IPv6 Forum / Operating Systems - IPv6 Protocol Stacks / Windows / Setting up IPv6 forwarding on Windows 2000

Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Setting up IPv6 forwarding on Windows 2000
11-02-2009, 02:12 AM
Post: #1
emanuele Online
Emanuele Vedova
*******
 		Posts: 10
Joined: May 2008
Reputation: 0
Setting up IPv6 forwarding on Windows 2000
Setting up IPv6 forwarding using a Windows 2000 box.

This explains how to set up IPv6 forwarding (and default routing) on a Windows 2000 box with a Windows XP client which only has a NAT IPv4 address. I couldn't find this on the 'net anywhere, so I decided to write it up myself. Hopefully it helps someone else out there.

Versions:
Windows 2000, SP4, MS IPv6 Kit
Windows XP, SP1

Topology:

IPv6Internet---[v6]TunnelbrokerRouter[v4tov6]---IPv4Internet---[v4tov6]Win2k[v6]---eth---[v6]WinXP

The Windows 2000 box acts as a NAT router for IPv4 packets. It has a 192.168.0.1 IPv4 address on the "eth" network. The WindowsXP box has a 192.168.0.100 IP address on the "eth" network with a default gateway of 192.168.0.1. All of the IPv4 NAT stuff works and I can access the IPv4 Internet through the Windows 2000 box via NAT just fine.

Now, the problem was I wanted to be able to access the WindowsXP box from anywhere on the IPv6 Internet without worrying about port forwarding on the Windows 2000 box, and I wanted to see the dancing Kame just for kicks Smile

So, I received a /64 allocation from the Tunnelbroker. They gave me the address:

2001:470:1f00:367::/64

This is what I will be using on the inside of my network (the eth network).

Previously, I had received a /127 IPv6 address from the Tunnelbroker. This establishes the 6to4 connectivity. The address I received was:

2001:470:1f00:ffff::217/127

Their side was:

2001:470:1f00:ffff::216/127

Via 6to4 I could easily ping6 from my Windows 2000 box to the Tunnelbroker IPv6 address. Doing a packet capture, I could see IPv4 packets going out with IPv6 inside of them.

C:\WINNT>ping6 2001:470:1f00:ffff::216

Pinging 2001:470:1f00:ffff::216 with 32 bytes of data:

Reply from 2001:470:1f00:ffff::216: bytes=32 time=86ms
Reply from 2001:470:1f00:ffff::216: bytes=32 time=84ms
Reply from 2001:470:1f00:ffff::216: bytes=32 time=88ms
Reply from 2001:470:1f00:ffff::216: bytes=32 time=85ms

Now, the tricky part was making it so I could configure one of the /64 addresses which was allocated to me on my WinXP box as well as my Win2k box "eth" interface and forward using the Win2k box.

First I assigned the IPv6 address to the WinXP box like this:

ipv6 adu 4/2001:470:1f00:367::2 (the "4" is my Ethernet Nic in the WinXp box on the same network as the Win2k box)

Then I assigned the IPv6 address to the Win2k box like this:

ipv6 adu 5/2001:470:1f00:367::1 (the "5" is the Ethernet nic on the eth network which is the same network the WinXP box is on)

I still wasn't able to ping which was weird. I had to enter a route table entry before I could ping.

So, on the Win2k box, I entered:

ipv6 rtu 2001:470:1f00:367::/64 5

Strangely, I didn't need this entry on the WinXP box. I still don't know the answer for that..but atleast it pings now.

Then, on the WinXP box, I needed to add a default route so I could reach addresses that weren't local to my subnet (basically, the whole IPv6 internet).

ipv6 rtu ::/0 4

Which looks like this when you type "ipv6 rt":

::/0 -> 4/2001:470:1f00:367::1 pref 0 life infinite (manual)

This basically says, if you don't know where to go, use Interface 4, address 2001:470:1f00:367::1 as your gateway.

Lastly, I just needed to turn on IPv6 forwarding on the correct interfaces. This was tricky because I didn't know which interface needed IPv6 forwarding. There are multiple interfaces such as a 6to4 interface, a Pseudo Tunnel interface, as well as the actual ethernet interfaces.

By trial and error, I was able to get the correct configuration. I enabled forwarding on the 6to4 Interface assigned with my IPv4 Internet interface as well as the Ethernet interface (called Home) which is on the eth network.

ipv6 ifc 6 forward
ipv6 ifc 5 forward

This allows packets to be forwarded from the eth network to the IPv6 Internet and back to the eth network again.

Whats cool is that I can now reach my WinXP host which sits on a private IPv4 network (192.168.0.x) directly through the IPv6 internet (2001:470:1f00:367::2) without doing any port forwarding or anything special in general!

Now, I truely have end-to-end connectivity.
Cool!

Here are the snapshots of both boxes IPv6 interfaces and the route tables.

Win2k box:

C:\WINNT>ipv6 if
Interface 6 (site 1): 6-over-4 Virtual Interface
uses Neighbor Discovery
forwards packets
link-level address: 24.154.21.2
preferred address fe80::189a:e7e3, infinite/infinite
multicast address ff02::1, 1 refs, not reportable
multicast address ff02::1:ff9a:e7e3, 1 refs, last reporter
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 28500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 5 (site 1): Home
uses Neighbor Discovery
forwards packets
link-level address: 00-0c-6e-3d-61-ee
preferred address 2001:470:1f00:367::1, infinite/infinite
preferred address fe80::20c:6eff:fe3d:61ee, infinite/infinite
multicast address ff02::1, 1 refs, not reportable
multicast address ff02::1:ff3d:61ee, 1 refs, last reporter
multicast address ff02::1:ff00:1, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 128
reachable time 33000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 4 (site 1): Internet
uses Neighbor Discovery
link-level address: 00-26-54-0e-42-86
preferred address fe80::226:54ff:fe0e:4286, infinite/infinite
multicast address ff02::1, 1 refs, not reportable
multicast address ff02::1:ff0e:4286, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 128
reachable time 29000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 3 (site 1): 6-over-4 Virtual Interface
uses Neighbor Discovery
link-level address: 192.168.0.1
preferred address fe80::c0a8:1, infinite/infinite
multicast address ff02::1, 1 refs, not reportable
multicast address ff02::1:ffa8:1, 1 refs, last reporter
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 31000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 2 (site 0): Tunnel Pseudo-Interface
does not use Neighbor Discovery
link-level address: 0.0.0.0
preferred address 2001:470:1f00:ffff::217, infinite/infinite
preferred address ::24.154.231.227, infinite/infinite
preferred address ::192.168.0.1, infinite/infinite
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 0ms (base 0ms)
retransmission interval 0ms
DAD transmits 0
Interface 1 (site 0): Loopback Pseudo-Interface
does not use Neighbor Discovery
link-level address:
preferred address ::1, infinite/infinite
link MTU 1500 (true link MTU 1500)
current hop limit 1
reachable time 0ms (base 0ms)
retransmission interval 0ms
DAD transmits 0

C:\WINNT>ipv6 rt
2001:470:1f00:367::/64 -> 5 pref 0 (lifetime infinite)
::/0 -> 2/::64.71.128.82 pref 0 (lifetime infinite, publish, no aging)

WinXP:

C:\Documents and Settings\Administrator>ipv6 if
Interface 4: Ethernet: Wireless Network Connection
{83601622-4843-4852-B8F9-9543C6288725}
uses Neighbor Discovery
uses Router Discovery
link-layer address: 00-90-96-38-ad-c6
preferred global 2001:470:1f00:367::2, life infinite (manual)
preferred link-local fe80::290:96ff:fe38:adc6, life infinite
multicast interface-local ff01::1, 1 refs, not reportable
multicast link-local ff02::1, 1 refs, not reportable
multicast link-local ff02::1:ff38:adc6, 1 refs, last reporter
multicast link-local ff02::1:ff00:2, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 128
reachable time 43000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 3: 6to4 Tunneling Pseudo-Interface
{A995346E-9F3E-2EDB-47D1-9CC7BA01CD73}
does not use Neighbor Discovery
does not use Router Discovery
routing preference 1
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 32500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
Interface 2: Automatic Tunneling Pseudo-Interface
{48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}
does not use Neighbor Discovery
does not use Router Discovery
routing preference 1
EUI-64 embedded IPv4 address: 0.0.0.0
router link-layer address: 0.0.0.0
preferred link-local fe80::5efe:192.168.0.236, life infinite
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 27500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
Interface 1: Loopback Pseudo-Interface
{6BD113CC-5EC2-7638-B953-0B889DA72014}
does not use Neighbor Discovery
does not use Router Discovery
link-layer address:
preferred link-local ::1, life infinite
preferred link-local fe80::1, life infinite
link MTU 1500 (true link MTU 4294967295)
current hop limit 128
reachable time 29000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0

C:\Documents and Settings\Administrator>ipv6 rt
::/0 -> 4/2001:470:1f00:367::1 pref 0 life infinite (manual)
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


Contact Us | Vedova Network | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication