Last Updated: Feb 21st, 2025
Project Members – Network Related
Do I need IPv4 or IPv6 to connect to your network?
You can connect to our network using either protocol. We fully support both for our WireGuard profiles and all routers will respond to connections from either protocol as long as your profile is valid.
I loaded my profile in two places and nothing is working!
Please, do not do this. It confuses our routers and only leads to frustration for you as the user. Reach out to support and describe your network setup and let them know how many profiles you actually need. Our support will work with you to get things setup properly as long as your requirements are not bizarre.
Are your IPv6 addresses on the public internet?
Yes. If your request for service gets approved, we will assign you a publicly routable IPv6 address. There is a small catch though: While you can get your homelab or device onto the public IPv6 internet, there are some systems and networks that do not like our upstreamās ASN. Most things should work, but you may run into issues for certain websites and games. This is nothing we can do about it short of getting our own ASN and netblock, which isnāt cheap or easy for FurrIX to do at this time.
Do I have to get IPv4 access with my IPv6 request?
Not at all, in fact that is the default configuration for approved service request. IPv6 is our core focus, with IPv4 just being an after thought. So no, unless you ask for IPv4 access, it will not be included by default.
Are your IPv4 addresses on the public internet?
Yes, on the WAN side. If you do request IPv4 service along with your IPv6 request, you will receive a NATād IPv4 address in the 10.0.x.x range. This is provided as an option for convenience and is not the focus of our project. Side note, if you want us to port forward something to your NATād address, let us know what port and why. We will get back to you when we have a moment.
Can I get just NAT’d IPv4 Service?
No, IPv4 is not the focus of our project. Without having IPv6 service in place from us, you will not get IPv4 service by itself. If you come across a project member or end user who states they are mainly using IPv4 from us, do note that they also have a /127 direct or a /127 with a routed /64 attached to their account. We do not service IPv4 by itself and never will, IPv4 service must be bundled with IPv6 service.
Do you own your address space?
No, we donāt have that kind of funding. Our address space for both IPv4 and IPv6 comes from our upstream providers. Due to record keeping, however, sometimes our IP ranges will show either our
upstreams’ information or āMarbled Fennec Networks.ā To be a bit more clear on this subject, our data center gives us access to /48 and we also lease a /48 from an LIR in the US.
When requesting IPv6 service from you, what subnet ranges are usable?
Our data center gives us access to the network ‘2604:4300:f03::/48’ and most of our routing gear, services and project members get serviced from their subnet. We also lease the network ‘2602:f992:f3::/48’ from an LIR in the US. Project members requesting service(s) from us can ask to have a /64 routed to them from either of our pools.
I have my own PI IPv6 subnet, can you service it for me?
While technically possible, this is not a service that either Marbled Fennec Networks or FurrIX plans to offer. Managing our two /48 subnets is more than enough of a chore for our volunteers and adding another network to that pile is not feasible from a management point of view, nor does it offer any benefit to the projects as a whole.
When requesting IPv6 connectivity from you, who actually services the network?
We have been asked this a few times now. Marbled Fennec Networks handles the public facing services and FurrIX is responsible for the actual network operations. When you request service from us, you will interact with the volunteers at Marbled Fennec Networks, who will then put your request through with the appropriate details to the volunteers over at FurrIX who will handle connection profile creation and subnet routing.
Why are there bandwidth limits on your routers?
Our physical host features a 1Gbps link between our server and the data center. To make an attempt to prevent accidental network saturation, we place hard limits on each of our routers that should keep any one router from crashing the network. For our shared routers the limit is currently 350Mbps download and 175Mbps upload shared between all connected users to a specific router. For our members making use of VM hosting with us, the CX router is limited to 250Mbps shared in both directions.
What do you mean by āsharedā bandwidth?
All project members connected to one of our routers will share the bandwidth on that router with all others who are currently connected to that router. We run the project to get our members and end users connected to the greater IPv6 internet as well as to enable them to host things in their homelabs in situations where their ISP does not make it easy or possible to do so. For cost and practical reasons, we cannot provide every member with line speed; therefor we set what we determine to be reasonable limitations to allow everyone fair use of the network. Additionally, our routers use Quality of Service systems to try and keep the total load balanced and latency acceptable.
When connected to your network, I cannot browse certain sites/servicesā¦
Just an unfortunate fact of being on the internet and using our network ranges. Some overzealous network and system admins out there automatically deem data center IP ranges to be a threat to their network or services; and as such, they block our network from accessing theirs. The only thing we can advise in this situation is that you access those services or sites outside of our network or that you seek out other services or sites that do not practice such blocking. Blanket blocking isnāt offering much for security and these guys are catching legitimate traffic in their nonsense, as well as breaking parts of the internet with their actions.
When connected to you network, I sometimes see various DNS servers answering my queries…what’s up with that? How are you handling DNS?
Around July 5th, 2024 Marbled Fennec Networks started running our own name servers for our domains and to gain experience in maintaining name servers. These name servers are able to be used by the general public and provide DNS over HTTPS and DNS over TLS, as well as answer to a few different ports in addition to the standard port 53. Our network team ask that public users please use the server address of ‘dns.marbledfennec.net’ when using our servers.
When using ‘dns.marbledfennec.net’, you will sometimes see a third server pop- that isn’t actually either of the name servers. Due to us only having an IPv4 /29, NS1 sits behind the router ‘kc.mo.us.cx.furrix.zone’ and some OSes and software pick up on that name instead of the name server itself. For all intents and purposes, ‘ns1.marbledfennec.net’ and ‘kc.mo.us.cx.furrix.zone’ are the same name server, just NAT goofs that up. Our name servers are ‘ns1.marbledfennec.net’ and ‘ns2.marbledfennec.net’, both support IPv4 and IPv6 and will resolve ICANN and OpenNIC domains. There are rate and bandwidth limits in place on both servers to help limit abuse.
Okay, but I don’t like the idea of using your name servers or OpenNIC’s for that matter…
Okay, that is your choice. If you do not want us processing DNS queries for you, you may modify your connection profile to be a split tunnel and exclude your DNS server of choice from the tunnel. This will keep your name traffic outside of our servers and network. To be honest with you, at the end of the day..our team just isn’t interested in where you went or why you went there as long as we don’t receive complaints about your traffic. Most people who ask this question are coming from a point of privacy but seem to miss the mark of we can still see where you sent traffic to without seeing your DNS queries. Just the nature of computer networking.
Speaking of name servers, do you offer reverse DNS (PTR Records)?
Yes, as of September 15th, 2024 we control our reverse zones and have the ability to create and manage PTR records for our project members and end users. If you need records setup, beyond the automatic ones, you can reach out to our support desk and let them know.
Okay, if you have PTR support, what is the policy about email servers?
Neither Marbled Fennec Networks or FurrIX allow our project members, project guest or end users to host or operate an email server on any type of our networks. Ports 25, 465 and 587 are blocked by default on all endpoints meant for use by project members, project guest and end users. Our volunteers will not unblock these ports unless the request comes in from another well established project with a provable track record. Individuals not qualify for this exception.
I ran nslookup on my IPv6 address and I’m not sure how to feel about the results…
FurrIX has a policy in place to help our volunteers deal with network abuse. All interfaces on our end that connect our project members and guest to our networks will have a PTR entry that tells our volunteers and external network operators the following information:
- the subnet identifier
- the nickname of the member or guest responsible for the traffic
- the city, state/province and country of the member or end user responsible for the traffic
- which of our routers the member or guest is connected through
Our volunteers rely on these records being set in order to ensure that our project members and guest are following our policies and are not contributing to the already abundant internet asbestos traveling the wires and fiber that make up the internet. These records are not negotiable and are always setup upon connection. These records may be updated with new information from time to time depending on where you connect from.
I saw a few different domains servicing your project, why is that?
Our team maintains two different namespaces for the project. ‘marbledfennec.net’ is the public facing website and is where we post updates, policies and interact with our project members and guest. ‘furrix.zone’ is used internally for our routing gear, doc services, NMS and so on.
In a nutshell:
‘marbledfennec.net‘ is the people who run the projects and interact with the public.
‘furrix.zone‘ is the gear that handles the packets, the people who maintain our network and is what people connect to.
Alright, I saw something about WireGuard. Are you a VPN provider?
Not in the sense that you are most likely thinking. While we do deploy VPN technologies to connect our members, we do not focus on privacy or āhidingā any memberās traffic. If we may use a bit of a misnomer here, we deploy what we call an ārVPNā or reverse VPN network stack. Our goal is to get your homelab or device on the public internet and reachable. Andā¦before you ask: Yes, we log various metrics and stats about our connected members. Do not assume total privacy with our service, that is not our goal with FurrIX. Our volunteer techs have access to various metrics and real time data for every router, bridge and VM on our network at all times.
Simple answer: No, we are not a VPN provider in the sense the public thinks when they hear that term. You are not anonymous when connected to us.
Are your systems automated?
As of July 31, 2024…Partially. But as far as I am aware, neither group plans to automate too much on the network because a few of us enjoy working on the configurations by hand. Plus, working on things by hand allows us to work closer with our project members to ensure we create a profile that meets their needs for their homelab or device, instead of relying on automated templates.
Why are you so upfront about how the network operates?
Short answer- Nothing special or magical is going on here. Anyone with enough know how and determination can match us on feature parity and network design; to be straight to the point, the
project and the network it operates are built that way on purpose. And if we can be blunt, our projects are built to showcase how easy it is to design and deploy these little corners of the internet where people can still play and learn about the underlying technologies that power the modern internet.
Long answer-
Anyone who is into computer networking, Linux and virtual machines can easily figure how our network is built and replicate it in about two to three days if they really wanted to. We donāt have anything to hide here or anything special going on in the back end. All of our tooling is standard off-the-shelf firmware, applications, services and libraries. Furthermore, being open and transparent means that our members will be fully aware of what, who and how they are connecting their equipment to us.
Our environment is virtualized and deploys a mix of network soft bridges, opnsense powered routers, a few Linux VMs for various services and some amount of firewall rules. We wanted to try and keep the projectās network stack on the more simple scale of things to allow for new volunteer techs to be able to easily grasp the ropes and be able to get up to speed quickly in their roles; but also to allow the project to make sense to members who are moving on so they may recall and make use of what they learned where ever they progress on to.
Project Members – Operations Related
If I request service, how long is the wait?
Bruh, we are hobbyist. This is a spare time project brought online because we enjoy operating a virtual ISP. If you reach out to support via the ticket system or email, you should expect to wait for a response for around one to two days. We try to be quick with request and support related inquiries, but all of our volunteer techs have lives, jobs and projects outside of both Marbled Fennec Networks and FurrIX.
What level of support is provided by your volunteers?
Adrian limits our volunteer techs to helping get members and guest connected to our network, routing subnets if requested, setting up forward and reverse DNS and adjusting firewall rules. Our demarcation is the connection profile that gets emailed to project members and guest. We do not provide support for anything on your side of the profile.
Project Members – VM/GS Hosting Related
Is MFN a GSP? (Game Server Provider)
No.
As of August 26th, 2024 Marbled Fennec Networks no longer offers any form of VM, GS or VPS hosting at all. From a workload and cost view, offering this to our members was not sustainable and was outside of our scope of operations as is.
But I see game servers and other services coming from your network!
One of two things is happening here:
1) You are seeing services that are being run by our project members or guest which are being hosted at their homelab location and the network transit is provided by us for IPv6 for them (or IPv4 when bundled with IPv6)
or
2) You are seeing services which are hosted in house as part of an agreement between Marbled Fennec Networks and one of our board members in exchange for assistance with project finances.
Marbled Fennec Networks does not offer in house VM or GS hosting to the public, our project members or guest as of August 26th, 2024.
Other Frequently Asked Questions
I really would like my own IPv4 to skip your routers!
Two problems with this:
1) IPv4 addresses are too expensive to rent just for your use. It cost FurrIX $12/mo for each /29 and we can only request one additional /29 every three months and three of those addresses must be āin serviceā by end of month one. We have been burned doing this for past members of the projects who decided they wanted to back track after the order was placed.
and
2) IPv4 is not the focus of the project. We only offer IPv4 as a mix of legacy support and a courtesy to our project members. For what we do, IPv6 is much easier to work with and roll out. The IPv6 network we operate also allows us to service more project members with our network stack with fewer headaches in deployment.
If after reading the above you still really would like your own IPv4 address, we encourage you to inquire about how the network is designed and to rent a dedicated box from a data center to build your own project on. It can be a fun and rewarding process once you get the hang of it all.