Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

All you need is a Linux or BSD box configured as a router, for instance Quagga or BIRD.

As someone who is building little compact flash and USB flash based BSD boxes for various tasks, I can quite happily say its entirely possible to build diskless based Linux/BSD routers which are upgraded about as easy as upgrading a Cisco router (ie, copy over new image, run "save-config" script, reboot.) Its been that way for quite some time.

If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway.
You too can build diskless core2duo software routers for USD $1k.

Nathan Ward has packaged up a FreeBSD image that runs on Soekris boxes which incorporates 6to4 and Teredo. A binary TUI release can be downloaded from Nathan's website, as well as a nice article by Geoff Huston.

Reverse 6to4 delegation can be requested at:, please check the instructions at

If you announce a 6to4 prefix, make sure to add your ASN to the list of ISPs currently announcing a 6to4 prefix.

Jordi's AfriNIC posting

This info provides the steps required in order to configure your BSD box as a 6to4 Relay.

In order to proceed, you need to have a public IPv4 address on that box, your own IPv6 prefix (provided by AfriNIC in this case) and IPv6 transit.

The BSD box need to support stf pseudo-interface, FreeBSD 5.4 or higher version is recommended, for FreeBSD 4.9 you need to recompile the kernel adding "pseudo-device stf". NetBSD 1.5 supports stf pseudo-interface compiling the kernel. Also need to have IPv6 support and IPv6 routing enabled.

If you need help in order to acquire your IPv6 prefix from AfriNIC, let us know and we can help even with the request form.

Similarly, we are able to help in making sure you have the right configuration for IPv6 in your BSD and you can get IPv6 transit (native or tunneling) either from your upstream, or alternatively, if that's not possible, we will be able to provide free IPv6 transit to third party networks.



Running a 6to4 relay on Linux

Tested on 2.6.24-19-generic (ubuntu hardy).

Create this bash script

Code Block

echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding

ip -4 addr add dev eth0
# enabling forwarding makes the RA added default gateway disappear, so
# it has to be added manually. 
ip -6 route add ::/0 via YOUR_GATEWAY dev eth0

ip route flush dev tun6to4 2>/dev/null
ip link set dev tun6to4 down
ip tun del tun6to4

ip tunnel add tun6to4 mode sit ttl 100 remote any local
ip link set dev tun6to4 up

ip -6 route add 2002::/16 dev tun6to4
ip -6 route add ::/96 dev tun6to4 metric 1

Remember that you need to update access lists for the network the 6to4 relay is on. Allow into the network. As it sends packets from 2002:: you need to allow spoofed outgoing packets.


If you are running a Linux based 6to4 relay you should consider applying this patch.

Create an stf interface

In case it doesn't exist, create an stf interface.
Run these commands in a terminal:

Code Block
ifconfig stf create

By default the stf interface is not enabled.

Add local 6to4 address to interface (note: prefix length 16 is very important!)

Code Block
ifconfig stf0 inet6 6to4addr prefixlen 16
Code Block
ifconfig stf0 inet6 2002:c001:0203::1 prefixlen 16

Configure IPv6 connectivity

Because we are configuring a 6to4 relay it should have IPv6 connectivity (either native or via a tunnel) through an IPv6 gateway (for our example we use 2001:7f9:1::1 as GW address). After having configured an IPv6 address on the corresponding interface, the default route should be configured:

If our IPv6 interface is interface ne0:

To configure the IPv6 address:

Code Block
ifconfig ne0 inet6 alias 2001:7f9:1::2

To add a default route:

Code Block
route add -inet6 default 2001:7f9:1::1

Configure prefix advertisements

Somewhere on the Relay network, the device in charge of announcing prefixes (typically a BGP router) should announce 2002::/16 prefix to its IPv6 peerings.

This would allow native IPv6 nodes to reach 6to4 nodes (2002::/16 addresses).

Regarding the IPv4 reachability of the Relay there are two options:

  1. Configure the 6to4 anycast IPv4 address ( and announce the anycast prefix ( to the site IPv4 peerings.
  2. :6to4 hosts will be able to find it automatically, with no need for any manual configuration.
  3. Use another public IPv4 address.
  4. :Some kind of advertisement of the IPv4 address is needed (usually a FQDN-Fully Qualified Domain Name) in order to allow others to configure our relay.

This will allow 6to4 nodes (2002::/16 addresses) to reach native IPv6 nodes through our relay.

Making your configuration persistent

In order to make your configuration persistent, a script could be used that is executed at boot time. The idea is to have a script that executes all the commands needed to configure everything as desired.

This example for Linux takes the local host public IPv4 address as an argument:

Code Block

PARTS=`echo $IPV4 | tr . ' '`
PREFIX48=`printf "2002:%02x%02x:%02x%02x" $PARTS`


ifconfig $STF_IF inet6 $STF_IP6 prefixlen 16 alias

ifconfig ne0 inet6 alias 2001:7f9:1::2
route add -inet6 default 2001:7f9:1::1

For FreeBSD add this to /etc/rc.conf:

Code Block


Configuration examples may vary for other BSD distributions.

Remove a 6to4 tunnel using "ip" and a dedicated tunnel device

Remove a 6to4 interface address

Code Block
ifconfig stf0 inet6 -alias 2002:c001:0203::1

Remove 6to4 prefix route

First we can see the route table with:

Code Block
netstat -rn

Now we can delete the route entry for 2002::/16 prefix via <gateway_IPv6> with:

Code Block
route delete -inet6 2002::/16 <gateway_IPv6>