IPv6 Tunnel Broker

It’s fairly easy to set up an IPv6 tunnel on any (W)LAN-connected notebook 2 hops away from the DSL uplink, see http://tunnelbroker.net for details.

But this will also bypass the router’s firewall leading to public access to the tunnel endpoint and further.

So I stopped the tunnel immediately and will now continue on a dedicated VM appliance (Debian GNU/Linux, Tunnel Broker Setup, Shorewall) for further tests.

  • Standard setup for shorewall6 with two interfaces
  • Wide DHCPv6 Server in Debian Squeeze for the client interface (Firewall is accepting UDP traffic for port 546 resp. 547.)
  • dnsmasq provides a simple caching DNS server on the IPv6 address.
  • http://test-ipv6.com/ is scoring at 10/10 for both stacks.

The sixxs.net tunnel is up and running for a week, which earns the necessary extra credits providing a subnet on that tunnel.