Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Accessing the 6BONE with OS X 10.2 Internet
Support for IPv6 was added to OS X with version 10.2. It is possible to access the IPv6BONE from any host connected to the Internet (provided it isn't behind a firewall blocking IP protocol number 41, IPv6 over IPv4).

This is possible thanks to "anycast 6to4 Relays". These are routers connected to both the Internet and the 6BONE. They advertise their presence by announcing the prefix 192.88.99.1 to other Internet routers. Computers with only IPv4 Internet connectivity can send IPv6 traffic to and from the 6BONE by defaulting to the 6to4 address for the 192.88.99.1 anycast prefix.

Substitute your IPv4 address in the following script, and then runit as root using sudo. Test connectivity with an IPv6 ping like the following:
[ross-Computer:~] ross% ping6 www.kame.net
PING6(56=40+8+8 bytes) 2002:9f86:c423::1 --> 3ffe:501:4819:2000:210:f3ff:fe03:4d0
16 bytes from 3ffe:501:4819:2000:210:f3ff:fe03:4d0, icmp_seq=0 hlim=58 time=349.581 ms
16 bytes from 3ffe:501:4819:2000:210:f3ff:fe03:4d0, icmp_seq=1 hlim=59 time=335.102 ms
16 bytes from 3ffe:501:4819:2000:210:f3ff:fe03:4d0, icmp_seq=2 hlim=59 time=337.292 ms
16 bytes from 3ffe:501:4819:2000:210:f3ff:fe03:4d0, icmp_seq=3 hlim=59 time=332.33 ms
^C
--- apple.kame.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 332.330/338.576/349.581 ms
Read the rest of the article for the script...

Create using your favorite editor and remember to chmod 755 it to make it executable...

#!/bin/sh

# substitute your IPv4 address here
stf_interface_ipv4addr="192.168.100.1"

###############################################
#
# Copyright (c) 2000  The KAME Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD: src/etc/rc.network6,v 1.5.2.13 2001/03/19 09:33:59 ume Exp $
#

IFS="$IFS"
IFS=".$IFS"
set ${stf_interface_ipv4addr}
IFS="$OIFS"
ipv4_in_hexformat=`printf "%x:%x\n" $(($1*256 + $2)) $(($3*256 + $4))`

# Set-up 6to4 interface
ifconfig stf0 inet6 2002:${ipv4_in_hexformat}::1 prefixlen 16 

# Default route to 6to4 address for anycast 192.88.99.0/24 prefix
route add -inet6 default 2002:c058:6301::

# disallow packets to malicious 6to4 prefix
route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject                
route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject                
route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject                
route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
[robg adds: I have not tested this script...]
    •    
  • Currently 2.20 / 5
  You rated: 1 / 5 (5 votes cast)
 
[6,867 views]  

Accessing the 6BONE with OS X 10.2 | 10 comments | Create New Account
Click here to return to the 'Accessing the 6BONE with OS X 10.2' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Accessing the 6BONE with OS X 10.2
Authored by: otsune on Mar 18, '03 10:36:06AM

OS X 10.2 has ip6config command from NetBSD.

vi /etc/6to4.conf
(snip)
$peer="xxx.xxx.xxx.xxx" # 6to4 Gateway
#$peer="6to4.kfu.com"; # USA, West coast
...
(snip)

sudo ip6config start-stf en0
(en0 <- Outbound interface)

http://www.6to4.jp/settings/macosx.html
(in Japanese)



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: Ranger Rick on Mar 18, '03 11:00:28AM

I've got a couple of questions...

First of all, out of curiosity, does this work behind NAT? If so, can I assume I need to list my router's address, and not my own? I've got a linux box between my macosx system and the net.

Second, I looked into ipv6 stuff before, but the part that none of the "getting started" sites on the subject seem to talk about is how do I determine what my ipv6 address is? In ipv4 land, one is assigned to me by my ISP (which, in turn, they got from ARIN). Is there a way to somehow "register" for my own, or does my ISP have to support ipv6 for me to get on the 6bone without being a proxied address?

I've found plenty of information on configuring ipv6 stuff, and I'm perfectly comfortable with finding a way to tunnel to the 6BONE, but I can't seem to find the info on where to actually start if I, as an end user, want to have my own ipv6 address.



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: jgraessley on Mar 18, '03 02:32:53PM

This does not work with NAT. NATs are inherinetly evil devices, this is yet another thing that will not work with NATs.

NATs give you a private address. 6to4 works by turning your IPv4 address in to an IPv6 address by embedding your IPv4 address in the IPv6 address. In doing so, any other device that knows about IPv4 can look at the IPv6 address, see that it's a 6to4 address, and know which IPv4 address to tunnel the packet to. Since your evil NAT gave you a private address, remote devices would have no way to send you a reply, the embedded address is private. Of course, it would never get that far because your NAT wouldn't let the traffic out. NATs only know about TCP, UDP, and ICMP for the most part. 6to4 uses IPv6 over IPv4. Your NAT has no idea what to make of those packets, so it silently drops them on the floor.

The real solution is for the vendors shipping evil NATs (There is no such thing as a NAT that is not evil), to place a 6to4 gateway in their NAT boxes. When you make an IPv6 address from your IPv4 address with 6to4, you actually create a few million addresses, but most of the time, you only use one. A NAT box could be upgraded to support 6to4. It could then distribute IPv6 addresses based on the 6to4 prefix to hosts behind the NAT in addition to using DHCP to give those hosts fake IPv4 addresses. The really cool part of this is that your IPv6 address is globally accessible. Even though there's a NAT standing in your way, you can act like a first class internet citizen.



[ Reply to This | # ]
Accessing the 6BONE through NAT
Authored by: john_e on Mar 19, '03 04:51:41AM

In my opinion, there ARE such things as non-evil NATs. I run a NAT for example, and it works great. I run a webserver and mailserver, and I only have one static IP. I just let my old Cube run the Network Address Translation Daemon (natd), and also automatically forward most ports to my PowerBook G4s internal IP. This means I can host a game of Ghost Recon on my PB G4 with the internal address (in the 192.168 space) and people from outside can join.

I don't know much about IPv6, but as far as I can tell 6to4 seems to be more like a protocol which uses a standard port (41?) to send packets encoded in a special way (like AppleTalk over TCP/IP). When a 6bone router receives this packet, it decodes it and sends it out on the 6bone.
Since you made the connection through your NAT, the NAT knows that it should return packets on the OPEN port (whatever, say 31000) to your computer with the internal address.

So, correct me if I'm wrong but a NAT shouldn't be that big of a problem really. Better with REAL IPs, sure, but since they're in short supply (until 6 has replaced 4) a NAT can sometimes be a solution.



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: otsune on Mar 18, '03 09:07:30PM

http://www.6to4.jp/settings/nat.html
(in Japanese)

1)An NAT function can be statically defined to a protocol 41 (IPV6/IPV4) (Transparent it can do).
2)Pseudo Port mapping is carried out and it manages.
It is necessary to have a function



[ Reply to This | # ]
Router?
Authored by: englabenny on Mar 18, '03 11:43:48AM

It might be I am asking the same question as somebody else does in the reply above, but does my Netgear router support this?



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: n9yty on Mar 18, '03 01:01:13PM

I tried it here on a network with a Linux firewall (using ipchains), and access via a Graphite Airport base station.

No Go.

However, if I switch to a wired connection, it worked fine, so I can only assume that the problem here is the Graphite Airport base station.



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: n9yty on Mar 18, '03 01:05:05PM

MY BAD

When I tested it the second time, on a wired connection, I used ping instead of ping6, so of course no magic was needed and it worked. I just re-tested using ping6 and it still doesn't work even on a wired setup, so it may not be related the Graphite Airport base station after all.

SORRY!



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: k0fcc on Mar 18, '03 02:49:12PM

Here's another arcticle on this subject:

http://www.aaronsw.com/weblog/000831



[ Reply to This | # ]
Accessing the 6BONE with OS X 10.2
Authored by: cynikal on Mar 18, '03 10:45:00PM

of ie, mozilla and chimera, only mozilla seems to be able to browse to IPv6 addressed websites.. try it yourself

[ Reply to This | # ]