| Inittial release: | 20180902 |
| Last updated: | 20180906 |
I guess nobody outside germany has ever heard anything of a "fritbox". It is the standard device for consumer internet connections in germany and most ISPs use this device to connect their customers (even though it is "branded" in most cases with another name). It is a jack of all trades device, allowing the ISP to offer different services, like voice and network service, to the customer by using only one device. As a result of its versatility it has many features, but isn't really good in anything.
As far as I know it is only largely used in germany. And of course the GUI is adapted to the german market, thus all screenshots here are presented in german. Sorry for that :-)
Before doing anything else we activate the extented view ("Erweiterte Ansicht" auf deutsch) to see additional configuration options:
In most cases, when you have a DS-Lite environment, the device will get an additional IPv6 address range for personal use which is dynamically assigned and you can not use a static configuration on your internal network. So your first task is to find out how large the additional range is. For this, you navigate to Internet -> Online-Monitor:
On this screen you will find your additional address range:
As you can see I get a /56 network range. Which means I can subdivide this net into 256 (/64 - /56 = 28 = 256) subnets.
Since this range is dynamic we have to use the so called "prefix delegation" (more on this later). Now we have all the data we need to configure our network.
The configuration on the Fritzbox consists of several steps. First we configure its LAN interface to the planed IP address and activate the DHCP server for this network. Navigate to "Heimnetz" -> "Heimnetzübersicht" and scroll down to "IPv4-Adressen":
In essence it is not necessary to activate DHCP for the internal network of the Fritzbox. But it makes our live easier as you can simply plug in a laptop directly to the Fritz in emergency situations. If you activate DHCP it is also a good idea to create a static dhcp entry for the router. In any case you need a static IPv4 address for the router, in my case I have chosen 172.16.0.2 for it. (see Getting direct access to the Edgerouter)
We also set a route to the Edgerouter. For simplicity I route the complete 172.17.0.0/16 to it, so I have a stock for future enhancements:
Now we setup the IPv6 network, starting with the ip address configuration. Here we configure several settings:
Unique Local Addresses (ULAs) are RFC 1918 addresses (aka private networks) for
IPv6. And since IPv4 addresses are scarce and private addresses are necessary
to enhance the global IPv4 address space, ULAs are totally braindead in an IPv6
world. Although some people think that a private address range offers
additional security, this security is elusorily and the necessity to use
network address translation (NAT) disturbs many protocols.
So we deactivate ULAs:
The next setting is important to allow delegated IPv6 networks to communicate with the internet without intervention from the Frtizbox:
The fritzbox will delegate IPv6 prefixes to my Edgerouter, and my Edge Router will announce back that it actually serves this network.
And finally we tell Fritzbox to delegate IPv6 networks to downstream routers, i.e. our Edgerouter:
The next step is to make our firewall directly accessible from the internet without any intervention from the Fritbox. In AVM language this is called an "exposed host":
Important here are especially two settings:
Wether you allow ping6 here or not is not so important. But in my environment this decission is delegated to my Edgerouter. So I activated this option.
The Fritzbox is now in a usable state and we can continue with configuring the Edgerouter.
<<< Prev Next>>>