Need help with your equipment?
ivordurham's profile

Tutor

 • 

7 Messages

Thursday, May 8th, 2014 6:18 PM

Anyone have IPv6 working with router-behind-router/DMZplus mode?

I have an IPv6-enabled 3600HGV U-verse router with a Linksys E4200 configured as the DMZplus device behind it (for Wireless-N and IPv6 Firewall configuration). DHCPv6 is enabled on the 3600. The E4200 is set for automatic IPv6 configuration. While the E4200 status page show that it gets its own global unicast IPv6 address, the gateway address is a unique local address (fd02:..) and the devices on the network behind the E4200 only get an IPv6 unique local  address (fd02:...) instead of a global unicast address (2602:306:...) in addition to their link-local address (fe80:...). Consquently the IPv6 addresses are not routable so I can't get to external IPv6 sites with this configuration.

 

If I connect my local network directly to the 3600HGV the IPv6 network works properly for outbound connections, but I haven't found a way to configure the firewall to permit incoming IPv6 connections to pass through to the addressed device. The firewall looks like it only supports IPv4 port forwarding.

 

Has anyone workout out how to get IPv6 autoconfiguration working to assign global unicast addresses to devices on the network behind a router that is behind the U-verse router? Alternatively does anyone know how to poke a hole in the U-verse firewall to permit an IPv6 connection to pass through to a specific port on the IPv6 device?

 

I need both inbound and outbound IPv6 connections to work on software development for a site that has only IPv6 access to devices behind their firewall (a HughesNet Gen4 customer with a router-behind-router with which IPv6 autoconfiguration works properly). A Hurricane Electric tunnel provided the necessary functionality with my previous DSL service, but apparently the 3600HGV blocks this. Thanks in advance for any insights.

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

10 years ago

At this time, all of the 2Wire/Pace gateways, including the 3600HGV, 3800HGV-B, 3801HGV, i3812V, and 5031NV do not fully support IPv6. While AT&T is beginning to put some of the infrastructure in place to support it, the gateway will need a new firmware update at some point in the future to fully support it.

As you've also discovered, because of AT&T's efforts to begin supporting IPv6, the gateway is blocking IP protocol 41, which effectively blocks any IPv6-in-IPv4 tunnels like those used to Hurricane Electric. There is currently no work-around for this.

Tutor

 • 

7 Messages

10 years ago

Thanks. It looks like I'll just have to use the E4200 as a wireless access point until AT&T catches up so that I can use out-bound IPv6 connections, which is the largest part of what I need. I have a fall-back strategy for testing in-bound connections at the target site. Unfortunately I know better than to ask if AT&T has an ETA on the rest of the functionality!

Teacher

 • 

9 Messages

10 years ago

In case this affects your plans, you should know that at last check AT&T is not only blocking IPv6 on the residential gateways, but also at the border. Some of us managed to work around the defects in the 3801HGV by upgrading to the NV589 that doesn't have the bug that filters protocol 41, but after a few weeks of glorious IPv6 our tunnels broke again. It was finally confirmed with the AT&T networking tier that they consider IPv6 tunnels to be a security risk to their infrastructure (!!), so when the bugs are resolved it's likely that the only target to which you'll be able to establish a tunnel will be AT&T's own 6rd server.

Tutor

 • 

7 Messages

10 years ago

Thanks. With my 3600HGV enabled for IPv6 (which apparently uses AT&T's tunnel) and my original router configured in Bridge Mode I am able to make out-bound IPv6 connections and use the wireless N speed provided by my router, which is the bulk of what I need. The only functionality I am missing is the ability to configure the 3600HGV firewall to allow an in-bound IPv6 connection. So if and when the 3600HGV firmware gets updated either so that it correctly delegates an IPv6 prefix to the DMZ+ router or gets its firewall interface expanded for IPv6 I'll have all of the functionality I need.

Contributor

 • 

1 Message

10 years ago

Ok, I'm no expert but I wanted to contribute. I have a NVG589. It is IPv6 enabled via SLAAC ?. I don't believe it is using tunneling over IPv4. I have a netgear WNDR4500 router behind it. I want to configure the NVG and the WNDR to work using the IPv6. my test-ipv6/com results indicate that I have the IPv6. 

Tutor

 • 

6 Messages

9 years ago

This probably won't work, but try taking your Linksys router out of the DMZ (and reboot both routers).  You can still disable the firewall on the 2Wire under Settings -> LAN -> IP Address allocation.

 

I can't try this myself, as I don't have ipv6 functionality.  In the ipv4 world, the Linksys will get a DHCP-assigned local address from the 2Wire, and will set the 2Wire as the default gateway, but this works fine, at least for me.  My hope is that the Linksys will be able to pick up the ipv6 prefix from the address that the 2Wire assigns to it.

 

Sorry if this turns out to be a dumb idea.  I don't know much about ipv6.

Tutor

 • 

7 Messages

9 years ago

My problem was ultimately solved by AT&T replacing my 3600HGV with an NVG589 and running my Cisco/Linksys router in Bridge mode. I still can't get in-bound IPv6 connections (no firewall configuration feature), but I can reach the IPv6-only place I need to, which is behind a HughesNet Gen4 satellite connection that doesn't support IPv4 port forwarding.

Tutor

 • 

11 Messages

9 years ago

That's an interesting setup. If you had another cisco router, you could do DMVPN.

Contributor

 • 

1 Message

8 years ago

I know this is an ancient thread, but I was wondering if anything new might have happened since the last post.

 

I have an i3812V router with the 6.11.1.29-enh.tm firmware.  Everything IPv6-related looks good on the AT&T router, and the router I have behind that one (old Linksys running Shibby Tomato 1.28) looks like it's getting everything it's supposed to from the 3812.  The Linksys gets an appropriate IPv6 address, and my Windows box gets one as well, with the Windows gateway being set to the link local address of the Linksys router.  So far, so good - I can ping the Linksys's link local address just fine from Windows, and the Linksys is successfully responding on the global IP when attempting to do a traceroute of an IPv6 address from the Windows box.

 

Where I run into problems is getting upstream of that.  From a command prompt on the Linksys, I attempted to ping ipv6.google.com.  No dice.  I then tried pinging the gateway shown on the i3812V Settings/Broadband/Status page from the Linksys, and didn't get any response there either. Pinging the public IPv6 address directly from the i3812 is successful, and both routers can ping each other, although the 3812 can't ping the Windows box. Since the AT&T router appears to be giving the Linksys a valid IPv6 address and delegating the address space, I'm not sure where else to start looking for the problem.

 

Has anyone had any luck using the 3812?

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.