I get both IPv4 and IPv6 addresses from my ISP using PPPoE, and I use OpenWrt. Is it possible to set it up as a v6brouter?

IPv6 is set up automatically with the default network configuration with pppoe protocol:

network.wan.proto='pppoe'

determine wireless interfaces in use

WIRELESS=$(brctl show | grep 'wlan')

exactly what does it do? I don't see any usage for it.

I just tried this with my setup where previously, I had an IPv4 NATed "routed repeater" with the uplink being wlan0 in client mode and a different WLAN in AP mode on wlan0-1. I set WAN_DEV to "wlan0" but ./v6brouter_openwrt.sh -E tells me

brctl: bridge br-lan: Operation not supported

Might be related to this http://serverfault.com/questions/152363/bridging-wlan0-to-eth0 . Do you have a hint how I could get this working?

I am running LEDE Reboot (17.01.4, r3560-79f57e422d). The "OpenWRT" version of script works, except when I put it on the startup, it seems to run too early and the clients won't get IPv6 addresses. I inserted the line sleep 5 to the beginning of the script and it seems to work around the issue.

So, here is my use case - I want to understand if / how v6brouter can assist.

I have a client application running on a ubuntu server, which exposes ports 1935 to host rtmp audio-video livestreams, and 8935 to serve hls audio-video livestream. Obviously, this client is designed for running on servers behind NAT.

I would like to be able to bypass NAT by mapping incoming requests on an IPv6 address to ports and protocols on IPv4 0.0.0.0, e.g. rtmp://0.0.0.0:1935/streamkey and http://0.0.0.0:8935/stream/streamkey.m3u8.

Is this the kind of thing that v6brouter could be used for? As you may be able to tell, I am new to IPv6, and I don't even know if what I'm talking about is imagined.

Hi,

thank you for this script, I've used it successfully on a TP Link WDR1043ND. I'm just now trying in my new Archer C7, but the script hangs after it outputs "--- configuring v6 bridge" and the device becomes unresponsive on ipv4 (and I'm connected on ipv4). The actual ipv6 bridging works though.

I saw that this router doesn't expose an eth1 interface, but even though the documentation header states eth1 should be the wan interface, the actual name eth1 is not hardcoded. I found that this device name is resolved to eth0.1 in the config file with $(/sbin/uci get network.wan.ifname), so I'm not really sure how I can debug this.

Do you have any idea what I can try? Thanks!

Edit: Sorry I forgot to mention, I'm on OpenWRT 19.07, ebtables is installed.

Package ip is no more available and iptables isn't installed.
Any idea?
Regards, Andrea

opkg install ip
Unknown package 'ip'.

iptables: not found

v6brouter can't work on my router wndr4300( CC 15.05.1). the clients can get ipv6 address ,but it can't access ipv6 website.
I use 6relayd, the clients can access ipv6 website , but it is not stable.
I use NAT6 mothod, it's work welll. but ipv6 address of the client is not real ipv6 address.
how to solve this problem?

If you install the kmod-ebtables-ipv4 package, the necessary kernel modules for --arp-ip-dst are installed. This permits the router to be configured to respond to ARP requests, which is rather useful if your router does more than just routing.

It's so strange that 15.05.1 doesn't have ip command, so this scripts doesn't work at my WNDR3800

root@OpenWrt:~# ip
-ash: ip: not found

want to know which package include ip T_T

BRIDGE_IP6 is my router WAN6 ipv6 address from ISP ?

Just wanted to say thank you for creating this awesome script. Now my IPv6 Lan is working. However, when I run the script with the -F option I get an error.
`./v6brouter_openwrt.sh -E -F
--- checking for ebtables
/usr/sbin/ebtables
--- configuring v6 bridge
brctl: bridge br-lan: Resource busy
bridge name bridge id STP enabled interfaces
br-lan 7fff.b04e266d35a8 no eth0.1
wlan0
eth0.2
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-p IPv6 -i eth0.2 -j mark --mark-set 0x10 --mark-target CONTINUE

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
--- Disable IPv6 RA and DHCPv6 Server on LAN
--- assigning IPv6 management address 2001:470:ebbd:0::11 to br-lan
--- configuring brouter to route everything but IPv6
Bridge table: broute

Bridge chain: BROUTING, entries: 1, policy: ACCEPT
-p ! IPv6 -i eth0.2 -j DROP
--- Allow ports from user rules (from eth0.2) via ip6tables, block all others
Chain forwarding_rule (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere mark match 0x10 ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere mark match 0x10
DROP all anywhere anywhere mark match 0x10
ACCEPT ipv6-icmp anywhere anywhere mark match 0x10
DROP all anywhere anywhere mark match 0x10
--- enable ip6tables firewall for v6Bridge
sysctl: error: 'net.bridge.bridge-nf-call-ip6tables' is an unknown key
`

Hi, cvmiller,

Your project is awesome! My ISP provides both IPV4 and IPV6, but I have to dial pppoe to get the both internet access. I tried to brouter the IPV6, but I cannot figure out how. Is there a method? Thank you!

kmod-br-netfilter must be installed. Otherwise the call to sysctl on line 276 of v6brouter_openwrt.sh spits the following error, and the ip6 firewall does not function: "sysctl: error: 'net.bridge.bridge-nf-call-ip6tables' is an unknown key."

While I'm here, I have a number of questions about the firewall functionality (please feel free to split these off into a separate issue if you like):

1. Is my understanding correct that the IPv4 firewall is untouched (i.e., any existing IPv4 iptables rules will continue to be enforced)?
2. Which ip6tables chains stop functioning? (I'd think that existing rules for INPUT and OUTPUT in ip6tables would continue to be enforced, but everything in FORWARD stops functioning and needs to be replaced with something in the new forwarding_rule chain. Is that right?)
3. What's the point of the default rule allowing external SSH? If I understand correctly, that allows someone out in WAN world to initiate a SSH connection to a machine on your local network. Why would you want that?
4. Could you elaborate further on the statement "When in v6brouter mode, it is possible to log into the OpenWRT router via ssh from the outside network. You may wish to add an IPv6 firewall rule to prevent this."? What rule specifically? Also, could you explain how this becomes possible?
5. Is there an inverse of "ebtables -A FORWARD -p ipv6 -i $WAN_DEV -j mark --set-mark 16 --mark-target CONTINUE" that could be used to filter outgoing traffic?
6. Where should new rules be added? Into the script itself?
7. Could you give example rules for the following cases:
   7.i. Drop packets bound for destination ports X, Y, Z on LAN machines, regardless of source.
   7.ii. Drop all packets in both directions between WAN and LAN machine with IP X.
   7.iii. Drop all packets in both directions between WAN and LAN machine with MAC X.

just a question; should this script run at boot or is it fine once it's run? comcast dishes out a /64 and i run a router behind their gateway (which i cannot put into bridge mode at roommates request) so this script saved my life. spent like 6 hours trying to find a solution but all i found was ipv6 may have been over-engineered and comcast is quite content in being a monopoly

Such as create an interface and add it to br-lan?

ip: RTNETLINK answers: File exists

-1) after committing the script I lose my ipv4 internet.
-2) ipv6 dns server won't set on the clients behind the wrt router

-R argument fixes it back to original (or reboot)