edit2: Added filtering on specific ports only. Before this, I could not ping anymore from the GUI.
ip6tables -I INPUT -d 2001:470:1f14:153::2 --dport 80,23 -j DROP
ip6tables -I INPUT -d 2001:470:1f15:153::99 --dport 80,23 -j DROP
Except by doing that, we won't be able to access the router either! How are you going to configure it from there on? :/
Here's a better idea, let's ACCEPT the computers on our subnet, and reject everyone else. I believe that's more functional.
Anyway, here's how i'm doing it
Code:
insmod ip6t_REJECT
#First, let's accept ourself
ip6tables -A INPUT -s 2001:XXXX:XXXX::0/64 -d 2001:XXXX:XXXX::1 -p tcp -m multiport --dports 22,80 -j ACCEPT
#Now tell everyone not in our tea party to sod off
ip6tables -A INPUT -d 2001:XXXX:XXXX::1 -p tcp -m multiport --dports 22,80 -j DROP
#Same for the tunnel back-door
ip6tables -A INPUT -d 2001:YYYY:YYYY::2 -p tcp -m multiport --dports 80 -j DROP
Where the XXXX:XXXX parts are your /64 (or /48 if you use SIXXS) subnet and YYYY:YYYY is your tunnel. Oh, and the ::1 is your routers subnet v6 ip (yes, old habits DO die hard, but they feel so right )
On a completely unrelated note, could somebody PLEASE pick this one up and update it? I mailed the original dev, hope to hear from him, but i'm afraid he's already moved on. I would even donate to the cause. There's not much to be done anyway. For starters the upnp daemon is dead in 10070. Mighty usefull for torrent clients and other stuff. Next thing would be SD mod (it's supposedly not in this build). And thats the end of my wishlist.
I'm running ASUS WL-520Gu with crushedhat's firmware. Works great, and I do appreciate the hard work and effort you've put into it. I only have one complaint.
root@fsck:~# date
Sat Dec 5 02:58:13 LST 2009
root@fsck:~# ntpclient time-a.nist.gov
Time updated.
root@fsck:~# date
Sat Dec 5 03:22:23 LST 2009
Posted: Mon Dec 28, 2009 23:15 Post subject: wl-500gP and ipv6
hello,
I need to know if ipv6 works fine in wl-500gP with dd-wrt v24 or some other! because I probably will buy one and need to know, please..
with this router I will try using 6to4 in ipv6, anyone know if is possible with dd-wrt?
can you help me? it's urgent, thank you very much!!
I am already using build 12533 with success, but my new win7 laptop keeps dropping wireless connection (no problem with linux or xp). I suspect this is because of IPv6 not working on v24. If crushedhats QoS options include VOIP support (like build 12533) then I am good to go. Actually I am using the port precedence in the QoS panel anyway to prioritize traffic from the phone. If he has at least that, then I will upload it & re-configure.
Posted: Thu Mar 04, 2010 21:04 Post subject: WRT54G v6 & IPv6
After reading this entire thread and following all the links, am I to correctly assume that there is no way to enable IPv6 functions on my WRT54G v6 (running v24-sp2 build 13064 micro generic)? My first clue is that there is no check box on the Administration>Management page to enable/disable IPv6. All of the other builds seem to be for 4 MB flash - is there no way to make it work on a 2 MB flash unit? Thanks for your help!
Is anyone having success with the newer builds? With 13972 std-nokaid I can establish my tunnel to sixxs and ping my router from "outside" but the ipv6 routing to my networked PCs seems to be broken ... they get valid ipv6 addresses from radvd but that's it.
Posted: Wed Mar 24, 2010 1:55 Post subject: Re: WRT54G v6 & IPv6
sfixphdi wrote:
After reading this entire thread and following all the links, am I to correctly assume that there is no way to enable IPv6 functions on my WRT54G v6 (running v24-sp2 build 13064 micro generic)? My first clue is that there is no check box on the Administration>Management page to enable/disable IPv6. All of the other builds seem to be for 4 MB flash - is there no way to make it work on a 2 MB flash unit? Thanks for your help!
Found I can route from the tunnel with just the following:
ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 24.251.38.95 ttl 64
ip link set he-ipv6 up
ip addr add 2001:470:c:1c1::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6