Home > World Of ICT > Configuring IPv6 Tunnel Broker With Vyatta behind NAT (FreeBSD)

Configuring IPv6 Tunnel Broker With Vyatta behind NAT (FreeBSD)

June 22, 2011 Leave a comment Go to comments

Vyatta , kenapa mesti barang ini yang digunakan, jawabnya simple, pengen aja nyoba citarasanya, apakah segurih Mikrotik/FreeBSD dalam hal kegunaan dan kemudahan penggunaannya. Ternyata sungguh betul dan benar sodara-sodara, aplikasi ini sungguh bisa membuat saya terpukau, fitur kumpilt dan userfriendly pulak.  Cocok kan gan ??? , That’s it kita mulai saja. Sebagian saya ambil dari alamat berikut  http://virtualpercula.blogspot.com/2011/04/installing-and-configuring-vyatta-vm-to.html
Configuring the HE tunnel and testing basic IPv6 connectivity

Langsung saja menuju ke alamat berikut HE tunnel broker site  lalu register untuk mendapatkan alokasi IPv6 gratis, tiss..tiss.. Kondisi yang saya alami adalah Vyatta tepat berada di belakang router(OS FreeBSD)  dengan alokasi Private Address, dengan alokasi sbb;

IP : 192.168.1.254
Netmask : 255.255.255.0
Gateway : 192.168.1.234

Pastikan gateway utama dibuatkan rule pass protokol 41 dimapping ke server vyatta, simplenya karena gateway utama disini menggunakan freeBSD, kira kira seperti seperti ini;

binat on $eIF from  192.168.1.254  to any -> 103.3.46.58 #Map BiNAT Full Vyatta

arti perintah packerfilter diatas adalah si gateway akan melakukan mapping secara bidirectional point to point dari ip 103.3.46.58 ke 192.168.1.254

Ini alokasi yang kita dapatkan dari si TUNNELBROKER;
IPv6 Tunnel Endpoints
Server IPv4 Address:216.218.221.42
Server IPv6 Address:2001:470:35:2eb::1/64
Client IPv4 Address:103.3.46.58
Client IPv6 Address:2001:470:35:2eb::2/64
Available DNS Resolvers
Anycasted IPv6 Caching Nameserver:2001:470:20::2
Anycasted IPv4 Caching Nameserver:74.82.42.42
Routed IPv6 Prefixes
Routed /64:2001:470:36:2eb::/64
Routed /48:Assign /48
Auto Generate dari tunnelbroker untuk OS Vyatta akan menghasilkan output Sbb,
configure
edit interfaces tunnel tun0
set encapsulation sit
set local-ip 103.3.46.58 ### Karena Vyatta Behind  NAT maka line ini kita ganti dengan IP Local kita jadi <192.168.1.254>
set remote-ip 216.218.221.42
set address 2001:470:35:2eb::2/64
set description “HE.NET IPv6 Tunnel”
exit
set protocols static interface-route6 ::/0 next-hop-interface tun0
commit
Pastikan mulai saat ini mesin Vyatta sudah terkoneksi dengan jaringan global IPv6 via HE
gigih@int-gateway:~$ traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2404:6800:800b::93), 30 hops max, 80 byte packets
1  2001:470:35:2eb::1 (2001:470:35:2eb::1)  31.186 ms  31.563 ms  32.184 ms
2  gige-g2-13.core1.sin1.he.net (2001:470:0:17c::1)  39.809 ms  39.802 ms  39.790 ms
3  15169.sgw.equinix.com (2001:de8:4::1:5169:1)  41.265 ms  41.106 ms  41.229 ms
4  2001:4860::1:0:1c5 (2001:4860::1:0:1c5)  32.088 ms 2001:4860::1:0:1c6 (2001:4860::1:0:1c6)  32.076 ms 2001:4860::1:0:1c5 (2001:4860::1:0:1c5)  32.185 ms
5  2001:4860::1:0:9d0 (2001:4860::1:0:9d0)  123.023 ms  123.018 ms 2001:4860::1:0:3c0 (2001:4860::1:0:3c0)  62.317 ms
6  2001:4860::2:0:3c6 (2001:4860::2:0:3c6)  39.399 ms  37.947 ms  38.039 ms
7  2001:4860:0:1::25b (2001:4860:0:1::25b)  38.073 ms  38.027 ms  38.369 ms
8  2404:6800:800b::93 (2404:6800:800b::93)  37.978 ms  39.808 ms  39.107 ms
gigih@int-gateway:~$
gigih@int-gateway# set interfaces ethernet eth0 ipv6 router-advert
[edit]
gigih@int-gateway# set interfaces ethernet eth0 ipv6 router-advert  prefix 2001:470:35:2eb::/64
[edit]
gigih@int-gateway# set interfaces ethernet eth0 address 2001:470:35:2eb::1/64
[edit]
gigih@int-gateway#commit
sampai disini seharusnya seluruh client yg tersambung ke interface eth0 jika diset IPv6 auto akan mendapatkan alokasi IPv6 address dari vyatta. contoh disaya,
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:470:35:2eb:ac64:bf76:bb02:d1
   Temporary IPv6 Address. . . . . . : 2001:470:35:2eb:30cf:c048:35be:fb2e
   Link-local IPv6 Address . . . . . : fe80::ac64:bf76:bb02:d1%12
   IPv4 Address. . . . . . . . . . . : 192.168.1.205
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::221:5eff:fe6e:b0f0%12
                                       192.168.1.254
auto ip tidak akan bisa digunakan karena Firewall ipv6 belum kita aktifkan.
Berikut cara-caranya
Click on Firewall > IPv6-name and click the create button. Enter Tunnel_to_LAN in the text box and click the “commit” link at the top right of the page, the default action of a rule is to drop traffic which is what we want.

Repeat the step above but create the LAN_to_Tunnel name, keep the default action as “drop” and commit it.

Click on Firewall  > IPv6-name > LAN_to_Tunnel > Rule and enter the number 10 set the action to accept and commit it. Now expand the rule you just created and click on State and click create and select “Established” and “Related” and commit your changes

Using the same method create rule number 20 and but this time we want to drop packets, select state again and this time check “Invalid” and commit your changes.

Next create rule number 100 with a accept action and this time select Protocol and select “All” and commit your changes.

So to summarize, we have created a zone called Tunnel_to_LAN which has a default action of “drop”. So any unsolicited traffic from the IPv6 Internet will be dropped that is destined for your LAN. We will add rules to accept established and connected traffic and to drop invalid packets in future steps.
We created the LAN_to_Tunnel zone and applied rules to allow traffic out. You now have a basic rule set for the traffic that will travel from your LAN to the Tunnel to HE and to the IPv6 at large.
Now we will adds rules to the Tunnel_to_LAN zone to allow established and related traffic in and drop invalid traffic.

terakhir check apakah IPv6 sudah bisa keluar

C:\Users\DD-IYAY>tracert -6 ipv6.google.com

Tracing route to ipv6.l.google.com [2404:6800:800b::93]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  2001:470:35:2eb::1
  2    31 ms    31 ms    31 ms  2001:470:35:2eb::1
  3    30 ms    30 ms    31 ms  gige-g2-13.core1.sin1.he.net
[2001:470:0:17c::1]

  4    30 ms    33 ms    30 ms  15169.sgw.equinix.com [2001:de8:4::1:5169:1]
  5    31 ms    31 ms    31 ms  2001:4860::1:0:1c6
  6    37 ms    37 ms    37 ms  2001:4860::1:0:9d0
  7    99 ms    38 ms    37 ms  2001:4860::2:0:3c7
  8    48 ms    38 ms    49 ms  2001:4860:0:1::257
  9    38 ms    38 ms    43 ms  2404:6800:800b::93

Trace complete.

 

Categories: World Of ICT Tags: , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a comment