cancel
Showing results for 
Search instead for 
Did you mean: 

IP Block Questions

N/A

IP Block Questions

I have skimmed around various documents on here and noticed that PlusNet offer 8 or 16 IP blocks for customer broadband connections.

I understand that there has to be a valid reason for requesting an IP block - mine will be to enable tunnelling onto the IPv6 network and the only way to do this is through a real IPv4 address routed to a Linux machine on my home network since the protocol used for this can't be done via NAT on my broadband router.

I now have a couple of questions about this:

a) does this "extra" service cost? (upon looking, it appears to be completely free) and

b) does one loose the orignal single static IP that PlusNet initially assign to your account and then replace it with the routed IP block or do both co-exist together? As such, if one requested an 8 IP block, are 2 or 3 IP addresses subsequently lost? (I know 2 are lost for the network and broadcast address, but one also might be lost to act as the gateway IP address, if the main original static IP address is dropped). In short, how many IP addresses are actually usable from such a configuration?

I hope one of PlusNet's network gurus can advise, or indeed, if anyone else here runs a similar setup just now, they can advise accordingly.

Thanks.
17 REPLIES
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

IP Block Questions

a) No

b) I would think that when PlusNET assign in IP block to you you'll definitely loose the single IP you had. On an 8 block you'll have 5 useable, 13 usable on a 16 block.

Having said that, I don't think you'll need a block of IP's for what you want to do, since a block of IPv6 addresses would be tunneled through a single IPv4 address (AIUI)
N/A

IP Block Questions

But I'm running a router, not a directly connected PC. I'm not aware that the router (its a DrayTek) supports NAT of the tunnel protocol used for IPv6 over IPv4. That's why I -think- I need some real IPv4 addresses to do this (unless you can suggest otherwise).

What is AIUI ?

Thanks for your help!
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

IP Block Questions

AIUI = As I Understand It Cool
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

IP Block Questions

It's a long time since I've done anything with IPv6, but I'm wondering if you could just pass everything through the router to the Linux box & do your NAT on that box. I imagine the router won't care what's going through it as long as it's IPv4 (which it will be until the Linux box strips out the IPv6 packets)
N/A

IP Block Questions

Doh Smiley - that's a new one on me! (AIUI that is).

I still think I need an IP block. The reason for it is that the draytek only forwards IP packets of type 6 or 17 (TCP and UDP respectively) - those are the only ones its firmwire understands and knows how to forward internally. The IPv6 tunnel works across IP packet type 41 and unfortunately, mr draytek doesn't understand that type.

An IP block would sort this because the packets end up getting routed directly to a real host (eg, a Linux box which understands what to do with IP packet type 41) and hence you can then start doing stuff with IPv6 tunnels.

Cheers Smiley
N/A

IP Block Questions

I have recently moved from single address NATing to an 8-block.

Re. static addressing. Your DNS record for username.plus.com is replaced with all of the addresses in the range and is returned on a 'round-robbin' basis.

The RADIUS server will assign the same IP address to your router each time (usually the first host-address in the range), which you also use for the local interface of the router and the other host addresses (5 or 13) are then available for your other equipment.

If you're worried about having your request turned down, don't! The form tells you what RIPE want to hear when filling it in and you can submit it as many times as you like. The form you need is at http://usertools.plus.net/ripe and you paste the result into a support ticket.

Hope this helps
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

IP Block Questions

Can you select an internal IP as a DMZ on your router? If it can see if this page helps at all.

http://www.sixxs.net/forum/?msg=setup-87150
N/A

IP Block Questions

Looks promising!

I just checked the DrayTek and yes, I can setup a DMZ host. Great, no IP block required then!

Great stuff cloudmaster Smiley Thanks!
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

IP Block Questions

Great :lol: , though I've just speed read that page & you might not be out of the woods yet, good luck!!
N/A

IP Block Questions

Whilst DMZ looks good, it is actually the devil in disguise.

The feature probably various from router to router, but on my one, putting this feature on opens up the entire linux box (all ports, all protocols etc) to the outside world. :shock:

So looks like I'll be going to IP block route Smiley
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

IP Block Questions

That's exactly what a DMZ is (De-Militarised Zone). Can't you set up a firewall on the Linux box?
N/A

IP Block Questions

I've just had a brain wave that gets around the problem entirely (and it works).

Give the Linux box a secondary internal IP address (so it has 2 IP addresses internally).

Set the DMZ host to this secondary IP.

Do a simple firewall rule on the linux box:

iptables -A INPUT -i eth0 -p 41 -d <secondary IP> -j ACCEPT
iptables -A INPUT -i eth0 -d <secondary IP> -j DROP

This then makes the linux box secure as it will ignore ALL protocols except the IPv6 tunnel one.

Then setup the tunnel (I'm using BT Exact) and bingo:

1 tb-exit.ipv6.btexact.com (2001:618:400::1) 28.918 ms 29.7 ms 28.65 ms
2 uk6x-core-hopper-g0-2.ipv6.btexact.com (2001:618:1::7) 30.615 ms 30.315 ms 30.048 ms
3 ukerna-uk6x.ipv6.btexact.com (2001:7f8:2:1::7) 29.449 ms 31.044 ms 30.369 ms
4 2001:630:0:10::51 (2001:630:0:10::51) 34.645 ms 30.878 ms 31.35 ms
5 gi5-0-1.lond-scr4.ja.net (2001:630:0:10::129) 32.131 ms 31.706 ms 114.469 ms
6 po0-0.lond-scr.ja.net (2001:630:0:10::55) 32.011 ms 32.826 ms 34.31 ms
7 po0-0.london-bar1.ja.net (2001:630:0:10::a) 32.366 ms 31.921 ms 32.38 ms
8 nominet.site.ja.net (2001:630:0:8010::2) 32.103 ms 32.764 ms 32.113 ms
9 2001:630:181:35::83 (2001:630:181:35::83) 32.362 ms 31.922 ms 32.31 ms

Problem sorted, and no IP block required either! (I hate wasting IP addresses) Cheesy

Cheers for the info on DMZ though - I wouldn't have known I could do this without that vital bit of info!! Smiley
N/A

IP Block Questions

Actually, it gets better.

It works without the aliased IP and even with DMZ off in the router.

I dunno how this is possible. Unless the DrayTek does understand how to forward and deal with IPv6 tunnel packets. :?

Another new one on me then. If it works, don't fix it!
N/A

IP Block Questions

Can I just ask why you want an IP block, if your not willing to use the DMZ feature?

As you clearly said, it opens up the entire linux box. However, isn't a public IP address going to do this to it anyhow?

DMZ hosts and IP routed hosts are all subject to the firewall rules of the router regardless.