possibility, In addition to the public IPv6 connected computers with an IPv6 subnet to provide, This is the same, and not on the Internet is routed. It must on the Web interface of the Fritz box under “/Internet/credentials/IPv6” in the section “Unique local addresses” the option “Unique local addresses (ULA) always assign” Select, always a FD00 then get all ipv6 calculator:z:MAC address.
This subnet is then used as IPv6 replacement for the private under IPv4 IPv4s 192.168.x.y. The subnet starts with “FD00”, all such addresses for private networks are, the route not on the Internet, reserved. Should any digits in the following places (0-9 and A-F) Enter – other at each Fritzbox. You should enter other at each Fritzbox, following reason: If you are in the foreign guest, then you can connect via VPN with the local network, without that there are problems, because the local IPs in the guest- and home network are not the same.

If this option is enabled and the Fritzbox has received a public IPv6 subnet, then she shares with both prefixes to connected systems. Thus, you get two IPv6 addresses:
FD00 addresses, that have been set up just, and
2001-Address of the 6to4 tunnel.

Now we have 2 Problems:

  1. When two local computers want to speak to each other, can they provide 2100- or do FD00 addresses with each other. Which they use it, is not defined. But we want to, that they use internally always the internal FD00 addresses, because otherwise a local server would, It offers its services only to FD00 addresses, not responding.
  2. From the perspective of the computer you are 2100- and FD00 addresses: You do not know, that the FD00 addresses on the Internet are not routed. That is why the machines they use equivalent and you cannot be certain, always the 2100 address used for Internet traffic. With the FD00 address the routing in the Internet does not work but.

To solve these problems is a mechanism for IPv6 (Address selection, under windows “prefix policy” called) provided for, as to the use of specific source- and destination IPs can affect. In this case an entry must be added to the address selection table. Unfortunately you can add an entry in Windows XP and not simply; a new entry deletes all existing. Therefore, you must reset all entries and then add the new (in Windows 7 can you simply add, without having to reset the existing):
# In Windows XP
# Windows-Taste + R drücken, "cmd" tippen und die Enter-Taste drücken.
# In Windows 7
# Windows-Taste drückem, "cmd" tippen und mit der rechten
# Maustaste auf "cmd" Klicken und "Als Administrator ausführen"
# anklicken.

# Danach folgendes eingeben und jede Zeile mit der Enter-Taste abschließen.
netsh
interface
ipv6
# nur in Windows XP
# Wiederherstellen der Standard-Einstellungen
# (mit "show pref" kann man sich die aktuellen Einstellungen
# anzeigen lassen)
# Priorität Label
add pref 2001::/32 5 5
add pref ::ffff:0:0/96 10 4
add pref ::/96 20 3
add pref 2002::/16 30 2
add pref ::/0 40 1
add pref ::1/128 50 0

# Benötigte Änderung durchführen
# im lokalen Netz die lokalen Ipv6 verwenden
add pref fc00::/7 60 10
# Eigentlich sollte diese Zeile auch in Windows 7 funktionieren.
# In Windows 7 scheint aber ein Fehler zu sein: das "/7" klappt
# nicht richtig. Deswegen muss in Window 7 folgender Befehl
# eingegeben werden (der nicht ganz Standarkonform ist):
add pref fd00::/8 60 10

# Danach Änderungen speichern
commit

# Und das Konfigurationsprogramm verlassen
exit

In Ubuntu and Redhat this rule is set by default (see /etc/gai.conf in Linux), so on these platforms above adjustment manually need made to be (Attention: This may be different on other Linux distributions).

A precise statement of this table in Part 3 the IPv6 course.

This entry was posted in See all German articles, IPv6 and tagged , , , , , , . Bookmark the permalink.

2 Responses to IPv6 Course part 2: Stable IPv6 addresses on the local network

  1. ABC says:
    8. January 2011 at 03:07

    Some notes on Windows 7:
    In Windows 7 Changes to the Prefixpolicy appear only after a reboot to take effect. Unfortunately, Windows shows 7 the Prefixpolicy after a reboot also differently to: If you by “Add” has added an entry, then he appears first simply in addition to the standard entries. After a reboot, but suddenly all default entries are gone. That is why it is necessary in Windows 7 the default entries by “SET” Instead of “ADD” again set, then they are retained after the reboot.

    Reply
  2. spaetz says:
    8. June 2012 at 12:58

    Danke, bin nämlich gerade auf dieses Problem gestossen, das ich hier beschrieben habe:
    http://www.ip-phone-forum.de/showthread.php?t=249307&p=1837066

    Der Tipp mit Prefix Policy bzw. /etc/gai.conf waren genau die Pointers die ich brauchte!

    Danke! 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *