Hi cronraptor,
to help you a bit:
"IPv6 CONNECTION TYPE: My IPv6 Connection is:" Look what is configured for your IPv4 Internet access and configure the same for IPv6, given your ISP uses the same mechanisms for both protocols, hence:
IPv4=Static IP --> IPv6=Static IPv6 (Ask your ISP for the data to be entered in this case)
IPv4=Dynamic IP --> IPv6=Autoconfiguration (SLAAC/DHCPv6)
IPv4=PPPoE (Username/Password) --> IPv6 (PPPoE)
Other IPv6 Connections (e.g. IPv6 in IPv4 tunnel, 6rd) are tunneling techniques, where IPv6 packets get routed to the IPv6-Internet by encapsulating them into IPv4 packets, but since your ISP seems to offer native IPv6 access, only one of the above listed choices is adequate.
In case of PPPoE you have to decide, if IPv6 and IPv4 packets shall be forwarded through the same PPP connection to your ISP (default=Share with IPv4), or if your ISP supports/demands a second PPP connection for use with IPv6 ("Create a new session"). In the second case you have to specify the PPP credentials for the second PPP connection (as assigned by your ISP). A second choice with PPPoE has to be made for Address Mode=Dynamic IP (default) or =Static IP (then to be entered into the field "IP Address"). The address of concern is the IPv6 address to be used at the WAN interface of your box and corresponds to the global IPv4 address your box gets assigned (with the difference that the IPv6 WAN address is not used for NAT, there is no NAT for IPv6).
IPv6 DNS SETTINGS:
Your ISP should provide them automatically, hence default option "Obtain a DNS server address automatically" is right, otherwise select option "Use the following DNS address" and enter the data you are told by your provider. It doesn't matter if you haven't configured IPv6 DNS server addresses at all because names can also be resolved to IPv6 addresses by asking your configured IPv4 DNS server addresses via IPv4, in other words: IPv6 name resolution also works by asking DNS servers via IPv4 transport.
LAN IPv6 ADDRESS SETTINGS:
As there is no NAT for IPv6, within your LAN you need an IPv6 address range that is globally routable. In general, this address range is independent/different from the IPv6 address range, your WAN IPv6 address stems from. There are two possible methods to get this IPv6 range for use inside your LAN:
(1) Activate DHCP-PD (PD=Prefix Delegation, in IPv6 the term "Prefix" specifies an IPv6 address range of some size) which is the default: In this case your router asks your ISP via DHCP-PD for an IPv6 address range and uses it for IPv6 autoconfiguration inside your LAN.
(2) If your Provider does not support DHCP-PD, you have to enter the IPv6 address range (ask your ISP for the value) manually into the field called "LAN IPv6 Address": This is a value of the form XXXX:XXXX:XXXX:XXXX:: where any X is one of 0, 1, 2, ... 9, a, b, ..., f (a hex digit, you may also use A, B, ..., F), and it is not the address of the router's LAN interface but the network address of the entire LAN (just as 192.168.1.0/24 is not an IPv4 address of a single host but for the entire network including the addresses 192.168.1.1 - 192.168.1.254 and 192.168.1.255 beeing the broadcast address). That's why this address ends with "::" meaning all 0 in the lower 64 bits of the address. The router's LAN interface address is formed automatically from this range and the LAN-MAC address of the router.
ADDRESS AUTOCONFIGURATION SETTINGS:
Best choice is to activate "Enable automatic IPv6 address assignment :" which is the default. This means that your router either operates as DHCPv6 server and/or regularly or in response to a solicitation from an IPv6 client multicasts the LAN IPv6 address (the IPv6 prefix XXXX:XXXX:XXXX:XXXX::/64) into your LAN (so called router advertisements RA), so that all LAN clients can automatically form their own IPv6 host addresses by appending a value (derived from their unique MAC addresses) into the lower 64 bits of the prefix. They also learn the IPv6 default gateway which is the "link local address (fe80::...)" shown in the area "LAN IPv6 ADDRESS SETTINGS :" and is the address the RAs are send from.
If you disable "Enable automatic IPv6 address assignment :" you have to configure all your hosts within your LAN manually - impossible, if you don't know the LAN prefix to use in advance or because it dynamically changes via DHCP-PD according to a privacy policy of your ISP.
As long as you have only one LAN behind your box and no additional routers inside you LAN that connect to further inside LANs, you should deactivate "Enable Automatic DHCP-PD in LAN". With this option enabled another internal router could ask your box for an IPv6 prefix to use for the next LAN this internal router connects to. But this is advanced and not needed in more than 99% of all cases.
Leave the "Router Advertisement Lifetime :" as specified and finally select the proper Autoconfiguration Type:
SLAAC+RDNSS:
This means that LAN clients autoconfigure themselves (SLAAC=Stateless Address Auto Configuration) by evaluating Router Advertisements (RA) and hence learn their host address, prefix length (always 64) an default gateway. In addition the IPv6 DNS servers to use are learned from RDNSS, which means that their addresses are conveyed within RAs, too. But be careful: Up to now, most clients (such as Windows 7) do not support RDNSS, so it is better to select the next choice:
SLAAC+stateless DHCPv6 (default):
Same as before, but now the clients ask your router via DHCP information requests for the values of IPv6 DNS servers. This is the preferred choice, because this type of autoconfiguration is supported by most clients.
Stateful DHCPv6:
In this case clients use RAs only to learn a default gateway and the IPv6 prefixes active on the link, but they use DHCPv6 to learn their IPv6 address and the IPv6 DNS servers. Here you have to specify an address range (start - end), the clients get an offer from.
IPV6 FIREWALL:
As long as it is switched off, any IPv6 traffic inside <---> outside is blocked, in other words: you can't use the IPv6 Internet. Hence:
(1) Switch FW on via "Turn IPv6 Firewall ON and ALLOW rules listed"
(2) Specify a single rule that allows anything going out:
- Activate the checkbox of the first rule
- Give it a Name, e.g. "AllowAllOut"
- Schedule = Always
- Source Interface = LAN
- Source IP Address Range = ::
- Protocol = Any
- Dest Interface = WAN
- Dest IP Address Range = ::
- Port Range: leave as is, not relevant (=any value) for Protocol = Any
PacketTracer
EDIT:
After you have managed to bring it up, at one of your LAN hosts do the following:
- Switch off a host based firewall (e.g. Windows firewall) if one is active on the selected host.
- Visit "http://ipv6.chappell-family.com/ipv6tcptest/" and perform a portscan test to see that your host is protected behind the IPv6 firewall of your DIR-box.
- Switch on host based firewall again.
