The Actiontec is underpowered and if you put too many hosts behind it will run out of memory for its NAT tables and your connectivity goes to hell. My router is a D-Link not a Linksys. When I last upgraded my home router, the D-Links were plainly v6 capable; the Linksys may or may not have been, but if so, it wasn't on the box and since my old router was suffering from hardware problems, I wasn't really in the mood to go out to Linksys' web site and dig around to hopefully find out. That and Cisco has irritated me with their abandonment issues. My old Linksys was still running draft N code and hadn't seen a firmware update in two plus years. Five minutes after getting the D-Link up and running, I did have my HE tunnel though, which is nifty. As far as the firewall goes, it is doing SPI on both v4 and v6 with a default deny rule for all unrequested traffic. Jamie -----Original Message----- From: Harry Hoffman [mailto:hhoffman@ip-solutions.net] Sent: Wednesday, June 08, 2011 8:00 AM To: Jamie Bowden; 'NANOG list' Subject: RE: IPv6 day fun is beginning! I have the same setup as you, except a Linux box that does the firewalling. The actiontec is pretty bad-ass, hardware-wise, and latest firmware versions give you a bit more freedom. Eth0 is the public addr and eth1 is the private addr. On Eth1 I've got a address from the routed /48 and then everything behind eth1 also gets addrs in that /48. (Maybe a firmware update is available for the Linksys? Or open/dd wrt). One thing to note, if you're not doing ipv6 filtering at the router. TCP/135 is open by default on a Windows 7 laptop here so if you're not filtering at the laptop then you're potentially allowing the world to access that port. Cheers, Harry -----Original Message----- From: Jamie Bowden [mailto:jamie@photon.com] Sent: Wednesday, June 08, 2011 7:40 AM To: NANOG list Subject: RE: IPv6 day fun is beginning! Thanks to HE's tunnel broker service, I've got fully functional dual stack at home (well, mostly, like most folks, VZ gives me a single address and I live behind that with NATv4, but otherwise, I loves me some FiOS) and yesterday went by for me without a hitch, including accessing Facebook (I'd hear from the wife and kid really quickly if they weren't working). For a working tunnel, I put my DIR-825 as the "DMZ" host behind the cheesy Actiontec router VZ requires, forward all traffic with zero firewalling to it, and let the D-Link appliance handle all my firewall needs (and it terminates my v6 tunnel obviously). The one thing I haven't quite figured out how to make it do (and maybe it's just not capable) is use the /48 HE routes to me. The box insists that the internal interface be on the same subnet as the external, and it hands out v6 addresses from that /64. Jamie -----Original Message----- From: Jared Mauch [mailto:jared@puck.nether.net] Sent: Tuesday, June 07, 2011 7:15 PM To: Iljitsch van Beijnum Cc: NANOG list Subject: Re: IPv6 day fun is beginning! On Jun 7, 2011, at 7:13 PM, Iljitsch van Beijnum wrote:
www.facebook.com has AAAA but doesn't load for me over IPv6, it does for others though
If you go to www.v6.facebook.com it works, but it seems they have some problem on their main site. I am seeing some issues reaching them over IPv6. - Jared