Switching to Solaris 10 as Router

I just switched my network router from an aging PC running OpenBSD to an ageing UltraSparc running Solaris 10. So time to see how to fix the firewalls and routing from Solaris.

At the moment I use SixXS for IPv6 connectivity using a heartbeat tunnel which uses their aiccu program to authenticate the tunnel and keep it configured. This works fine on the OpenBSD box but the current incarnation is core dumping on Solaris at the moment. So I thought I'd see about configuring a 6to4 route until I get the tunnel sorted out.

Here is how it works to set up the interface and route:

sudo ifconfig ip.6to4tun0 inet6 plumb
sudo ifconfig ip.6to4tun0 tsrc 80.195.237.20 \
    2002:50c3:ed14:0:0:c0ff:fe00:1/64 up
sudo 6to4relay -e

There is a little magic in here. First we must plumb the right kind of interface. Next we attach the tunnel interface to our external ipv4 interface by providing our ipv4 address as the source for the tunnel. The ipv6 address given here is the 6to4 representation of the ipv4 address in the first 64 bits followed by a host specific part in the second 64 bits. You can also write such addresses as 2002:80.195.237.20::1/64 (at least sometimes you can write them this way). A quick Tcl script to get the long version is:

package require ip
ip::normalize 2002:80.195.237.20::1

The final command configures the routing. This arranges to route to the 2001::/16 network via a 6to4 relay router. The actual address used is an anycast address defined in RFC3068 and uses your closest such router automatically. Note that Solaris has disabled 6to4 relaying unless you run this command. You cannot just configure the route yourself. (As I eventually discovered). Without enabling the 6to4 relay you can route to other sites using 6to4 (2002::/16) but not to any real ipv6 sites (2001::/16).

• SiXXS Ipv6

Copyright © 2006 Patrick Thoyts