{"id":133,"date":"2013-07-25T15:30:45","date_gmt":"2013-07-25T23:30:45","guid":{"rendered":"http:\/\/jacksontech.net\/?p=133"},"modified":"2014-04-05T18:56:57","modified_gmt":"2014-04-06T02:56:57","slug":"native-hughesnet-ipv6-on-linux","status":"publish","type":"post","link":"https:\/\/jacksontech.net\/index.php\/2013\/07\/native-hughesnet-ipv6-on-linux\/","title":{"rendered":"Native HughesNet IPv6 on Linux"},"content":{"rendered":"<p>HughesNet offers native IPv6 support (including routed prefixes) on their HT1000\/HT1100 GEN4 systems. If you don&#8217;t know what IPv6 is, then fix yourself some tea, settle in, and skim through <a href=\"https:\/\/ipv6.he.net\/certification\/primer.php\" target=\"_blank\">these<\/a> primers on <a href=\"http:\/\/arstechnica.com\/gadgets\/2007\/03\/ipv6\" target=\"_blank\">IPv6<\/a>. It&#8217;s very nice to see that HughesNet is embracing the future of the Internet by allowing its customers to use IPv6 without having to configure a tunnel&#8211;most other ISPs don&#8217;t yet offer native IPv6.<\/p>\n<p><!--more--><\/p>\n<p>Here&#8217;s an overview of HughesNet&#8217;s IPv6 infrastructure:<\/p>\n<ul>\n<li>The HT1000 modem (and, I imagine, the HT1100 modem) advertise themselves as IPv6 routers via ICMPv6.<\/li>\n<li>The modem also acts as a DHCPv6 server.<\/li>\n<li>The modem is given a \/61 prefix that is carved up into multiple \/64s, which are given out via prefix delegation. Why a \/61 and not, say, a \/60? I have no idea. Still, it means we have multiple subnets to play with. Thank you, HughesNet!<\/li>\n<li>The prefixes can and do change.<\/li>\n<li><strong>The addresses on these prefixes are globally reachable public IPv6 addresses!<\/strong><\/li>\n<\/ul>\n<p>I want IPv6 on my network. Unfortunately, most older routers don&#8217;t support IPv6. (And believe me, <em>all<\/em> of my equipment is old.) Fortunately, my router is actually an aging Linux box, so I can configure it to support IPv6.<\/p>\n<p>Here&#8217;s my current network setup:<\/p>\n<ul>\n<li>Router: 900MHz Celeron, 512MB RAM, CentOS 6.4 with 4 NICs.<\/li>\n<li>WAN: eth3, DHCP(v4) enabled<\/li>\n<li>LAN: eth0-eth2, static (private) IPv4 addresses<\/li>\n<li>DHCP\/DNS server: dnsmasq<\/li>\n<li>Firewall: good ol&#8217; iptables<\/li>\n<\/ul>\n<p>And here&#8217;s an overview of what has to be done to IPv6ify the router:<\/p>\n<ol>\n<li>Use wide-dhcp6 to fetch prefixes from the upstream router (the HT1000 modem) via prefix delegation, and assign a prefix to at least one LAN interface<\/li>\n<li>Use a newer version of DNSMasq to advertise the router via ICMPv6 and supply DHCPv6 configuration information<\/li>\n<li>Firewall the pants off the router<\/li>\n<li>Enable IPv6 forwarding<\/li>\n<li>Test it all<\/li>\n<li>Automate it all<\/li>\n<\/ol>\n<p>Each one of these steps has some lovely caveats.<\/p>\n<h1>1. wide-dhcp6 and prefix delegation<\/h1>\n<p>Here&#8217;s the deal. The HughesNet HT1000 will hand out \/64 subnets for your LANs via DHCPv6. Your router can then advertise to clients via ICMPv6 or DHCPv6 (or both).<\/p>\n<p>So far, the only DHCPv6 client I&#8217;ve found that can take a prefix advertised on a WAN interface and assign it to a LAN interface is wide-dhcpv6, which hasn&#8217;t been updated since 2008 (that&#8217;s about 17 eons in computer years). It&#8217;s hard to find packages for RPM based distributions like CentOS, so I compiled it from source. It has to be patched, otherwise you&#8217;ll face lots of lovely glibc-related errors. I fetched the source and patches used by Ubuntu. <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/wide-dhcpv6\" target=\"_blank\">You can find the sources and patches here.<\/a><\/p>\n<p>Note that you&#8217;ll need flex, bison, byacc, make, and gcc.<\/p>\n<pre># wget https:\/\/launchpad.net\/ubuntu\/saucy\/+source\/wide-dhcpv6\/20080615-11.1\/+files\/wide-dhcpv6_20080615.orig.tar.gz\r\n# wget https:\/\/launchpad.net\/ubuntu\/saucy\/+source\/wide-dhcpv6\/20080615-11.1\/+files\/wide-dhcpv6_20080615-11.1.debian.tar.gz\r\n# tar xf wide-dhcpv6_20080615.orig.tar.gz\r\n# tar xf wide-dhcpv6_20080615-11.1.debian.tar.gz\r\n# cd wide-dhcpv6-20080615\/\r\n# for file in ..\/debian\/patches\/*.patch; do patch -p1 &lt; \"$file\"; done\r\n# .\/configure\r\n# make\r\n# make install<\/pre>\n<p>Now, to configure the DHCPv6 client. Here&#8217;s the configuration file I used. Plop something similar in <strong>\/usr\/local\/etc\/dhcp6c.conf<\/strong><\/p>\n<pre>interface eth3 {\r\n  send ia-pd 0;\r\n  send ia-na 1;\r\n};\r\nid-assoc na 1 {};\r\nid-assoc pd {\r\n  prefix-interface eth0 {\r\n    sla-id 0;\r\n    sla-len 3;\r\n    ifid 1;\r\n  };\r\n  prefix-interface eth1 {\r\n    sla-id 1;\r\n    sla-len 3;\r\n    ifid 1;\r\n  };\r\n};<\/pre>\n<p>The key lines:<\/p>\n<pre>  interface eth3 {\r\n    send ia-na 1;\r\n    send ia-pd 0;\r\n  };<\/pre>\n<p>This sends a DHCPv6 request out on eth3 asking for prefixes, and also asks for a DHCPv6 address for the WAN interface.<\/p>\n<pre>  prefix-interface eth0 {\r\n    sla-id 0;\r\n    sla-len 3;\r\n    ifid 1;\r\n  };<\/pre>\n<p>This assigns one of the \/64 subnets on the delegated prefix to eth0. (sla-id 0 is the first \/64, sla-id 1 is the second, and so on.) sla-len is the difference between the prefix size (\/61) and \/64. ifid instructs dhcp6c to assign the interface an address of &lt;subnet&gt;::1. Otherwise, it will use SLAAC to create a nasty-looking address from the interface&#8217;s MAC address.<\/p>\n<p>The eth1 section is the same, but sla-id has been incremented by 1.<\/p>\n<p>But wait, you can&#8217;t just fire up dhcp6c just yet. <a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=591630\" target=\"_blank\">CentOS 6&#8217;s default firewall blocks returning DHCPv6 queries.<\/a> So we need an IP6Tables rule:<\/p>\n<pre># ip6tables -I INPUT -i eth3 -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::\/10 -d fe80::\/10 -j ACCEPT\r\n# ip6tables-save &gt; \/etc\/sysconfig\/ip6tables<\/pre>\n<p>Now you can run dhcp6c and see if things are jiving:<\/p>\n<pre># dhcp6c eth3\r\n\r\n# ifconfig eth0\r\neth0\u00a0\u00a0\u00a0\u00a0\u00a0 Link encap:Ethernet\u00a0 HWaddr &lt;MAC addr&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 inet addr:192.168.1.1\u00a0 Bcast:192.168.1.255\u00a0 Mask:255.255.255.0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 inet6 addr: 2001:beef:beef:beef::1\/64 Scope:Global\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 inet6 addr: &lt;link local address&gt;\/64 Scope:Link\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UP BROADCAST RUNNING MULTICAST\u00a0 MTU:1500\u00a0 Metric:1\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RX packets:207029767 errors:1828 dropped:0 overruns:0 frame:1828\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TX packets:119122609 errors:0 dropped:0 overruns:0 carrier:0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 collisions:0 txqueuelen:1000 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RX bytes:1523876758 (1.4 GiB)\u00a0 TX bytes:3933130082 (3.6 GiB)<\/pre>\n<p>Beautiful. Our LAN interface now has an IPv6 address!<\/p>\n<h1>2. DNSMasq<\/h1>\n<p>DNSMasq is a small application that combines a DNS cache\/forwarder, a DHCPv4 server, a DHCPv6 server, a TFTP server, and a router advertisement service. It works well for small networks but adapting it for more complicated situations can be difficult. If you don&#8217;t like such kitchen-sink applications, you can use more traditional tools: ISC BIND for DNS forwarding, dhcpd\/dhcpd6 for DHCPv4 and DHCPv6, and radvd for ICMPv6.\u00a0 This blog has a good guide to setting everything up with the help of some BASH scripts for automation: <a href=\"http:\/\/www.phildev.net\/phil\/blog\/?p=308\" target=\"_blank\">Native IPv6 on Comcast<\/a>.<\/p>\n<p>Since I use DNSMasq already for my network, I want to continue to use it, but I&#8217;ll need to compile the latest version, 2.66, which adds the ability to construct DHCPv6 ranges from the prefix present on an interface. This seems to gracefully handle prefix changes without having to generate configuration files or restart the daemon.<\/p>\n<pre># wget http:\/\/www.thekelleys.org.uk\/dnsmasq\/dnsmasq-2.66.tar.gz\r\n# tar xf dnsmasq-2.66.tar.gz\r\n# cd dnsmasq-2.66\r\n# make\r\n# make install<\/pre>\n<p>Only do this if you aren&#8217;t using DNSMasq already:<\/p>\n<pre># cp dnsmasq.conf.example \/etc\/dnsmasq.conf<\/pre>\n<p>Edit the configuration file. There are a plethora of comments to guide you. Here&#8217;s my bare-bones config:<\/p>\n<pre>domain-needed\r\nbogus-priv\r\nno-resolv # don't consult \/etc\/resolv.conf, use server= only\r\nserver=192.168.0.1 # replace this with a custom DNS server if you want\r\nserver=8.8.8.8 # multiple servers are OK\r\nlocal=\/home.lan\/ # only consult DHCP hosts database and \/etc\/hosts\r\ninterface=eth0\r\ninterface=eth1\r\nexpand-hosts\r\ndomain=home.lan # DHCPv4 hosts will get &lt;hostname&gt;.home.lan automatically\r\ndhcp-range=192.168.1.32,192.168.1.254,12h\r\ndhcp-range=10.0.1.32,10.0.1.254,12h\r\ndhcp-range=::1,::500,constructor:eth0, ra-names, 12h # add the following three lines\r\ndhcp-range=::1,::500,constructor:eth1, ra-names, 12h # to existing config, if any\r\nenable-ra # this line too\r\ndhcp-authoritative\r\ncache-size=1000\r\nno-negcache<\/pre>\n<p>If you want the router to use itself as a nameserver, add the following lines to <strong>\/etc\/sysconfig\/network-scripts\/ifcfg-eth3 <\/strong>(where eth3 is your WAN interface).<\/p>\n<pre>PEERDNS=\"yes\"\r\nDNS1=\"127.0.0.1\"<\/pre>\n<p>But be sure to specify the router&#8217;s fully-qualified domain name in \/etc\/hosts. For example:<\/p>\n<pre>192.168.1.1 router.home.lan router<\/pre>\n<h1>3. Firewall<\/h1>\n<p>You really do not want to skip this section.<\/p>\n<p>With IPv6, your clients are no longer &#8220;protected&#8221; by NAT like you assumed they were with IPv4. In fact, there <strong>is<em><\/em><\/strong><em>\u00a0<\/em>no NAT for IPv6. (Yeah, yeah, I know, it&#8217;s possible, but I&#8217;m just going to pretend it doesn&#8217;t exist.) This is a good thing. NAT is an ugly hack that was designed to stave off IPv4 address exhaustion. It breaks end-to-end connectivity and introduces a metric truckload of boondoggles, not the least of which is the common assumption that the machines on the private network behind the NAT router are safe. With IPv6, every client is directly <strong>routeable<\/strong> from the Internet, so it&#8217;s your job to configure your firewalls so that each machine is not <strong>reachable<\/strong>.<\/p>\n<p>Here&#8217;s the stripped-down config I used for the router. Bear in mind: eth0 and eth1 are LAN, eth3 is WAN. You&#8217;ll probably want a much more robust set of firewall rules&#8230;<\/p>\n<p><strong>\/etc\/sysconfig\/ip6tables<\/strong><\/p>\n<pre>*filter\r\n:INPUT ACCEPT [0:0]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [0:0]\r\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n-A INPUT -p ipv6-icmp -j ACCEPT\r\n-A INPUT -i lo -j ACCEPT\r\n-A INPUT -i eth0 -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT\r\n-A INPUT -i eth1 -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT\r\n-A INPUT -i eth0 -m state --state NEW -m udp -p udp --dport 547 -j ACCEPT\r\n-A INPUT -i eth1 -m state --state NEW -m udp -p udp --dport 547 -j ACCEPT\r\n-A INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\r\n-A INPUT -s fe80::\/10 -d fe80::\/10 -i eth3 -p udp -m state --state NEW -m udp --sport 547 --dport 546 -j ACCEPT\r\n-A INPUT -j REJECT --reject-with icmp6-adm-prohibited\r\n-A FORWARD -i eth3 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n-A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n-A FORWARD -i eth0 -o eth3 -j ACCEPT\r\n-A FORWARD -i eth1 -o eth3 -j ACCEPT\r\n-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited\r\nCOMMIT<\/pre>\n<p>DO NOT block ipv6-icmp. Blocking icmp in IPv4 was unwise, but you could get away with it. Blocking icmp in IPv6 will break things and you will be very upset.<\/p>\n<p>Open up other services as you expect them. Here I have SSH open on the LAN.<\/p>\n<h1>4. IPv6 Forwarding<\/h1>\n<p>Here&#8217;s the fun part. On kernel versions &lt; 2.6.37, enabling IPv6 forwarding is a binary thing, and enabling it disables receiving router announcements. Since CentOS 6&#8217;s kernel is a stable version 2.6.32, enabling IPv6 means our pretty SLAAC address on the WAN interface is about to go to IPv6 address heaven. But there is a little-documented workaround: enable IPv6 forwarding for all interfaces but then explicitly disable it on the WAN interface. It will still work. Why? I don&#8217;t know.<\/p>\n<p>Enable forwarding:<\/p>\n<pre># echo 1 &gt; \/proc\/sys\/net\/ipv6\/conf\/all\/forwarding<\/pre>\n<p>Then, for kernel &lt; 2.6.37<\/p>\n<pre># echo 0 &gt; \/proc\/sys\/net\/ipv6\/conf\/eth3\/forwarding<\/pre>\n<p>For kernel &gt;= 2.6.37:<\/p>\n<pre># echo 2 &gt; \/proc\/sys\/net\/ipv6\/conf\/eth3\/accept_ra<\/pre>\n<p>You can set these in <strong>\/etc\/sysctl.conf<\/strong> to keep the settings across reboots:<\/p>\n<pre>net.ipv6.conf.all.forwarding=1\r\nnet.ipv6.conf.eth3.forwarding=0<\/pre>\n<p>or for kernel &gt;= 2.6.37:<\/p>\n<pre>net.ipv6.conf.all.forwarding=1 \r\nnet.ipv6.conf.eth3.accept_ra=2<\/pre>\n<p>(Thanks to these two <a href=\"http:\/\/www.ipcalypse.ca\/?p=204\" target=\"_blank\">blog<\/a> <a href=\"https:\/\/www.nnbfn.net\/2013\/05\/dhcpv6-pd-configuration-for-multiple-subnets\/\" target=\"_blank\">posts<\/a> for information on these pesky sysctl variables. Go read them, they go far deeper in depth on wide-dhcpv6 and IPv6 in general.)<\/p>\n<p>&nbsp;<\/p>\n<h1>5. Test it<\/h1>\n<p>Make sure your firewall config is in place. Enable IPv6 forwarding. Start dhcp6c manually:<\/p>\n<pre># dhcp6c eth3<\/pre>\n<p>Start DNSMasq manually in debug mode.<\/p>\n<pre># dnsmasq -d<\/pre>\n<p>Now connect a computer to your LAN interface. Enable IPv6 (most modern Linux distros will have IPv6 enabled already). Use ifconfig on the client to see if you have a public IPv6 address.<\/p>\n<pre># ifconfig eth0\r\neth0\u00a0\u00a0\u00a0\u00a0\u00a0 Link encap:Ethernet\u00a0 HWaddr &lt;mac addr&gt;\r\ninet addr:192.168.1.115\u00a0 Bcast:192.168.1.255\u00a0 Mask:255.255.255.0\r\ninet6 addr: 2001:&lt;snip&gt;\/64 Scope:Global\r\ninet6 addr: 2001:&lt;snip&gt;\/64 Scope:Global<\/pre>\n<p>In this case, the client has two&#8211;one generated via SLAAC, the other via DHCPv6. Nice!<\/p>\n<p>Try pinging something.<\/p>\n<pre># ping6 google.com\r\nPING google.com(dfw06s33-in-x03.1e100.net) 56 data bytes\r\n64 bytes from dfw06s33-in-x03.1e100.net: icmp_seq=1 ttl=55 time=683 ms\r\n64 bytes from dfw06s33-in-x03.1e100.net: icmp_seq=2 ttl=55 time=823 ms\r\n64 bytes from dfw06s33-in-x03.1e100.net: icmp_seq=3 ttl=55 time=743 ms\r\n64 bytes from dfw06s33-in-x03.1e100.net: icmp_seq=4 ttl=55 time=813 ms<\/pre>\n<p>If all goes well by this point, you now have IPv6 on your home network!<\/p>\n<h1>6. Automate it<\/h1>\n<p>If you haven&#8217;t already, test the IPv6 forwarding settings and add them to \/etc\/sysctl.conf. Reboot<\/p>\n<p>You&#8217;ll want dhcp6c to start when the interface is brought up and for it to be killed when the interface goes down. For CentOS, you can accomplish this by creating two files in \/sbin, <strong>ifup-local <\/strong>and <strong>ifdown-local<\/strong>. These are called by the ifup\/ifdown scripts if they exist, but they are not present on a stock CentOS system. Create them and mark them executable.<\/p>\n<p><strong>\/sbin\/ifup-local<\/strong><\/p>\n<pre>#!\/bin\/bash\r\nif [[ \"$1\" == \"eth3\" ]]\r\nthen\r\n\u00a0 echo \"Starting wide-dhcpv6 client...\"\r\n\u00a0 \/usr\/local\/sbin\/dhcp6c -p \/var\/run\/dhcp6c.pid \"$1\"\r\nfi<\/pre>\n<p><strong>\/sbin\/ifdown-local<\/strong><\/p>\n<pre>#!\/bin\/bash\r\nif [[ \"$1\" == \"eth3\" ]]\r\nthen\r\n\u00a0 test -e \/var\/run\/dhcp6c.pid &amp;&amp; kill `cat \/var\/run\/dhcp6c.pid`\r\nfi<\/pre>\n<p>(The ifdown script could be improved and made to ensure that the process being killed is, in fact, dhcp6c&#8230;)<\/p>\n<p>Mark them both executable:<\/p>\n<pre># chmod +x \/sbin\/ifup-local \/sbin\/ifdown-local<\/pre>\n<p>To start DNSMasq on boot, plop this into <strong>\/etc\/init.d\/dnsmasq<\/strong> (assuming you&#8217;re not already using dnsmasq from a proper RPM package). If you are, adjust the dnsmasq= line to point to the new dnsmasq executable in \/usr\/local\/sbin\/:<\/p>\n<pre>#!\/bin\/sh\r\n#\r\n# Startup script for the DNS caching server\r\n#\r\n# chkconfig: - 49 50\r\n# description: This script starts your DNS caching server\r\n# processname: dnsmasq\r\n# pidfile: \/var\/run\/dnsmasq.pid\r\n\r\n# Source function library.\r\n. \/etc\/rc.d\/init.d\/functions\r\n\r\n# Source networking configuration.\r\n. \/etc\/sysconfig\/network\r\n\r\n# Check that networking is up.\r\n[ ${NETWORKING} = \"no\" ] &amp;&amp; exit 0\r\n\r\ndnsmasq=\/usr\/local\/sbin\/dnsmasq\r\n[ -f $dnsmasq ] || exit 0\r\n\r\nDOMAIN_SUFFIX=`dnsdomainname`\r\nif [ ! -z \"${DOMAIN_SUFFIX}\" ]; then\r\n\u00a0 OPTIONS=\"-s $DOMAIN_SUFFIX\"\r\nfi\r\n\r\nRETVAL=0\r\n\r\n# See how we were called.\r\ncase \"$1\" in\r\n\u00a0 start)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if [ $UID -ne 0 ] ; then\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo \"User has insufficient privilege.\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 exit 4\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fi\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo -n \"Starting dnsmasq: \"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 daemon $dnsmasq $OPTIONS\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ $RETVAL -eq 0 ] &amp;&amp; touch \/var\/lock\/subsys\/dnsmasq\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 stop)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if test \"x`pidfileofproc dnsmasq`\" != x; then\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo -n \"Shutting down dnsmasq: \"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 killproc dnsmasq\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fi\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ $RETVAL -eq 0 ] &amp;&amp; rm -f \/var\/lock\/subsys\/dnsmasq \/var\/run\/dnsmasq.pid\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 status)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 status dnsmasq\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 reload)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if test \"x`pidfileofproc dnsmasq`\" != x; then\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo -n \"Reloading dnsmasq: \"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 killproc dnsmasq -HUP\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fi\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 force-reload)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # new configuration takes effect only after restart\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $0 stop\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $0 start\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 restart)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $0 stop\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $0 start\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 condrestart)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if test \"x`pidfileofproc dnsmasq`\" != x; then\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $0 stop\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $0 start\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RETVAL=$?\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fi\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;;\r\n\u00a0 *)\u00a0\u00a0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 echo \"Usage: $0 {start|stop|restart|reload|condrestart|status}\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 exit 2\r\nesac\r\n\r\nexit $RETVAL<\/pre>\n<p>Then, once the script is in place:<\/p>\n<pre># chmod +x \/etc\/init.d\/dnsmasq\r\n# chkconfig --add dnsmasq\r\n# chkconfig dnsmasq on<\/pre>\n<h1>What&#8217;s next?<\/h1>\n<p>I don&#8217;t think dnsmasq&#8217;s nameserver is being advertised (either via ICMPv6 RDNSS or DHCPv6), so my local DNS cache is only available via IPv4 for now. I also want to enable <a href=\"http:\/\/tools.ietf.org\/html\/rfc4941\" target=\"_blank\">RFC4941<\/a> privacy extensions so my MAC-derived SLAAC-configured addresses aren&#8217;t easily traced across every IPv6-enabled website I visit.<\/p>\n<p>If you&#8217;ve gotten this far without encountering errors: congratulations! You have native HughesNet IPv6 on your network!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HughesNet offers native IPv6 support (including routed prefixes) on their HT1000\/HT1100 GEN4 systems. If you don&#8217;t know what IPv6 is, then fix yourself some tea, settle in, and skim through these primers on IPv6. It&#8217;s very nice to see that HughesNet is embracing the future of the Internet by allowing its customers to use IPv6 &#8230; <a class=\"moretag\" href=\"https:\/\/jacksontech.net\/index.php\/2013\/07\/native-hughesnet-ipv6-on-linux\/\">more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,5,3],"tags":[7,8,11,6],"class_list":["post-133","post","type-post","status-publish","format-standard","hentry","category-comptech","category-linux","category-networking","tag-ht1000","tag-hughesnet","tag-ipv6","tag-satellite"],"_links":{"self":[{"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/posts\/133","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/comments?post=133"}],"version-history":[{"count":27,"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/posts\/133\/revisions"}],"predecessor-version":[{"id":319,"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/posts\/133\/revisions\/319"}],"wp:attachment":[{"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/media?parent=133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/categories?post=133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jacksontech.net\/index.php\/wp-json\/wp\/v2\/tags?post=133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}