ip46nat Universal IPv4-IPv6 translator User's Guide
Contents
1. Af O s 49 UNIA EUROPEJSKA IN N OWACYJ NA MiG irsEcs dente dried ER SE EUROPEJSKI FUNDUSZ GOSPODARKA PEN ROZWOJU REGIONALNEGO e NARODOWA STRATEGIA SPOINOSCI e lo ip 46nat v4 after 6to4 pcap Wireshark NAG File Edit View Go Capture Analyze Statistics Help El m Byl eu amp x 9 amp Q a gt gt GG 1 v V ter Filter v 4 Expression Expression wczy w Y Zastosuj No Time Source Y Destination Protocol Jl Info 12 53 409263 192 108 1 10U IU 3U 1 Z IUMPVG Ecno request 13 53 629146 192 168 1 100 10 30 1 2 ICMPv6 Echo request U 14 53 849282 192 168 1 100 TE gt A ICMPv6 Echo request 15 54 049178 192 168 1 100 10 30 1 2 ICMPv6 Echo request 16 54 269316 192 168 1 100 18 30 1 2 ICMPv6 Echo request 17 54 469209 192 168 1 100 10 30 1 2 ICMPv6 Echo request gt 17 CA CEOOOCA IAN 120 1 7 MN 1A 1 T OMM Z Maha i P Frame 14 98 bytes on wire 98 bytes captured b Ethernet II Src Cisco Li bc 41 2a 00 1d 7e bc 41 2a Dst Ibm 12 66 88 00 11 25 12 66 88 v Internet Protocol Src 192 168 1 100 192 168 1 100 Dst 10 30 1 2 10 30 1 2 Version 4 Header length 20 bytes b Differentiated Services Field OxOO DSCP Ox00 Default ECN 0x00 Total Length 104 Identification Ox3000 12288 b Flags 0x04 Don t Fragment Fragment offset O Time to live 63 Protocol ICMPv6 Ox3a P Header checksum Ox3e30 correct Source 192 168 1 100 192 168 1 1002. UNIA EUROPEJSKA IN N OWACYJ NA ec e ind jnieria internetu przysz o ci EUROPE I5kKI FUNDUSSA GOSPO DAR KA e ROZWOJU REGIONALNEGO A PBCOIDOeN S E RATE A CD a OLI e e NARODOWA STRATEGIA SPOINOSC e 1 Project overview Goal of this project is to provide an experimental solution for universal IPv4 to IPv6 translator The software is intended to be run on any system with modern Linux Two modes of Network Address Translation NAT are provided translation of IPv4 packets to IPv6 packets NAT46 and reverse translation of IPv6 packets to IPv4 NAT64 The goal of this project is to provide reference implementation for experiments As such also IPv4 over IPv6 tunneling is also provided There are two intended platform to run this software regular x86 PC and an embedded router running OpenWRT system This document describes usage installation and configuration of the software required to setup and run router capable of handling two different post IPv4 traffic types IPv4 to IPv6 translation and IPv4 over IPv6 tunneling Although developed software is delivered mainly in an easier to use compiled form source code is also provided This document describes procedures required to build toolchain used for cross compilation and the compilation of the developed code as well 1 1 Phase 1 IPv4 to IPv6 NAT First approach to the IPv4 over IPv6 network assumes that incoming IPv4 packets will be converted and forwarded as IPv6 IPv4 ad
3. Destination 10 30 1 2 10 30 1 2 v Internet Control Message Protocol v6 Type 128 Echo request Code O Checksum Ox8adc incorrect should be Oxdadc ID Oxd115 Sequence Ox000a b Data 56 bytes 0000 00 11 25 12 66 88 OO ld 7e bc 41 2a 08 00 45 00 f ARE 0010 00 68 30 00 40 OO 3f 3a 3e 30 cO a8 Ol 64 Oa le h0 0 0 d 0 0020 01 02 80 00 8a dc dl 15 00 Oa 82 5b 69 48 22 b5 1H 0030 Od 00 08 O9 Oa Ob Oc Od Oe Of 10 11 12 13 14 15 1111111 Y File home thomson devel ip46nat doc captures ip46nat v4 after 6to4 pcap 14 KB 00 01 19 Packets 135 Displayed E Fig 12 IPv6 packet after reverse translation 8 3 Firewall configuration Due to internal Linux kernel architecture after ip46nat module processes the packet it is not possible to forbid normal Linux IPv4 routing procedures to continue To avoid packet duplication IPv4 packets that are to be translated should be dropped in a postprocessing phase they will be sent as IPv6 only Assuming network configuration as in Fig 11 end user IPv4 segment is on the left side following command may be used to drop packets AFTER being handled by ip46nat iptables t nat 1 POSTROUTING s 10 30 1 0 24 d 10 30 1 0 24 j DROP 8 4 Negative testing Too large IPv4 packets were sent to confirm that no buffer overflow occurs Packets were dropped as expected and appropriate statistic was increased Numerous not matching criteria IPv4 and IPv
4. Dst Netronix 04 a3 24 00 08 54 04 a3 24 Internet Protocol Version 6 P OllO Version 6 0000 0000 Traffic class 0x00000000 0000 0000 0000 0000 0000 Flowlabel 0x00000000 Payload length 64 Next header ICMPv6 Ox3a Hop limit 63 Source 2000 c0a8 164 2000 cQa8 164 Destination 3000 ale 102 3000 ale 102 Internet Control Message Protocol v6 Type 128 Echo request Code 0 Checksum Oxfabc correct ID Oxd115 Sequence OxOOSS P Data 56 bytes 00 08 54 O4 a3 24 OO ld Ye bc 41 2a 86 dd 60 GC OD 00 00 40 3a 3f 20 00 OO OO OO OO OO OO OO 00 1 cO a8 01 64 ao 6 QOO OD QO GO OO 00 OG BE 00 OO Oa le 01 O2 80 OO fa bc dl 15 00 55 92 Frame frame 118 bytes Packets 77 Displayed Fig 11 IPv6 packet before reverse translation Similar tests were performed for IPv6 traffic being translated to IPv4 See Fig 14 for packets before translation and Fig 15 for packets after translation Please note that to have packets transmitted both its source and destination address should be legitimate i e routing should be configured for such packets For example IPv6 packet src 2000 1 dst 2000 c0a8 164 will be translated to IPv4 packet src 0 0 0 1 dst 192 168 1 100 Although destination address is valid source address is not and thus ip46nat will not be able to find appropriate route and will drop the packet This error case will be logged accordingly There is also separate statistic for this condition
5. Oo o Ng Continue with normal kernel installation See numerous installation help documents available here http www google com search q linux kernel installation 7 3 ip46nat kernel module as an ipk package To make ip46nat available from the OpenWRT configuration menu download selected OpenWRT source see section 7 1 and apply ip46nat openWRT patch patch p0 ip46nat openwrt 12386 patch After successful patching ip46nat module is available in the Kernel modules gt Network support gt kmod ip46nat Select it as a module See Fig 7 GOSPODARKA e ie ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SPOINOSCI e YT LJ UNIA EUROPEJSKA N N OWACYJ N A ce inzunierie internetu przysztosci EUROPEJSKI FUNDUSZ 0 Terminal Fig 7 ip46nat being selected in OpenWRT configuration menu 7 4 dibbler software Dibbler software may be compiled for various systems Windows Linux or even embedded environment In this section instructions regarding Linux compilation are provided For details regarding OpenWRT cross compilation please see next section Details regarding dibbler compilation are described in the Dibbler User s Guide available on the project website http klub com pl dhcpv6 Advanced topics are also discussed in Dibbler Developer s Guide also available on the same website To compile dibbler download and extract latest sources Dibbler constists of several entities server client relay and requestor To
6. e STM AIR 2 0 UNIA EUROPEJSKA N N OWACYJ NA e i rris jmieria imtermetu przysz o ci EURZPE JE FURIOUS GOSPODARKA e i ROZWOJU REGIONALNEGO AP OMA UA E RATEC N SPI OSCI e e MARODOWA STRATEGIA SPOINOSC e 8 IPv4 to IPv6 NAT Phase 1 testing This section provides report from the phase 1 validation It may also serve as a proof of concept For the testing purposes LinkSys will be referred to as DUT Device Under Test Most tests were performed in a configuration where 2 PCs were connected via DUT This scenario is presented in Fig 8 below eth0 0 etho 10 30 1 2 24 10 301 1 24 192 168 1 1 24 192 168 1 100 24 Linksys 2000 1 64 2000 c0a8 1 64 64 delegated prefix Pel 3000 64 PC2 Fig 8 Test network 8 1 IPv4 to IPv6 traffic IPv4 packets were transmitted from the PC1 Single ICMPv4 packets were sent Fig 12 contains network captures of such packets IPv4 packets after translation they are IPv6 packets are presented in Fig 13 Please note that those IPv6 packets still carry ICMPv4 protocol data As packets size after translation increase there is a size limit of the maximum IPv4 packets that may be translated Translation adds extra 20 bytes so maximum packet size is 1480 To transmit such packets following command may be used ping s 1452 192 168 1 100 Note that ping command uses s size parameter to specify ICMPv4 protocol payload That is increased by ICMP header 8 bytes
7. and IPv4 header 20 bytes Therefore 1452 8 20 gives 1480 Any packets larger that this will be dropped by ip46nat module To avoid such drops the reasonable course of action is to limit MTU of the transmitting device Also to help debugging such cases ip46nat has dedicated statistics for too large IPv4 packet drops e JN JA YE UNIA EUROPEJSKA IN NOWACYJ NA Gee GiG internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA P i ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SP JNO CI e ip46nat v4 before 4to6 pcap Wireshark File Edit View Go Capture Analyze Statistics Help TETTERE BOGFI 2 riter y dp Expression d Wyczy v Zastosuj No Time Source Destination Protocol Info 10 30 1 2 10 20 1 1880 Echo ping request 2 4 99 448 Ibm 12 66 88 Cisco Li bc 41 2a ARP who has 10 30 1 1 Tell 10 30 1 2 3 4 997902 Cisco Li bc 41 2a Ibm 12 66 88 ARP 10 30 1 1 15 at 00 1d 78 bc 41 23 Frame 1 98 bytes on wire 98 bytes captured Ethernet II Src Ibm 12 66 88 00 11 25 12 68 88 Dst Cisco Li bc 41 2a 00 1d 7e bc 41 2a Internet Protocol Src 10 30 1 2 10 30 1 2 Dst 10 20 1 100 10 20 1 100 Version 4 Header length 20 bytes Differentiated Services Field 0x00 DSCP 0x00 Default ECN 0x00 Total Length 84 Identification 0x0000 0 Flags 0x04 Don t Fragment Fragment offset Time to live 64 Protocol ICMP 0x01 Header checksum 0x2412 correct Source 10 30 1 2 10 30 1 2 Destinatio
8. packets Source IPv6 address will belong to the M prefix v6prefixm parameter used during kernel module insertion and will contain source IPv4 address embedded on 4 least significant octets Destination IPv6 address will belong to the P prefix v6prefixp parameter used during kernel module insertion and will contain destination IPv4 address embedded on 4 least significant octets If incoming IPv6 packet meets those criteria it will be converted to IPv4 packet Header checksum will be calculated TTL will be decreased and packet will be sent For converted IPv4 packet to be transmitted successfully IPv4 forwarding must be enabled IPv4 routing must also be configured See section 4 for details 6 4 Firewall Limiting extra traffic Internally IPv4 to IPv6 NAT works as an extra packet handler It means that each incoming packet may receive extra handling i e conversion to IPv6 or IPv4 Regardless of the outcome process matches specified criteria or not it is still being processed by the kernel in a normal way For example when criteria matching IPv4 arrives there will be actually 2 new packets transmitted first IPv4 packet according to normal routing and second IPv6 packet generated by the ip46nat module To avoid this behavior iptables filtering may be used See section 7 1 for example 6 5 IPv4 over IPv6 Tunneling After ip6 tunnel module with all required dependencies is loaded it is possible to configure IPv4 over IPv6 tunne
9. to distribute addresses and configuration parameters to other nodes Kernel modules are also handled as ipk packages To distinguish between user space software and kernel modules the latter use kmod prefix Here is a list of useful kernel modules kmod ipv6 module that provides IPv6 capability kmod ip46nat provides IPv4 to IPv6 NAT functionality kmod ip6 tunnel provides IPv4 over IPv6 tunneling Requires iptunnel6 module to be present kmod iptunnel6 this module is required by ip6 tunnel It also requires IPv6 module iptables firewall and advanced routing tool ip6tables IPv6 version of the iptables For information how to compile additional software see section 7 Also keep in mind available space on the device Use df h command if necessary According to OpenWRT homepage when base partition is full various errors start to appear and firmware may get corrupted c INNOWACYJNA t A UNIA EUROPEJSKA ce A internetu przysz o ci EUROPEISEI FUNTDAJSZ GOSPODARKA el i ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SP JNO CI e 4 PC Linux Installation This section describes installation process on a regular PC running Linux system TODO c IA a UNIA EUROPEJSKA N N OWACYJ NA ec se b Jnierie internetu przysz o ci EUROPE ISEKI FUNDUSZ GOSPODARKA e i ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SPOINOSCI e 5 Network configuration Before attempting to perform configuration it i
10. uj um uU uu u uw uj uj uv uj u tui HHHH OQ UO a DO CE CF CET CT T CE ET T dd cT T CF ct cU cr FF II II II II II II II II II II II I II II I II I Hip i f fi f f f bb bb RR RR RR RR Re A Fh Fh Fh Fb Fb Fb Fb Fb Hh F5 Fb Fb Fb Fb Fb Fb Eh ca uj t Uu M 1 uj uj t uo uj ug ug uo uv t 005 f S Ok G bls G 51 Ob Ob Ob bb OL 1 LL E T A y ee ls uus mmu cee sl e mes n sl Jam mue zam xm mmus unn as 5 NAT module unloaded root OpenWrt lib modules 2 6 23 Fig 13 Statistics after some traffic 8 7 Test conclusion Developed software while being remotely configurable via DHCPv6 is able to translate IPv4 to IPv6 efficiently Reverse traffic is also handled properly Although no end user solution was provided all building blocks for experienced user are provided accompanied with documentation that explains how to achieve the ultimate goal by executing all intermediate steps Such maturity level is adequate for the intended status of the product a research prototype intended for laboratory experiments c Y YE UNIA EUROPEJSKA INNOWACYJNA ee inzunierie internetu przysz o c EUROPEJSKI FUNDUSZ GOSPO DAR KA e 3 e ROZWOJU REGIONALNEGO e c e NARODOWA STRATEGIA SPOINOSCI e 9 IPv4 over IPv6 tunneling Phase 2 testing IPv4 over IPv6 validation can be split into 2 parts traffic validation and remote configuration validation For a re
11. 0 0000 0000 0000 0000 0000 Flowlabel 0x00000000 Payload length 64 Next header ICMP 0x01 Hop limit 63 Source 2000 ale 102 2000 ale 102 Destination 3000 a1l4 164 3000 al4 164 v Internet Control Message Protocol Type 8 Echo ping request Code O Checksum Oxcaed correct Identifier 0x0016 Sequence number 1 0x0001 P Data 56 bytes m 00 08 54 04 a3 2 7e bc 41 2a 86 dd 60 OO OO OO 40 01 31 2 OO OO OO OO OO OO OO OO OO Oa le 01 O2 OO OO OO OO OO OO OO OO OO Oa 14 Ol ca ed 00 16 00 O1 f5 Frame frame 118 bytes 1 Packets 7 Displayed Fig 10 IPv4 packets after IPv4 to IPv6 translation ces e IKINICYU WI 3 87 UNIA EUROPEJSKA IN NOWACYJ NA ec W nzunierie internetu przysz o ci EURGOPEJISKI FUNDUSZ GOSPODARKA e 3 ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SPOINOSCI e 8 2 IPv6 to IPv4 traffic ipd46nat before 6to4 pcap Wireshark File Edit View Go Capture Analyze Statistics Help Wad 8 OO 0OHG8 OG 508 Ed riter 0 T 4 Expression wyczy wyczy Y Y Zastosuj No Ji Time J Source J Destination Protocol I Info 3 736900 oe ds ICMPv6 Echo request request 959488 X ag i ICMPv6 Echo request 976883 J cDaB 16 3000 ale 102 ICMPv6 Ec request n 159444 e a AI ICMPv6 request 176821 COaB OOO ICMPv6 request Frame 47 118 bytes on wire 118 bytes captured b Ethernet II Src Cisco Li_be 41 2a 00 1d 7e bc 41 2a
12. 000 100 2000 100 Destination 2000 1 2000 1 Internet Protocol Src 192 168 2 100 192 168 2 100 Dst 10 10 10 73 10 10 10 73 Transmission Control Protocol Sre Port http 80 Dst Port 49233 49233 Seq 1 Ack 357 Len 397 Hypertext Transfer Protocol Line based text data text html Traffic class OxO00000000 Flowlabel 0x00000000 v Y WU 6d Gc 3e 3c E 64 79 3e 3c 68 31 e lt html gt lt b ody gt lt h1 gt 77 6f 72 F 3c 2f 68 31 3e 3c 2f It works lt hl gt lt 79 3e 3c 2f 68 7 Sc 3e 0 body gt lt h tml Frame 491 bytes Uncompressed entity body 45 bytes Line based text data data text lines 45 bytes Packets 32 Displayed Pro Fig 17 HTTP traffic over IPv4 over IPv6 e REM AJACVIAL P e 2 UNIA EUROPEJSKA N N OWA CY NA e Es rris jmieria imtermetu przysz o ci EUROPEISKE FUNDUSZ GOSPODARKA e 3 ROZWOJU REGIONALNEGO Gr ml re op e e o NARODOWA STRATEGIA SPOINOSCI e 10 Source code This section discusses internal architecture for developed or extended software 10 1 Code overview for ip46nat module ip46nat module was developed from scratch Since there is one specific use of its operation all module parameters are specified during module loading Module loading operation is handled by the hello init function It checks if all required parameters are provided and well formed After the check is successful it calls register handlers function Most pack
13. 6 packets were sent None of them was ever translated For easier debugging ip46nat module prints every packet that is received its source and destination address with values of configured filter Packets matching criteria are c Y YE UNIA EUROPEJSKA INNOWACYJNA ee inzunierie internetu przysz o c EUROPEJSKI FUNDUSZ GOSPO DAR KA e 3 e ROZWOJU REGIONALNEGO i e c e e NARODOWA STRATEGIA SP JNO CI labeled with asterisk 8 5 Performance testing To make sure that the device is being able to handle heavy traffic biggest possible 1480 packets were transmitted in an continuous manner After prolonged traffic handle the device behaved normally See Fig 14 for statistics after such testing 8 6 Statistics As specified in Fig 14 there are several statistics implemented They may be used for overall operation measurements They are printed after module is unloaded To see them use dmesg command It seems useful to filter dmesg s output e g Using tail 30 command OpenWRT 066 Plik Edycja widok Terminal Karty Pomoc 23 174 rmmod ip46nat ko Wrt lib module 17 259 tail 30 revd FE 1 8 1 100 100 100 i o far f ar D f ar o far H HHHHHHHHHHH OG A GO Q GQ E ooking ooking ooking ooking ooking ooking ooking ooking ooking 2 0 Me l 1 L 1 1 l dh MA e MED n ND ES JED E Eo EG n n Ht HH nn DN H ca uj t t um ou 1 u uj 0 1 m uU
14. 9 1 1 19 19 1 1 P Internet Control Message Protocol nn 8 0105 50 ao aao OO j Ga O OO 00 20 G0 00 GO GO OO GO OO OG PIET VI Internet Protocol Version 6 ipv6 40 bytes Packets Pro Fig 16 ICMP transmission observed on Wireshark wt After basic functionality was confirmed web server was started on PC2 PC1 has been configured to use DUT as a default gateway Also DUT has its default route configured via tunnel Tt is possible that client PC1 10 10 10 73 is able to reach its destination 192 168 2 100 as confirmed with the ping interface After starting web browser on the PC1 it was possible to connect to the PC2 and download web page content This transmission was captured using Wireshark That traffic is depicted in Fig 17 below That scenario concluded traffic handling validation e INI Co Se UNIA EUROPEJSKA IN NOWACY NA Ges ss internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA PZ ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SP JNO CI e E ipip6 tunneling pcap Wireshark BAS File Edit View Go Capture Analyze Statistics Help 10 10 10 73 P Frame 20 491 bytes on wire 491 bytes captured b Ethernet II Src Netronix 04 a3 24 00 08 54 04 a3 24 Dst Cisco Li bc 41 2a 00 1d 78 bc 41 2a Internet Protocol Version 6 b OllO Version 6 0000 0000 R sie Gee asd da 0000 0060 0000 0000 0000 Payload length 437 Next header IPIP 0x04 Hop limit 64 Source 2
15. AT Overview To perform IPv4 to IPv6 NAT a separate kernel module have been developed Although it would be possible to achieve similar functionality in the user space kernel module provides the best efficiency For the easiness of installation it is being distributed as a ipk package Please install it as any other ipk packages ipkg install kmod ip46nat_2 6 25 16 brcm4 xx 1_mipsel ipk After installation is complete ip46nat kernel module may be loaded using following command insmod lib modules 2 6 25 16 ip46nat ko v6prefixm 2000 v6prefixp 3000 v4addr 10 10 1 0 Module reports its operation using normal kernel messages To see kernel output dmesg command may be used It also appears to be useful to filter dmesg output using tail command For debugging purposes ip46nat module prints information about every incoming packet and configured pattern After module is loaded it will start printing information about all received IPv4 and IPv6 traffic Packets that c IR EJ UNIA EUROPEJSKA N N OWACYJ NA e A In jmieria imtermetu przysz osci EWROPESS EI FLINTLIS E GOSPODARKA SE ROZWOJU REGIONALNEGO jA OH AL A E ATE h Es AT e MARODOWA STRATEGIA SPOINDOSE e match configured criteria are marked using When match is found packet will be recoded and transmitted To see last 10 messages use following command dmesg tail 10 After module is loaded it reports operation readiness and begins to filter i
16. INNOWACYJNA e 2 UNIA EUROPEJSKA ce in ynieria internetu przusztosci EUROPEJSKI FUNDUSZ GOSPODARKA ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SPOINOSCI e ip46nat Universal IPv4 IPv6 translator User s Guide Author Tomasz Mrugalski Gda sk University of Technology date 2010 09 20 e a Y AI 2 ot UNIA EUROPEJSKA GOSPODARKA Zn a NARODOWA STRATEGIA SPOINOSCI e Table of contents L PONNI 4 Ll Phase 1 PE GIPS NA Lascano 4 1 2 Phase 2 1Pv4 over Pb UNE sumida 4 gt PrOTECESta i Lc 5 1 I MILD R 5 22 ET 010 SON Ys ET Emm 5 SEORSIM Ce Ut 6 Sl Goo 110610 GE SEE 6 3 2 Firmware upgrade using original web interface cccooonccnnccnocnnnononocnnonanonononanonnnonanononos 7 3 3 Firmware upgrade using linux CONSOTE oooccccconoccnncnnncnnnonnnconnnnoncnnnonononononononnnonarononononos 8 TENT vr 9 35 Enabling DOOL Wait Ne 10 As E O A 10 37 WOK PAP EE EEE ES A 11 20 PN NNN 11 A co AAAA AAAA A ESA AAAA 13 5 Network configuration aaa Aa radia ara wyd A vase Ub it 14 6 MN 14 6 1 Ip46nat IPv4 to IPv6 NAT Overview r srrnarnnernnrrnnrrnnernnernnvrnsvnnevnnernnernnernnernsvnnsvnnsnnnennnennnenee 14 6 2 ip46nat IPv4 to IPv6 NAT Operation eeaae aaa aaa aaa aaa aaa aaa aaa aaa aaa aaa aa rennes nnns 15 6 3 ip46nat IPv6 to IPv4 NAT Operation r rrrnernnnrnnnrnnnennvrnnsrnnsrnnvnnnvnnnenn
17. Pv4 address set to 192 168 1 1 is a LinkSys default setup It reverts to this configuration after every firmware upgrade Also it is its default factory configuration 3 2 Firmware upgrade using original web interface s1ojnduio 2S3 3 Cisco Systems LINKSYS Wireless G A Division of Cisco Systems Inc Broadband Router With 4 Port Switch op ANE AMA A U ES oven Made in China rra Ownership 1D Ml MI a m woorroet 9007 5 8119 Device ID Fig 2 LinkSys device model check Before attempting to install Linux on LinkSys device make sure that this particular model is supported Please consult http wiki openwrt org TableOfHardware Note that even small deviations are important Sometimes version 1 0 and 1 1 are quite different See Fig 2 for example how to check your particular model In general at least 4MB flash and 16MB ram is required Linux installation on Linksys is being performed as a firmware upgrade During the first installation original web interface provided by LinkSys should be used From PC using the same address space see section 3 1 use web browser to connect to your LinkSys web interface See Fig 3 below Select appropriate firmware image i e file that ends with squashfs bin and is corresponding to the name of used device There are some sanity checks in the firmware upgrade procedure but using wrong image may result in rendering the router unusable You may want to check supported hard
18. alistic test environment 2 PCs were connected to the DUT PCi is a end user s equipment Vista PC PC2 is a operator s server Linux PC This architecture is presented in Fig 14 PC2 also acts as a web server It has configured IPv4 over IPv6 tunnel There is extra IPv4 address 192 168 2 100 assigned to the tunnel 192 168 2 100 ipip tnil br lan et O 192 168 1 1 24 197 168 1 100 74 Linksys 2000 1 64 2000 1 00 64 PC Fig 14 IPv4 over IPv6 testing infrastructure 9 1 Traffic validation Goal of this test was to validate if DUT is handling IPv4 over IPv6 traffic properly Tunnel on DUT was configured according to description in section 7 6 It receives incoming IPv4 packets on the eth0 1 from the 10 10 10 0 24 class That traffic is encapsulated in IPv6 packets and sent via br lan interface Returning IPv4 packets are received on the br lan To simulate real destination PC2 has extra IPv4 address 192 168 2 100 assigned to the ipip tni interface local name for the tunnel interface Tests started with simple ICMP messages Pings were sent from the DUT to PC2 This exchange is presented in Fig 15 mc usr src linux source 2 6 25 oe e br Jdevel dibbler 0 7 2 ia32 doc root OGpenWrt ip 6 tunnel add fo ode ipipb local 2000 1 remote 2000 100 enr JpenWrt ip link set up foo roo Te pene ip addr add 10 10 1 1 24 dev foo re ot JpenWrt 4 ping 10 10 1 100 E 5 b ING t 10 1 100 10 10 1 1200 d
19. ata bytes 54 by s from 10 10 1 100 sec y tl264 time 1 545 ms EE ba es from 10 10 1 106 seq 1 ttl G4 time 1 081 ms 54 ba s from 10 10 1 100 seq 2 ttl Gd time 1 083 ms dt s dE mE ping i packe ro i trip min peer mas f otai JpenWrt E ping 10 10 1 100 Fig I 5 ping from DUT via IPv4 over IPv6 The same ICMP echo reply interaction was captured using Wireshark tool That is presented in Fig 16 below e NNOWV WH e c UNIA EUROPEJSKA IN NOWACYJ NA eec du internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA el 3 ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SP JNO CI e Untitled Wireshark File Edit View Go Capture Analyze Statistics Help v dP Expression c Zastosuj 11 4 475734 108 180 1 1 15 16 1 160 I CMP Echo ping request 12 4 475795 10 10 1 100 10 18 1 1 ICMP Echo ping reply 15 5 476518 10 10 1 1 10 10 1 100 ICMP Echo ping request 16 5 ATRRAT IA TA 1 TAA TA 10 1 1 T CME Fehn minal ranlv P Frame 12 138 bytes on wire 138 bytes captured b Ethernet II Src Netronix 04 a3 24 00 08 54 04 a3 24 Dst Cisco Li_be 41 2a 00 1d 7e bc Internet Protocol Version 6 P 0110 Version 6 0000 0000 saus Traffic class 0x00000000 de 0000 0000 0000 0000 0000 Flowlabel Ox00000000 Payload length 84 Next header IPIP 0x04 Hop limit 64 Source 2000 100 2000 100 Destination 2000 1 2000 1 b Internet Protocol Sre 10 10 1 100 180 19 1 100 Ost 19 1
20. bin mode octet gt sent WRQ lt file openwrt wrt54g squashfs bin mode octet gt sent WRQ lt file openwrt wrt54g squashfs bin mode octet gt received ACK lt block 0 gt sent DATA lt block 1 512 bytes gt received ACK lt block 1 gt sent DATA lt block 2 512 bytes gt received ACK lt block 3592 gt sent DATA lt block 3593 32 bytes gt e i IA e e UNIA EUROPEJSKA N N OWACYJ NA ec Se b jnieris internetu przysz o ci EWROPEISE FUNDUSZ GOSPODARKA ew 3 ROZWOJU REGIONALNEGO m PL mp a piu e e e NARODONV A STRATEGLA SPOINDOSE received ACK lt block 3593 gt Sent 1839136 bytes in 15 1 seconds Note bin images are expected to be uploaded via TFTP not the raw trx images Attempt to upload trx image or in fact any other file that does not have proper headers will cause bootloader to reject the file received ACK lt block 0 gt sent DATA lt block 1 512 bytes gt received ACK lt block 0 gt sent DATA lt block 1 512 bytes gt received ERROR lt code 4 msg code pattern incorrect gt Error code 4 code pattern incorrect 3 5 Enabling boot_wait phase Most embedded devices have multi stage boot process After the device is powered up it runs bootloader Its main task is to check if flash memory contains proper firmware load and run it Broken corrupted or non functional firmware may cause the endless loop of firmware loading and reboots or device crash This state of device being unusable is oft
21. compile one or more components issue make command followed by name of the component For example to compile server client and relay following commands may be used tar zxvf dibbler 0 7 2 src tar gz cd dibbler 0 7 2 make server client relay After compilation is complete dibbler server dibbler client and dibbler relay binaries will be available in the current directory Normally dibbler is released under GNU GPLv2 or later license However due to some legal concerns regarding interpretation of the or later part dibbler 0 7 2 was released under GNU GPLv2 only 7 5 dibbler software as an ipk package To compile dibbler for OpenWRT environment several preparatory steps are necessary 1 Checkout packages repository from the OpenWRT project INNOWACYJNA 1 UNIA EUROPEJSKA i Oee inzunierie internetu przysz o ci EURGOPEJISKI FUNDUSZ GOSPODARKA M i ROZWOJU REGIONALNEGO jA OH AL A E ATE h CRH Ar e NARODONV A STRATEGIA SPOINOSE e svn co https svn openwrt org openwrt packages Note that there may be an old dibbler package Do not use it as it is broken 2 Copy or symlink packages libs uclibc directory from packages repository to packages uclibc 4 directory in the OpenWRT repository 3 Download and extract openwrt dibbler 0 7 2 tar gz file Note Those steps are not necessary when using source tree provided on the ip46nat project website After those steps are complete go to the Op
22. dresses will be expanded into full IPv6 addresses using 2 extra mapping prefixes Returning IPv6 packets will be converted back to IPv4 1 2 Phase 2 IPv4 over IPv6 tunneling Second approach assumes that IPv4 packets will be tunneled over IPv6 Every IPv4 packet will be encapsulated in extra IPv6 header Extra steps to configure IPv4 in IPv6 tunnel must be provided like routing configuration e e Oo 2 f UNIA EUROPEJSKA N N OWACYJ NA Qu ro internetu przysz o ci EUROPEJSKI FUN DLS GOSPODARKA SEN ROZWOJU REGIONALNEGO to i e e o NARODOWA STRATEGIA SP JNO CI o 2 Project status 2 1 Latest status For latest status list of tasks already completed work in progress and upcoming tasks see project web page http klub com pl ip46nat Should priorities change during code development please contact Tomasz Mrugalski As of 2010 09 02 both phases are in prototype phase 2 2 Revision history Initial release is planned for December 2010 e NINH CNI O s 9 UNIA EUROPEJSKA N N OWACYJ NA Duns inZunierie internetu przysz o ci EUROPEISEI FUNTDAJSZ GOSPODARKA e 5 e ROZWOJU REGIONALNEGO e NARODOWA STRATEGIA SP JNO CI c 3 OpenWRT Installation This chapter describes installation process on home router devices In particular it provides step by step installation for LinkSys WRT54GL devices Reader may skip this chapter if there is no need to run the software on LinkSys device To complete insta
23. en referred to as bricked There are basically 2 methods of recovering such device 1 Use JTAG connector to upload new firmware 2 Use TFTP to upload new firmware via network As the first option requires hardware modification most if not all LinkSys devices come without JTAG connector so soldering and extra JTAG cable is necessary it is much easier to use TFTP transfer Bootloader may be configured to wait specified period for incoming TFTP packets However this waiting phase delays device boot so vendors often disable this feature Fortunately it can be reenabled To enable boot wait phase use following commands from the command line nvram set boot wait on nvram commit Note this feature works under Linux kernels 2 4 only For that purpose you may want to use any stable OpenWRT firmware that is kernel 2 4 based Once boot wait is enabled it is safe to experiment with new firmware images kernel 2 6 based for example One way to obtain 2 4 based firmware is from OpenWRT homepage http downloads openwrt org kamikaze 7 09 3 6 First connection After performing firmware upgrade it is possible to connect to the router using telnet command Please run following command telnet 192 168 1 1 from a PC console See fig 3 for example session There is no root password Please change root password by issuing passwd command After this operation telnet service will be disabled SSH will be enabled instead Note that ssh requires so
24. enWRT directory There should be following directories docs include package scripts target toolchain tools and some additional files In the package directory there should be among others dibbler and uclibc directories To compile uclibc and dibbler packages please follow instructions from section 7 1 In the OpenWRT configuration menu go to Libraries gt uclibcxx for uClibc and IPv6 gt dibbler server dibbler client and dibbler relay for dibbler packages 7 6 IPv4 over IPv6 tunnel modules Kernel 2 6 25 supports IPv4 over IPv6 tunneling To compile this kernel with module supporting IPv4 over IPv6 tunneling please download and extract 2 6 25 Linux kernel sources Following command may be used for compilation preparation make menuconfig Go to Networking menu then Networking Options and select IPv6 IP in IPv6 tunnel Also select all other required modules After saving changes type make to begin kernel compilation There are numerous tutorials and walkthroughs available on the Internet regarding Linux kernel configuration Two modules will be created ip6_tunnel ko and tunnel6 ko After booting up the kernel those modules may be loaded using following command modprobe ip6 tunnel Compiled modules are supposed to be used in the kernel they were compiled with They may refuse to work with other kernel versions or even with kernels compiled from the same source version but with different parameters
25. et handling in the kernel code is done via handlers Once packet is received from the network all handlers for specific packet type are called In this case there are 2 handlers defined and used ipv4 handler and ipv6 handler Both functions check if the received traffic meet expected criteria i e their address parameters are as expected Once the packet is checked and is considered to perform NAT one of 2 separate functions is called ipv4 send as ipv6 or ipv6 send as ipv4 In both cases packet header is rewritten TCP UDP checksum recalculated and routing for a new packets is selected If the routing is present packet is finally sent Missing routing may means that e there is no routing configured for this destination address e Packets using 0 0 x x class as a source address will not be sent e Traffic forwarding is not enabled 11 Best practices and debugging tips This section provides recommendations useful observations and best practices e Before you start any risky firmware upgrade make sure that boot wait is enabled see section 3 5 Firmware with Linux kernel 2 4 is required e Network configuration is specified in the etc config network file It contains information regarding port assignments used IPv4 addresses and vlan assignments For details see section 4 e When modifying scripts for ODenWRT keep in mind that it uses ash instead of bash The differences are rather minimal e g different function definitions For deta
26. ils regarding ash environment see http www thelinuxblog com linux man pages 1 ash 12 Links Following links are recommended reading e http iip net pl the homepage of Future Internet Engineering project http klub com pl ip46nat ip46nat project homepage http openwrt org OpenWRT project website http downloads openwrt org kamikaze docs openwrt html OpenWRT manual http klub com pl dhcpv6 Dibbler homepage User s Guide Developers Guide and a dibbler source code is available here http www thelinuxblog com linux man pages 1 ash ash bash like shell replacement manual page http www linuxfoundation org en Net Iproute2 iproute homepage http devresources linux foundation org dev iproute2 download iproute source code download e NL ACVIT g S a UNIA EUROPEJSKA N N OWACYJ NA Ra iN unierie internetu przysz o ci EUROPEJSKI FUN DLS GOSPODARKA in ROZWOJU REGIOMALNEGO gt NARODOWA STRATEGIA SPOINOSCI e 13 Contact Author of this project can be reached using e mail tomasz mrugalskiQeti pg gda pl 14 Acknowledgement This project is been partially supported by the Polish Ministry of Science and Higher Education under the European Regional Development Fund Grant No POIG 01 01 02 00 045 09 00 Future Internet Engineering
27. installation is being done using ipk packages To install a package please copy it to tmp directory e g using scp command run on a PC scp mtd 7 mipsel ipk root 192 168 1 1 tmp After package is transferred to the device use following command ipkg install tmp package name ipk to install package For example to install mtd use following command e e IIT E IA 2 UNIA EUROPEJSKA IN N OWACYJ NA ec e ind jnieria internetu przysz o ci EUROPE I5kKI FUNTAJSZ GOSPO DAR KA e ROZWOJU REGIONALNEGO A PBCOIDOeN S E RATE A CD a T Osc e e NARODOWA STRATEGIA SPOJNO LC e ipkg install tmp mtd 7 mipsel ipk Following packages are currently recommended for the ip46nat project kernel 2 6 25 16 dummy package that is required by other packages mtd mtd is a tool used to flash router That is the preferred way to flash router once Linux have been installed ip powerful tool used for network configuration Part of the iproute2 suite For example interfaces addresses and tunnels are configured using this tool iptables optional package may be used to configure IPv4 firewall and or IPv4 only NAT ip tables optional package may be used to configure IPv6 firewall and or IPv6 only NAT uclibcxx C library required to run all software written in C e g dibbler software dibbler client DHCPv6 client used to retrieve configuration and configure the device dibbler server DHCPv6 server used
28. l using ip command that is part of the iproute suite As Ipv4 over IPv6 tunneling is a very new addition it required fairly recent version of the iproute code See Links section for appropriate download links Make sure to use version that is dedicated to the kernel that is being used After kernel is booted and appropriate ip command is available it is possible to configure IPv4 over IPv6 tunnel Assuming that local node has address 2000 1 and remote tunnel endpoint is 2000 abcd tunnel can be created using following commands ip 6 tunnel add foo mode ipip6 local 2000 2 remote 2000 100 ip link set up foo foo is a unique interface name that will be associated with this new tunnel After tunnel is created it is possible to add IPv4 address to local endpoint If IPv4 address is also added to the remote end IPv4 traffic over IPv6 is possible c i Ep UNIA EUROPEJSKA INNOWACYJNA Qee inzunierie internetu przysz o c EUROPEJSKI FUNDUSZ GOSPO DAR KA e 3 e ROZWOJU REGIONALNEGO MAROD STRATEGIA SFOINOSCI gt c DOWA STRA AJ ip 6 tunnel add foo mode ipip6 local 2000 1 remote 2000 100 ip link set up foo After that operation IPv4 addresses may be assigned to the tunnel If both tunnel endpoints local on this node and remote on the remote node have assigned IPv4 addresses normal IPv4 traffic may be exchanged between them Routing may be configured to transmit IPv4 traffic via such interface ip route del defaul
29. ll be translated to IPv6 Source IPv6 address will be created as a concatenation of the P prefix v6prefixp parameter specified during module insertion and IPv4 address Destrination IPv6 address will be created as a concatenation of the M prefix v6prefixm parameter specified during module insertion TTL field will be copied and decreased by 1 e e e IA 2 UNIA EUROPEJSKA IN NOWACYJ NA Qee inzunierie internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA e i ROZWOJU REGIONALNEGO nM p p Ag WLAN AL ET TE s m 21 Fy e ARODOVWA STRATELIA SPOINDSC e For converted IPv6 packet to be transmitted successfully IPv6 forwarding must be enabled IPv6 routing must also be configured See section 4 for details Please note that L4 layer TCP UDP ICMP etc checksums are not modified in any kind That means that After IPv4 to IPv6 conversion packets will not be accepted by destination router They must be converted back to IPv4 That should not pose any concers however as routers are not supposed to intestigate L4 content at all Thus packets must be converted back to IPv4 before they reach their destination Matched packet information will be reported in the following manner Pv4 rcvd rcvd so far 3 src 192 168 1 100 dst 192 168 1 1 looking for 192 168 1 0 24 6 3 ip46nat IPv6 to IPv4 NAT Operation Once IPv4 packets are sent as IPv6 it is expected to receive responses They are to be received as a IPv6
30. llation several steps are required Following sections describe how to achieve specific steps In general following actions are required Install Linux on LinkSys WRT54 device or similar Install ip46nat module required for IPv4 to IPv6 NAT Install ip6 tunnel required for IPv4 over IPv6 tunneling Install and setup dibbler client for remote configuration optional step M za Sw dee E Install dibbler server on a PC Server will provide configuration details for the client optional step It is also possible to install required software i e modified Linux kernel modules on a PC machine and use it to perform IPv4 IPv6 NAT or IPv4 over IPv6 tunneling This approach may be used as validation or debugging environment 3 1 Connecting LinkSys Before any configuration or firmware modification make sure that you have full connectivity to your LinkSys device LinkSys devices by default use 192 168 1 1 address so to communicate with it another address from 192 168 1 0 24 pool 1s required For example PC may be configured to use 192 168 1 100 24 address To check if you have connectivity with LinkSys device use following command ping 192 168 1 1 Make sure that you have LinkSys connected using the rightmost socket See Fig 1 below AC 2 gt UNIA EUROPEJSKA IN N OWACYJ NA Qu in ynieria internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA SE ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SP JNO CI e Note I
31. me time 30 seconds to generate keys so it will reject any connection attempts at that time e nsn f INNOWACYINA e Za A UNIA EUROPEJSKA jez A i 0 inzunierie internetu przysz o c EUROPEJSKI FUNDUSZ x GOSPO DARKA af hs ROZWOJU REGIONALNEGO t NARODOWA STRATEGIA SP JNO CI e m Terminal ZE x Imc mnt cdrom Doc x e develfopenwrt k x Terminal 342 0 114 ms this will BusyBox v1 8 2 2008 05 28 00 57 56 CEST built in shell ash Enter jelp For a ist of built in commands KAMIKAZ bleedine Je 10 oz Vodka Shake well with ice anc 10 az E P 2 sec L ture ato 10 sho Oot O qe d Ey E uname a 2 17 1 Wed May 28 01 08 27 CEST 2008 mips unknown Fig 4 Linux installed on a LinkSys device 3 ipk packages OpenWRT provides wide set of network related tools Due to flash memory constraints often only a limited set of tools may be installed They are managed as ipkg packages During firmware compilation every piece of software may be selected to be built as part of the firmware separate package M or not built at all It is advisable to include in the base firmware only those really necessary packages as packages built in into firmware cannot be deinstalled It is possible to remove them using ipkg remove command but they will only become invisible and still take up precious space on flash memory 3 8 Package installation Software
32. n 10 20 1 100 10 20 1 100 Internet Control Message Protocol Type 8 Echo ping request Code Checksum Oxcaed correct Identifier 0x0016 Sequence number 1 0x0001 b Data 56 bytes OO 1d Ye bc 41 2a 00 11 25 12 66 88 08 OO 45 00 M LI NE 00 54 00 OO 40 OO 40 Ol 24 12 Oa le Ol OF Oa 1 B B 0 01 64 08 00 ca ed OO 16 00 01 f5 52 69 48 e LE Ol OO 08 O9 Oa Ob Oc Od Oe Of 10 11 12 13 14 ap E Frame frame 98 bytes Packets 3 Displayed Fig 9 IPv4 packet before translation e l 3 amp UNIA EUROPEJSKA INNOWACYJNA RA rien Ec EUROPEJSKI FUNDUSZ GOSPODARKA e i ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SP JNO CI e O ip46 after 4to6 pcap Wireshark AEG File Edit View Go Capture Analyze Statistics Help aa t amp ROBO amp c v ou Vine Met EC ELENA O Lee ale 102 a14 164 Echo ping request 4 996201 fe80 21d 7eff feb 2000 100 ICMPv6 Neighbor solicitation 3 4 996244 2000 100 fe80 21d 7eff feb ICMPv6 Neighbor advertisement 4 9 995375 fe80 208 54ff feO fe80 21d 7eff feb ICMPv6 Neighbor solicitation L 5 10 007023 fe80 21d 7eff feb fe80 208 54ff feO ICMPv6 Neighbor advertisement w Frame 1 118 bytes on wire 118 bytes captured b Ethernet II Src Cisco Li bc 41 2a 00 1d 7e bc 41 2a Dst Netronix 04 a3 24 00 08 54 04 a3 24 v Internet Protocol Version 6 b 0110 Version 6 0000 0000 Traffic class 0x0000000
33. ncoming traffic immediately IPv4 IPv6 NAT module loaded v6prefixp 3000 v6prefixm 2000 v4addr 10 10 1 0 Handlers for IPv4 and IPv6 installed FIPv4 rcvd rcvd so far 1 src 192 168 1 100 dst 192 168 1 1 looking for 10 10 1 0 24 FIPv4 rcvd rcvd so far 2 src 192 168 1 100 dst 192 168 1 1 looking for 10 10 1 0 24 FIPv4 rcvd rcvd so far 3 src 192 168 1 100 dst 192 168 1 1 looking for 10 10 1 0 24 Kernel module may be unloaded at any time To do so use command rmmod ip46nat After kernel is unloaded statistics are being presented To see them use dmesg command Handlers for IPv4 and IPv6 removed Pv4 IPv6 NAT statistics IPv4 to IPv6 packets 0 IPv6 to IPv4 packets 0 IPv4 rcvd 74 sent 0 IPv6 rcvd O sent 0 IPv4 dropped too large 0 IPv4 dropped no route O IPv6 dropped no route O IPv4 dropped transmission failed 0 IPv6 dropped transmission failed 0 IPv4 IPv6 NAT module unloaded Note from the early demo perspective it is also possible to compile and run Linux kernel with ipd6nat module on a PC For a details regarding module compilation see section 5 6 2 ip46nat IPv4 to IPv6 NAT Operation During module insertion vdaddr parameter is specified It is being used as a source IPv4 address filter used with 24 bitmask For example if v4addr is equal to 192 168 1 0 all incoming traffic from 192 168 1 0 24 network wi
34. nitial configuration takes place To start configuration type make menuconfig Please note that although using the same framework that interface is significantly different from a similarly looking Linux kernel configuration Also you may want to postpone this step and install additional patches as described in the following sections Example of the OpenWRT configuration process is presented in Fig 6 Alternatively sources with necessary patches are available on the ip46nat project website You can download and extract them instead of getting the source code from the OpenWRT s SVN repository Terminal Target System Broadcom BCM947xx 953xx 2 6 gt Fig 6 OpenWRT configuration example INNOWACYJNA e A UNIA EUROPEJSKA i Qe inzunierie internetu przysz o ci EURGOPEJISKI FUNDUSZ GOSPODARKA Fi az ROZWOJU REGIONALNEGO aAA E ATE S N Ep 21 Ar e e NARODOWA STRATEGIA SPOJNO ALI e configuration is complete type make to download requires source code build tool chain required for cross compilation all target binaries and images This may take several hours depending on the speed of the network connectivity and CPU After subsequent rebuilds this process is much shorter For extra verbosity level make V 99 command may be used Make sure that the PC has Internet connectivity as OpenWRT downloads multiple additional packages like kernel source After compilation is complete all packages and firmwa
35. ool As most of the OpenWRT software it may come pre installed or as a separate package If the mtd is missing simply install mtd 7 mipsel ipk package ece in ynieria internetu przysz o ci EUROPFPEJSEKI FUNDUS G GOSPODARKA zz ROZWOJU REGIONALNEGO SA ETRATECIA SER ir e e NARODOWA STRATEGIA SPOJINOCSE I c INNOWACYJNA hs 1 gt UNIA EUROPEJSKA IU z 3 4 Firmware upgrade TFTP Another way to install new firmware is to use TFTP protocol When boot_wait phase is enabled see section 3 5 it is possible to upload new firmware using TFTP protocol On a Linux box that uses IPv4 address from the same class see section 3 1 use TFTP client to send firmware For example tftp 192 168 1 1 tftp binary tfto gt rexmt 1 tftp gt timeout 60 tftp gt trace Packet tracing on tftp gt put openwopenwrt wrt54g 2 4 squashfs bin In the example above client will try to send firmware at 1 second intervals It will give up after 60 seconds After those commands are typed shut down and then boot your device Following messages should be displayed tftp 192 168 1 1 tftp gt binary tftp gt rexmt 1 tftp gt timeout 120 tftp gt trace Packet tracing on tftp gt put openwrt wrt54g squashfs bin sent WRQ lt file openwrt wrt54g squashfs bin mode octet gt sent WRQ lt file openwrt wrt54g squashfs bin mode octet gt sent WRQ lt file openwrt wrt54g squashfs bin mode octet gt sent WRQ lt file openwrt wrt54g squashfs
36. pool and the ISP s DNS server is available at the abcd 1 address eth0 1 interface following command may be used dnsmasq b d i br lan R server 2000 1 The meaning of the switches is as follows e b Fake reverse lookups for RFC1918 private IPv4 addresses s T MEN 2 0 UNIA EUROPEJSKA N N OWACYJ NA RA An e EUROPEJSKI FUNDUSZ GOSPODARKA eU i ROZWOJU REGIONALNEGO AP OMA A amp E acm CE n OSCI e e NARODOWA STRATEGIA SPOINOSC o e d Dont run as a daemon In the initial runs it is better to run this command in the console so any potential issues generated by this app will be discovered e ibr lan Accept queries received on the br lan interface e R Ignore etc resolv conf Without this option dnsmasq will also use all DNS entries from the etc resolv conf file To prevent this R option should be used e server 2000 1 Forward all queries to the 2000 1 server For the complete list of switches please use dnsmasq help command or see its man page http www thekelleys org uk dnsmasq docs dnsmasq man html Example dnsmasq execution is presented below root OpenWrt dnsmasq b d i br lan R server 2000 1 dnsmasq started version 2 45 cachesize 150 dnsmasq compile time options IPv6 GNU getopt ISC leasefile no DBus no 118N TFTP dnsmasq using nameserver 2000 1 53 dnsmasq read etc hosts 1 addresses 6 7 Router Advertisements Daemon Although not strictly related to this p
37. re images are available in the bin directory 7 2 ip46nat kernel module ip46nat is a Linux kernel module Although developed with embedded environment in mind it is not specific for embedded devices It may be run on any device that runs Linux kernel That includes ordinary PC boxes Due to extensive set of debugging and tracking tools available it may be beneficial to run this module on a PC at least during early configuration stages Ip46nat source code is available as a patch for various Linux kernels Tt is recommended to use only those kernels that patches are specifically provided for In general it is likely that patch prepared for a specific kernel version will work fine on other similar version But it may also fail To compile ip46nat as a module on a Linux box follow this steps 1 Download supported Linux kernel This example assumes that Linux kernel 2 6 25 16 will be used 2 Extract kernel using command tar xjvf linux 2 6 25 16 tar bz2 3 Apply ip46nat patch patch p0 lt ip46nat 2 6 25 16 patch 4 Setup kernel configuration in a normal way make menuconfig 5 Go to Networking gt Networking Options gt IPv4 IPv6 NAT and select it as a module If this option is not available make sure that patch was applied properly and that networking support IPv4 and IPv6 are enabled Save kernel configuration config file Build kernel using following command make Build kernel modules using following command make modules
38. roject goals it is assumed that clients network is purely IPv4 it s possible to provide support for IPv6 in the clients network Router Advertisement daemon radvd should be used for this To install it use following command ipkg install radvd 1 1 1 mipsel ipk Make sure that etc radvd conf file contains proper cofiguration Also radvd will refuse to start 1f IPv6 packet forwarding 1s disabled e Jr UNIA EUROPEJSKA N N OWACYJ N A ce GiG internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA PEN ROZWOJU REGIONALNEGO e e NARODOWA STRATEGIA SP JNO CI c 7 Compilation All parts of the ip46net project and its associated software is distributed as an open source Therefore full source code is available and can be compiled 7 1 OpenWRT compilation ip46nat project uses development branch kamikaze of the embedded Linux distribution called OpenWRT First step to build a firmware for your embedded device is to download OpenWRT OpenWRT is a set of tools that automate building process of the firmware There are several ways of obtaining sources Tt is possible to download stable sources or use SVN repository instead For the stability purposes all development related to ip46nat is done on one specific SVN snapshot revision 12386 To obtain this revision issue following command TODO Update this documentation to latest version svn co r 12386 https svn openwrt org openwrt trunk After checkout is complete i
39. s strongly recommended to be familiar with the following guide http wiki openwrt org OpenWrtDocs NetworkInterfaces All LinkSys WRT routers use one common Ethernet interface duplicated using different vlans In the latest OpenWRT version that is being reported as eth0 eth0 0 eth0 1 Ports 1 4 are grouped together and named br lan Note that this name have been changed during OpenWRT development so older tutorial available on the Internat may use different name To see or modify interface names see etc config network To enable IPv4 and IPv6 forwarding use following command echo 1 gt proc sys net ipv4 conf all forwarding echo 1 gt proc sys net ipv6 conf all forwarding To configure routing ip command may be used Assuming that we want to NAT traffic from 192 168 1 0 24 to 2000 64 following command may be used ip route add 192 168 1 0 24 dev eth0 0 ip route add 2000 64 dev ethO 1 In case of WRT54GL v1 1 the model used by author rightmost socket next to power supply is called eth0 0 that 1s the interface that has default 192 168 1 1 address assigned Another interface labeled as WAN is called ethO 1 6 Manual Configuration This section describes how to achieve several aspects of the LinkSys configuration in a manual way Manual means a static local configuration performed by locally issued commands or scripts For automatic remote DHCPv6 based configuration see section 6 6 1 Ip46nat IPv4 to IPv6 N
40. sennsvnnsnnennensrnsnnsnennennenne 16 6 4 Firewall MINS extra talli EEE ET 16 5 5 Poe IP VG TCI ri 16 bd NO 17 6 7 Router Advertisements Daemon rrrrnnrrrnnnnrrnnnnnrrnnnnernnnnernnnnernrnnernnnusernnnnenneennernneenusennsennenne 18 TONN 19 Fl OPER ON NA Needs 19 7 2 NON 20 7 3 ip46nat kernel module as an ipk package cccoocccnococnncnnnnnncnanononarononnnonnonarononarononancnnonanonos 20 Zat ADIT ONW A eS OI Peon e oo E A 21 7 5 dibbler software as an ipk package cooocccccooconocaconncononnonacononanonnnnnnononarononaronnnannnnonaronenaronons 21 7 6 IPv4 over IPv6 tunnel modules esses nennen enne nnne nnne nnns 22 8 IPv4 to IPv6 NAT Phase 1 testing oocccocnoccconoanococnaronononononoaranacaranonanonononcanacarinarinaconacacncnoninanono 23 5 1 PO PO 23 5 2 POP 26 FIFeWa CON E oa ocaso tract 27 B4 NE EP 27 5 5 PTE 28 AS AAPP nn o E E E 28 5 7 NNN 28 9 Pv4 over IPv6 tunneling Phase 2 testing eese nnn nn nennen enn nnne 29 TT E efto RT OE TEE 29 10 ige heos ica 32 NNI CNI Oo s 49 UNIA EUROPEJSKA N N OWACYJ NA Ges es internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA el i ROZWOJU REGIONALNEGO NARODOWA STRATEGIA SPOINOSCI e 10 1 Code overview for ip46nat module ee ae aaa aa aaa aaa aaa aaa aaa aaa aaa aaa ennemis 32 11 Best practices and debugging NPs See 32 VU 32 IS NN 33 A ACKNOWIEGZEM E EE EE 33 e a E IIT E IA 2
41. squas Browse RE Warning Upgrading firmware may take a few minutes please don t Click the Upgrade button turn off the power or press the reset button to begin the upgrade process Upgrade must not be interrupted OOO gian Upgrade must NOT be interrupted Done S WA Adblock Fig 3 Firmware upgrade using original web interface 3 3 Firmware upgrade using linux console Firmware upgrade from OpenWRT i e when your LinkSys device was flashed already is done by using mtd tool Copy openwrt brcm47xx squashfs trx file to the tmp directory Note that this is a different image file than used in the web interface Copy it to your LinkSys device scp openwrt brcm47xx squashfs trx root 192 168 1 1 tmp This command will copy required firmware image to tmp directory Change to that directory and begin flashing using following command cd tmp mtd r write openwrt brcm47xx squashfs trx linux After flashing is complete device will reboot It takes up to 2 minutes to finish flashing and rebooting Please note that after such firmware upgrade all possible changes made to the router configuration will be lost That includes all software packages installed and all configuration changes Note bin and trx firmware image files contain the same image but trx is a raw image while bin has extra headers for the purpose of being recognized as a valid image by the original web interface Note mtd is a command line t
42. t ip route add default dev foo For example tunnel configuration see Fig 5 below mc usr src linux source 2 6 25 oe e m Jdevel dibbler 0 7 2 ia32 doc otlijpenWrt ip 6 tunnel add fo ode ipip6 local 2000 1 remote 2000 100 00 t L JpenWrt t ip link set up foo CootGeO0penWrt d i pa ddr add 10 10 1 1 24 dev foo soot BC penes EE p in J Lo 10 um 10 IE 10 1 100 10 10 1 1040 s from 10 10 1 100 s from 10 10 1 100 s from 10 10 1 100 T Ct ct ct gm at s yte Bd tin iei 545 ms p4 time 1 081 ms bd time 1 053 ms m 5 zit seg I e D m re ound trip min peer PE LAT I ot la JpenWrt E ping 10 10 T em n Fig 5 Tunnel creation 6 6 DNS proxy IPv4 based DNS queries from the client can be handled in the same way as any other traffic i e translated to IPv6 by using ip46nat module or tunneled over IPv6 using ip6 tunnel However it is also possible to use LinkSys device as a DNS proxy It will receive incoming IPv4 queries from the client issue IPv6 based queries to a specified ISP DNS server handle returning IPv6 based responses and send its contents as a IPv4 based reply to the client To set up DNS proxy dnsmasq software may be used To install it issue following command ipkg install dnsmasq 2 45 1 mipsel ipk After the software is installed it starts dnsmasq by default Tt should be stopped etc init d dnsmasq Assuming client s segment br lan interface uses 192 168 1 0 24
43. ware list http wiki openwrt org TableOfHardware action show amp redirect toh Please verify that you are using proper firmware After firmware was uploaded flashing takes place It can take up to 2 minutes After completion router will reboot Make sure to not reboot or power off the router before it finishes flashing It also may be beneficial to read following installation guide http wiki openwrt org InstallingWrt54gl INNOWACYJNA Pa UNIA EUROPEJSKA ece in ynieria internetu przysz o ci EUROPEJSKI FUNDUSZ GOSPODARKA e 5 e ROZWOJU REGIONALNEGO o e e NARODOWA STRATEGIA SP JNO CI e gt Firmware Upgrade Iceweasel 068 ile Edit View History Bookmarks Tools Help sb ft G http 192 168 1 1 Upgrade asp gt gt G Google A Auto Biz O Devel E Doc O Gry C0IPv6 O Linux O Mieszkanie Misc Newsy Ph D Portale Space A Proble Openwr Openw DOpenwr Openwr Openwr jOpenwr O Fir 3 LINKSYS A Division of Cisco Systems Inc Firmware Version v4 30 12 Wireless G Broadband Router WRT54GL Administration noaa an ENDE Setup Wireless Security Access Restrictions amp Gaming Administration Status Management Log Diagnostics Factory Defaults Firmware Upgrade Config Management Upgrade Firmware Click on the browse button to select the firmware file Firmware Upgrade to be uploaded to the Please select a file to upgrade In openwrt wrt54g
Download Pdf Manuals
Related Search