16 April 2011

m0n0wall is a good product for running a firewall/gateway on an embedded device. It is based on BSD, very slick and reliable. I was using it a couple of years back, but unfortunately my hardware didnt had wireless integrated, so I had to give it up and get a WRT54GL - running OpenWRT of course.

Until now my IPv6 endpoint was this OpenWRT router, unfortunately it didnt had a full IPv6 firewall integrated - I never seriously tried the 2.6 branch of it, but this would support a proper ip6tables firewall.

When m0n0wall announced version 1.33 there was this "major ipv6 improvements" and I just couldnt resist to try it. The phoneline (not cable unfortunately) is connected to my ISP's router which is then connected to my OpenWRT wireless router. I really didnt want to put the m0n0wall router (ie. "ipv6 router") in line, so I decided to install it parallel to the OpenWRT router. The internal port of m0n0wall is connected to the switch on the OpenWRT router and the external to the ISP's router.

Configuring IPv6 with a Hurricane Electric tunnel was easy going - the only problem I had was that I did not realized IPv6 was already enabled. I misinterpreted the interface configuration details of m0n0wall and expected to see some tunnel information (tunnel-endpoint information). I was wondering why the m0n0wall was always complaining about a duplicate IPv6 (nifty feature!) but then I saw that the same IPv6 was configured on the OpenWRT.

Removing then IPv6 completely from the OpenWRT and rebooting the m0n0wall box did the trick then - voila, IPv6 through a dedicated IPv6 only gateway works like a charm.

Thinking about it, this would be actually a good way to implement IPv6 in the business/enterprise, as this wouldnt cause any downtime, as long you ensure that your resolver doesnt give out IPv6 addresses *g.

blog comments powered by Disqus