In my last post, I explained how to go about utilizing IPv6 prefix delegation using a Ubiquiti EdgeRouter 4, connected to an AT&T internet router that has IPv6 enabled on both the WAN and the LAN side. Now we’re going to walk through the basic firewall rules you need in place to protect your IPv6 network. And when I say basic, I mean the bare minimum to make sure the entire internet can’t get to your IPv6 devices, because if you’ve finished with the last post, your devices are likely open right now. 😐
From the outset, it’s important to note that this is intended only for those who already have completed part one on the AT&T router, which is 1) enabling IPv6 on the LAN side and 2) enabling prefix delegation for the LAN. In addition, I’m using a Ubiquiti EdgeRouter 4 for my second firewall and this guide reflects that. However, if you’re using another IPv6 capable router, you may be able to glean settings from this and match them to your configuration.
*Disclaimer: If you enable this and mess with it in such a way as to make your network insecure, I’m not responsible for what may or may not happen due to your lack of security implementation related to traffic passing in and out of your internal network, i.e. if you get hacked, sorry, although I’ll gladly get employed to mitigate the situation ;).
A much better firmware now exists for this router called Tomato. Check it: http://www.polarcloud.com/tomato
A friend of mine has a Linksys WRT54G v4, and there is some new hacked firmware out for it (hacked in a benevolent, legal way :). So we decided to upload this hacked firmware and give it a whirl. It worked with no problems and you can now boost the transmit power up to 251 mw (my WAP54G with hacked firmware goes up to 84 mw and I still get a connection from 6 houses down if that tells you anything). Theoretically, without any electronic interference between the router and your wireless card, you should be able to connect from quite a far distance (not sure exactly how far though as I have not tested it). This firmware will work for v1-v4 and seems to be really stable from what I can tell. So check it out and download it from here …