mirror of https://github.com/tLDP/LDP
7844 lines
165 KiB
Plaintext
7844 lines
165 KiB
Plaintext
|
#LyX 1.1 created this file. For more info see http://www.lyx.org/
|
|||
|
\lyxformat 218
|
|||
|
\textclass docbook-book
|
|||
|
\begin_preamble
|
|||
|
<!entity header system "header.sgml">
|
|||
|
\end_preamble
|
|||
|
\language english
|
|||
|
\inputencoding default
|
|||
|
\fontscheme default
|
|||
|
\graphics default
|
|||
|
\paperfontsize default
|
|||
|
\spacing single
|
|||
|
\papersize Default
|
|||
|
\paperpackage a4
|
|||
|
\use_geometry 0
|
|||
|
\use_amsmath 0
|
|||
|
\paperorientation portrait
|
|||
|
\secnumdepth 3
|
|||
|
\tocdepth 3
|
|||
|
\paragraph_separation indent
|
|||
|
\defskip medskip
|
|||
|
\quotes_language swedish
|
|||
|
\quotes_times 2
|
|||
|
\papercolumns 1
|
|||
|
\papersides 1
|
|||
|
\paperpagestyle default
|
|||
|
|
|||
|
\layout Title
|
|||
|
\added_space_top vfill \added_space_bottom vfill
|
|||
|
Linux IPv6 HOWTO
|
|||
|
\layout SGML
|
|||
|
|
|||
|
<author>
|
|||
|
\layout FirstName
|
|||
|
|
|||
|
Peter
|
|||
|
\layout Surname
|
|||
|
|
|||
|
Bieringer
|
|||
|
\layout SGML
|
|||
|
|
|||
|
<affiliation><address> <email>pb (at) bieringer.de</email> </address> </affiliati
|
|||
|
on>
|
|||
|
\layout SGML
|
|||
|
|
|||
|
</author>
|
|||
|
\layout SGML
|
|||
|
|
|||
|
<revhistory>
|
|||
|
\layout SGML
|
|||
|
|
|||
|
<revision> <revnumber>Release 0.16</revnumber> <date>2002-01-19</date> <authorini
|
|||
|
tials>PB</authorinitials> <revremark>See
|
|||
|
\begin_inset LatexCommand \ref[revision history]{revision-history}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for more</revremark></revision>
|
|||
|
\layout SGML
|
|||
|
|
|||
|
<revision> <revnumber>Release 0.15</revnumber> <date>2002-01-15</date> <authorini
|
|||
|
tials>PB</authorinitials> <revremark>See
|
|||
|
\begin_inset LatexCommand \ref[revision history]{revision-history}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for more</revremark></revision>
|
|||
|
\layout SGML
|
|||
|
|
|||
|
</revhistory>
|
|||
|
\layout Abstract
|
|||
|
|
|||
|
The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions
|
|||
|
about IPv6 on the Linux operating system.
|
|||
|
This HOWTO will provide the reader with enough information to install,
|
|||
|
configure, and use IPv6 applications on Linux machines.
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-general}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
General
|
|||
|
\layout Comment
|
|||
|
|
|||
|
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
<
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
must be encoded using
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
<
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
because of SGML export, otherwise this will be recognized as SGML tag,
|
|||
|
which isn't really one...
|
|||
|
\layout Comment
|
|||
|
|
|||
|
CVS-ID: $Id$
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{general-copright}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Copyright, license and others
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Copyright
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Written and Copyright (C) 2001-2002 by Peter Bieringer
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
License
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\series bold
|
|||
|
This Linux IPv6 HOWTO is published under GNU GPL version 2
|
|||
|
\series default
|
|||
|
:
|
|||
|
\newline
|
|||
|
|
|||
|
\newline
|
|||
|
|
|||
|
\newline
|
|||
|
|
|||
|
\newline
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems.
|
|||
|
|
|||
|
\newline
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Copyright (C) 2001-2002 Peter Bieringer
|
|||
|
\newline
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This documentation is free software; you can redistribute it and/or modify
|
|||
|
it under the terms of the GNU General Public License as published by the
|
|||
|
Free Software Foundation; either version 2 of the License, or (at your
|
|||
|
option) any later version.
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
|||
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|||
|
FOR A PARTICULAR PURPOSE.
|
|||
|
See the GNU General Public License for more details.
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You should have received a copy of the GNU General Public License along
|
|||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
|||
|
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
About the author
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Internet/IPv6 history of the author
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
1993: I got in contact with the Internet using console based e-mail and
|
|||
|
news client (e.g.
|
|||
|
look for
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
e91abier
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
on
|
|||
|
\begin_inset LatexCommand \url[groups.google.com]{http://groups.google.com/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, that's me).
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
1996: I got a request for designing a course on IPv6, including a workshop
|
|||
|
with the Linux operating system.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
1997: Started writing a guide on how to install, configure and use IPv6
|
|||
|
on Linux systems, called
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(see
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo/History]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-0.html#history}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for more information).
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
2001: Started writing this new Linux IPv6 HOWTO.
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Contact
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The author can be contacted via e-mail at <pb at bieringer dot de> and also
|
|||
|
via his
|
|||
|
\begin_inset LatexCommand \url[homepage]{http://www.bieringer.de/pb/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
He's currently living in Munich [northern part of Schwabing] / Bavaria /
|
|||
|
Germany (south) / Europe (middle) / Earth (surface/mainland).
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{general-category}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Category
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This HOWTO should be listed in category
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\emph on
|
|||
|
Networking
|
|||
|
\emph default
|
|||
|
/
|
|||
|
\emph on
|
|||
|
Protocols
|
|||
|
\emph default
|
|||
|
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Version, History and To-Do
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Version
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The current version is shown above.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
History
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Major history
|
|||
|
\layout Standard
|
|||
|
|
|||
|
2001-11-30: Starting to design new HOWTO.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
2002-01-02: A lot of content completed, first public release of chapter
|
|||
|
1 (version 0.10).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
2002-01-14: More completed, some reviews, public release of the whole document
|
|||
|
(version 0.14).
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Full history
|
|||
|
\layout Standard
|
|||
|
|
|||
|
See
|
|||
|
\begin_inset LatexCommand \ref[revision history]{revision-history}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
at the end of this document.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
To-Do
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Fill in missing content
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Finishing grammar checking
|
|||
|
\layout Section
|
|||
|
|
|||
|
Translations
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Translations always have to contain the URL, version number and copyright
|
|||
|
of the original document (but yours, too).
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
To German
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A German translation is planned by me (German is my native language), but
|
|||
|
it won't happen until the document change frequency is less than once/month
|
|||
|
and when I get enough free time to do that.
|
|||
|
If you have more free time than me, please feel free to take over the translati
|
|||
|
on!
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
To other languages
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Please wait until the document change frequency is less than once/month.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Technical
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Original source of this HOWTO
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This HOWTO is written with LyX version 1.1.6fix1 on a Red Hat Linux 7.2 system
|
|||
|
with template SGML (DocBook book).
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Code line wrapping
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Code line wrapping is done using selfmade utility
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
lyxcodelinewrapper.pl
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, you can get it from CVS for your own usage:
|
|||
|
\begin_inset LatexCommand \url[LDP-CVS / users / Peter-Bieringer]{http://cvsview.linuxdoc.org/index.cgi/users/Peter-Bieringer/?cvsroot=Linuxdoc}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
SGML generation
|
|||
|
\layout Standard
|
|||
|
|
|||
|
SGML is generated using export function in LyX.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
On-line references to the HTML version of this HOWTO (linking/anchors)
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Master index page
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Generally, a reference to the master index page is recommended.
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Dedicated pages
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because the HTML pages are generated out of the SGML file, the HTML filenames
|
|||
|
turn out to be quite random.
|
|||
|
However, some pages are tagged in LyX, resulting in static names.
|
|||
|
These tags are useful for references and shouldn't be changed in the future.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If you think that I have forgotten a tag, please let me know, and I will
|
|||
|
add it.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Preface
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Some things first:
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
How many issues of a Linux & IPv6 related HOWTO are floating around?
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Including this, there are three (3) HOWTO documents available.
|
|||
|
Sorry, if that's too many ;-)
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Linux IPv6 FAQ/HOWTO (outdated)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The first IPv6 related document was written by
|
|||
|
\emph on
|
|||
|
Eric Osborne
|
|||
|
\emph default
|
|||
|
and called
|
|||
|
\begin_inset LatexCommand \url[Linux IPv6 FAQ/HOWTO]{http://www.linuxhq.com/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(please use it only for historical issues).
|
|||
|
|
|||
|
\series bold
|
|||
|
Latest
|
|||
|
\series default
|
|||
|
|
|||
|
\series bold
|
|||
|
version
|
|||
|
\series default
|
|||
|
was 3.2.1 released 14.
|
|||
|
Juli
|
|||
|
\series bold
|
|||
|
1997
|
|||
|
\series default
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Please help: if someone knows the date of birth of this HOWTO, please send
|
|||
|
me an e-mail (information will be needed in
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
history
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
).
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv6 & Linux - HowTo (maintained)
|
|||
|
\layout Comment
|
|||
|
|
|||
|
This HOWTO is really named
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
HowTo
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
There exists a second one called
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
written by me (
|
|||
|
\emph on
|
|||
|
Peter Bieringer
|
|||
|
\emph default
|
|||
|
) in pure HTML.
|
|||
|
|
|||
|
\series bold
|
|||
|
It was born
|
|||
|
\series default
|
|||
|
April
|
|||
|
\series bold
|
|||
|
1997
|
|||
|
\series default
|
|||
|
and the first English version was published in June 1997.
|
|||
|
I will continue to
|
|||
|
\series bold
|
|||
|
maintain
|
|||
|
\series default
|
|||
|
it, but it will slowly fade in favor of the Linux IPv6 HOWTO you are reading
|
|||
|
right this second.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Linux IPv6 HOWTO (this document)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because the
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
is written in pure HTML it's not really compatible with the
|
|||
|
\begin_inset LatexCommand \url[Linux Documentation Project (LDP)]{http://www.linuxdoc.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
I (
|
|||
|
\emph on
|
|||
|
Peter Bieringer
|
|||
|
\emph default
|
|||
|
) got a request in late November 2001 to rewrite the
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
in SGML.
|
|||
|
However, because of the discontinuation of that HOWTO (
|
|||
|
\begin_inset LatexCommand \url[Future of IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-0.html#history}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
) once IPv6 becomes more and more standard, I decided to write a new document
|
|||
|
covering basic and advanced issues which will remain important over the
|
|||
|
next years.
|
|||
|
Dynamic content will be still found further on in the second HOWTO (
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
).
|
|||
|
\layout Section
|
|||
|
|
|||
|
Used terms
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Network related
|
|||
|
\layout Description
|
|||
|
|
|||
|
Link A link is a layer 2 network packet transport medium, examples are Ethernet,
|
|||
|
Token Ring, PPP, SLIP, ATM, ISDN, Frame Relay,...
|
|||
|
\layout Description
|
|||
|
|
|||
|
Node A node is a host or a router.
|
|||
|
\layout Description
|
|||
|
|
|||
|
Host Normally a single homed host on a link.
|
|||
|
Normally it has only one active network interface, e.g.
|
|||
|
Ethernet or (not and) PPP.
|
|||
|
\layout Description
|
|||
|
|
|||
|
Dual\SpecialChar ~
|
|||
|
homed\SpecialChar ~
|
|||
|
host A dual homed host is a node with two network (physical or
|
|||
|
virtual) interfaces on two different links, but do not forwarding any packets
|
|||
|
between the two connected links.
|
|||
|
\layout Description
|
|||
|
|
|||
|
Router A router is a node with two or more network (physical or virtual)
|
|||
|
interfaces, able to forward any packets between the interfaces.
|
|||
|
\layout Description
|
|||
|
|
|||
|
Tunnel A tunnel is typically a point-to-point connection on which packets
|
|||
|
are exchanged which contains data of another protocol, e.g.
|
|||
|
an IPv6-in-IPv4 tunnel.
|
|||
|
\layout Description
|
|||
|
|
|||
|
NIC Network Interface Card
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Document related
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Long code line wrapping signal char
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The special char
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
is used for signalling that this code line is wrapped for better viewing
|
|||
|
in PDF and PS files.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Placeholders
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In generic examples you will find sometimes like
|
|||
|
\layout Code
|
|||
|
|
|||
|
<myipaddress>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For real use on your system command line or in scripts this has to be replaced
|
|||
|
with related content (also removing < and >), the result would be e.g.
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.4
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Commands in the shell
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Commands executable as non-root user starts with $, e.g.
|
|||
|
\layout Code
|
|||
|
|
|||
|
$ whoami
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Commands executable as root user starts with #, e.g.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# whoami
|
|||
|
\layout Section
|
|||
|
|
|||
|
Requirements for using this HOWTO
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Personal prerequisites
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Experience with Unix tools
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You should be familiar with the major Unix tools e.g.
|
|||
|
|
|||
|
\emph on
|
|||
|
grep
|
|||
|
\emph default
|
|||
|
,
|
|||
|
\emph on
|
|||
|
awk
|
|||
|
\emph default
|
|||
|
,
|
|||
|
\emph on
|
|||
|
find
|
|||
|
\emph default
|
|||
|
, ...
|
|||
|
, and know about their most commonly used command-line options.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Experience with networking theory
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You should know about layers, protocols, addresses, cables, plugs, etc.
|
|||
|
If you are new to this field, here is one good starting point for you:
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[linuxports/howto/intro_to_networking]{http://www.linuxports.com/howto/intro_to_networking/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Experience with IPv4 configuration
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You should definitely have some experience in IPv4 configuration, otherwise
|
|||
|
it's hard for you to understand what's really going on.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Experience with the Domain Name System (DNS)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Also you should understand what the Domain Name System (DNS) is, what it
|
|||
|
provides and how to use it.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Experience with network debugging strategies
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You should at least understand how to use
|
|||
|
\emph on
|
|||
|
tcpdump
|
|||
|
\emph default
|
|||
|
and what
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
it can show you.
|
|||
|
Otherwise, network debugging will very hard for you.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Linux operating system compatible hardware
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Surely you want to run some tests too, not only read this HOWTO and fall
|
|||
|
asleep here and there.
|
|||
|
:)
|
|||
|
\layout Section
|
|||
|
|
|||
|
Credits
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The quickest way to be added to this nice list is to send bug fixes, corrections
|
|||
|
, and/or updates to me ;-).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If you want to do a major review, please ask the author for the native LyX
|
|||
|
file as diffs against SGML don't help too much.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Major credits
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
David Ranch <dranch at trinnet dot net>: For encouraging me to write this
|
|||
|
HOWTO, his editorial comments on the first few revisions, and his contributions
|
|||
|
to various IPv6 testing results on my IPv6 web site.
|
|||
|
Also for his major reviews and suggestions.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Pekka Savola <pekkas at netcore dot fi>: For major reviews and suggestions.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Martin F.
|
|||
|
Krafft <madduck at madduck dot net>: For grammar checks and general reviewing
|
|||
|
of the document.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Other credits
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Document technique related
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Writing a LDP HOWTO as a newbie (in LyX and exporting this to DocBook to
|
|||
|
conform to SGML) isn't as easy as some people say.
|
|||
|
There are some strange pitfalls...
|
|||
|
Nevertheless, thanks to:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Authors of the
|
|||
|
\begin_inset LatexCommand \url[LDP Author Guide]{http://www.linuxdoc.org/LDP/LDP-Author-Guide/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
B.
|
|||
|
Guillon: For his
|
|||
|
\begin_inset LatexCommand \url[DocBook with LyX HOWTO]{http://perso.libertysurf.fr/bgu/doc/db4lyx/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Document content related
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Are shown at the end of the document, see
|
|||
|
\begin_inset LatexCommand \ref[here]{content-related-credits}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for more.
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-basics}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Basics
|
|||
|
\layout Section
|
|||
|
|
|||
|
What is IPv6?
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 is a new layer 3 transport protocol (see
|
|||
|
\color red
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[linuxports/howto/intro_to_networking/ISO - OSI Model]{http://www.linuxports.com/howto/intro_to_networking/c4412.htm#PAGE103HTML}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\color default
|
|||
|
) which will supersede IPv4 (also known as IP).
|
|||
|
IPv4 was designed long time ago (
|
|||
|
\begin_inset LatexCommand \url[RFC 760]{http://rfc.net/rfc760.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
from January 1980) and since its incantation, there were many requests
|
|||
|
for more addresses and enhanced capabilities.
|
|||
|
Major changes in IPv6 are the redesign of the header, including the increase
|
|||
|
of address size from 32 bits to 128 bits.
|
|||
|
Because the layer 3 is responsible for end-to-end packet transport using
|
|||
|
packet routing based on addresses, it must include the new IPv6 addresses
|
|||
|
(source and destination), like IPv4.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For more information about the IPv6 history take a look at older IPv6 related
|
|||
|
RFCs listed e.g.
|
|||
|
at
|
|||
|
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot / References]{http://www.switch.ch/lan/ipv6/references.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{basic-history-IPv6-Linux}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
History of IPv6 in Linux
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To-do: better time-line, more content...
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Beginning
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The first IPv6 related network code was added to the Linux kernel 2.1.8 in
|
|||
|
November 1996 by Pedro Roque.
|
|||
|
It was based on the BSD API:
|
|||
|
\layout Code
|
|||
|
|
|||
|
diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> linux/include/linux/in6.h
|
|||
|
\layout Code
|
|||
|
|
|||
|
--- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970
|
|||
|
\layout Code
|
|||
|
|
|||
|
+++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996
|
|||
|
\layout Code
|
|||
|
|
|||
|
@@ -0,0 +1,99 @@
|
|||
|
\layout Code
|
|||
|
|
|||
|
+/*
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * Types and definitions for AF_INET6
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * Linux INET6 implementation
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * + * Authors:
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * Pedro Roque <******>
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ *
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * Source:
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * IPv6 Program Interfaces for BSD Systems
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ * <draft-ietf-ipngwg-bsd-api-05.txt>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The shown lines were copied from patch-2.1.8 (e-mail address was blanked on
|
|||
|
copy&paste).
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
In between
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because of lack of manpower, the IPv6 implementation in the kernel couldn't
|
|||
|
follow the discussed drafts or newly released RFCs.
|
|||
|
In October 2000, a project was started in Japan, called
|
|||
|
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, whose aim was to implement all missing or outdated IPv6 support in Linux,
|
|||
|
tracking the current IPv6 implementation in FreeBSD made by the
|
|||
|
\begin_inset LatexCommand \url[KAME project]{http://www.kame.net/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
From time to time they created snapshot against current vanilla Linux kernel
|
|||
|
sources.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Current
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Unfortunately, the
|
|||
|
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
patch is so big, that current Linux networking maintainers aren't able
|
|||
|
to include it in the production source of the Linux kernel 2.4.x series.
|
|||
|
Therefore the 2.4.x series misses some (many) extensions and also didn't
|
|||
|
fulfill all current drafts and RFCs.
|
|||
|
This can cause some interoperability problems with other operating systems.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Future
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
now makes use of the new Linux kernel development series 2.5.x to put all
|
|||
|
their current extensions into this development release.
|
|||
|
Hopefully the 2.6.x kernel series will contain a true and up-to-date IPv6
|
|||
|
implementation.
|
|||
|
\layout Section
|
|||
|
|
|||
|
How do IPv6 addresses look like?
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
As said, IPv6 addresses are 128 bits long.
|
|||
|
This number of bits can cause very high decimal numbers with up to 39 digits:
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\latex no_latex
|
|||
|
2
|
|||
|
\begin_inset Formula \( ^{128} \)
|
|||
|
\end_inset
|
|||
|
|
|||
|
-1: 340282366920938463463374607431768211455
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
"Such numbers are not really addresses that can be memorized.
|
|||
|
Also the IPv6 address schema is bitwise orientated (just like IPv4, but
|
|||
|
that's not often recognized).
|
|||
|
Therefore a better notation of such big numbers is hexadecimal.
|
|||
|
In hexadecimal, 4 bits (also known as
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
nibble
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
) are represented by a digit or char from 0-9 and a-f (10-15) and reduces
|
|||
|
the length to 32 chars.
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\latex no_latex
|
|||
|
2
|
|||
|
\begin_inset Formula \( ^{128} \)
|
|||
|
\end_inset
|
|||
|
|
|||
|
-1: 0xffffffffffffffffffffffffffffffff
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
This representation is also not very convenient (possible mix-up or loss
|
|||
|
of single hexadecimal digits), so the designers of IPv6 chose a hexadecimal
|
|||
|
format with a colon as separator after each block of 16 bits.
|
|||
|
In addition, the leading "
|
|||
|
\family typewriter
|
|||
|
0x
|
|||
|
\family default
|
|||
|
" (a signifier for hexadecimal values used in programming languages) is
|
|||
|
removed:
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\latex no_latex
|
|||
|
2
|
|||
|
\begin_inset Formula \( ^{128} \)
|
|||
|
\end_inset
|
|||
|
|
|||
|
-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
A usable address (see address types later) is e.g.:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:0100:f101:0210:a4ff:fee3:9566
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
For simplifications, leading zeros of each 16 bit block can be omitted:
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 ->
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 3ffe:ffff:100:f101:210:a4ff:fee3:9566
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
One sequence of 16 bit blocks containing only zeroes can be replaced with
|
|||
|
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\family typewriter
|
|||
|
::
|
|||
|
\family default
|
|||
|
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
But not more than one time, because otherwise its no longer a unique representa
|
|||
|
tion.
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101:0:0:0:1 -> 3ffe:ffff:100:f101::1
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
The biggest reduction is seen by the IPv6 localhost address:
|
|||
|
\layout Code
|
|||
|
|
|||
|
0000:0000:0000:0000:0000:0000:0000:0001 -> ::1
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
There is also a so-called
|
|||
|
\emph on
|
|||
|
compact
|
|||
|
\emph default
|
|||
|
(base85 coded) representation defined
|
|||
|
\begin_inset LatexCommand \url[RFC 1924 / A Compact Representation of IPv6 Addresses]{http://rfc.net/rfc1924.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(written 1996), never seen in the wild, but here is an example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ipv6calc --addr_to_base85 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566
|
|||
|
\layout Code
|
|||
|
|
|||
|
Itu&-ZQ82s>J%s99FJXT
|
|||
|
\layout Quotation
|
|||
|
|
|||
|
Info:
|
|||
|
\emph on
|
|||
|
ipv6calc
|
|||
|
\emph default
|
|||
|
is an IPv6 address format calculator and converter program and can be found
|
|||
|
here:
|
|||
|
\begin_inset LatexCommand \url[ipv6calc]{http://www.bieringer.de/linux/IPv6/tools/index.html#ipv6calc}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Section
|
|||
|
|
|||
|
FAQ (Basics)
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Why is the name IPv6 and not IPv5 as successor for IPv4?
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
On any IP header, the first 4 bits are reserved for protocol version.
|
|||
|
So theoretically a protocol number between 0 and 15 is possible:
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
4: is already used for IPv4
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
5: is reserved for the Stream Protocol (STP,
|
|||
|
\begin_inset LatexCommand \url[RFC 1819]{http://rfc.net/rfc1819.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
) (which never really made it to the public)
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
So the next free number was 6.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 addresses: why such a high number of bits?
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
During the design of IPv4, people thought that 32 bits were enough for the
|
|||
|
world.
|
|||
|
Looking back into the past, 32 bits were enough until now and will perhaps
|
|||
|
be enough for another couple years.
|
|||
|
However, 32 bits are not not enough to provide each network device with
|
|||
|
a global address in the future.
|
|||
|
Think about mobile phones, cars (including electronic devices on its CAN-bus),
|
|||
|
toasters, refrigerators, light switches, and so on...
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
So designers have chosen 128 bit, 4 times more in length and 2^96 in size
|
|||
|
than in IPv4 today.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
But the usable size is smaller than it may appear, because in the currently
|
|||
|
defined address schema, 64 bits are user for interface identifiers.
|
|||
|
The other 64 bits are used for routing.
|
|||
|
Assuming the current strict levels of aggregation (/48, /35, ...), it's still
|
|||
|
possible to
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
run out
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
of space, but surely not in the near future.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 addresses: why so small a number of bits on a new design?
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Well, there is one (or more?) people on the Internet who think about IPv8
|
|||
|
and IPv16, but their design is far away from acceptance and implementation.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
128 bit was the best choice regarding header overhead and data transport.
|
|||
|
Think about the minimum Maximum Transfer Unit (MTU) in IPv4 (576 octets)
|
|||
|
and in IPv6 (1280 octets), the header length in IPv4 is 20 octets (minimum,
|
|||
|
can increase to 60 octets with IPv4 options) and in IPv6 is 48 octets (fixed).
|
|||
|
This is 3.4 % of MTU in IPv4 and 3.8 % of MTU in IPv6.
|
|||
|
This means the header overhead is nearly equal.
|
|||
|
More bits for addresses would require bigger headers and therefore more
|
|||
|
overhead.
|
|||
|
Also think about the maximum MTU on normal links (like Ethernet today):
|
|||
|
it's 1500 octets (in special cases: 9k octets using Jumbo frames).
|
|||
|
Ultimately, it wouldn't be a proper design if 10 % or 20 % of transported
|
|||
|
data in a Layer-3 packet were used for addresses and not for payload...
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-addresstypes}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Address types
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Like IPv4, IPv6 addresses can be split into network and host parts using
|
|||
|
subnet masks.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv4 has shown that sometimes it would be nice, if more than one IP address
|
|||
|
can be assigned to an interface, each for a different purpose (aliases,
|
|||
|
multi-cast).
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To remain extensible in the future, IPv6 is going further and allows more
|
|||
|
than one IPv6 address assigned to an interface.
|
|||
|
There is currently no limit defined by an RFC, only in the implementation
|
|||
|
of the IPv6 stack (to prevent DoS attacks).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Using this big number of bits for addresses, IPv6 defines address types
|
|||
|
based on some leading bits, which are hopefully never going to be broken
|
|||
|
in the future (unlike IPv4 today and the history of class A, B, and C).
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Also the number of bits are separated into a network part (upper 64 bits)
|
|||
|
and a host part (lower 64 bits), to facilitate auto-configuration .
|
|||
|
\layout Section
|
|||
|
|
|||
|
Addresses without a special prefix
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Localhost address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This is a special address for the loopback interface, like IPv4 with its
|
|||
|
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
127.0.0.1
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
With IPv6, the localhost address is:
|
|||
|
\layout Code
|
|||
|
|
|||
|
0000:0000:0000:0000:0000:0000:0000:0001
|
|||
|
\layout Standard
|
|||
|
|
|||
|
or compressed:
|
|||
|
\layout Code
|
|||
|
|
|||
|
::1
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Packets with this address as source or destination should never leave the
|
|||
|
sending host.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Unspecified address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This is a special address like
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
any
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
or
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0.0.0.0
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
in IPv4 .
|
|||
|
For IPv6 it's:
|
|||
|
\layout Code
|
|||
|
|
|||
|
0000:0000:0000:0000:0000:0000:0000:0000
|
|||
|
\layout Standard
|
|||
|
|
|||
|
or:
|
|||
|
\layout Code
|
|||
|
|
|||
|
::
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This address are mostly used/seen in socket binding (to any IPv6 address)
|
|||
|
or routing tables.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: the unspecified address cannot be used as destination address.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 address with embedded IPv4 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
There are two addresses which contain an IPv4 address.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv4-mapped IPv6 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv4-only IPv6-compatible addresses are sometimes used/shown for sockets
|
|||
|
created by an IPv6-enabled daemon, but binding to an IPv4 address only.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
These addresses are defined with a special prefix of length 96 (a.b.c.d is
|
|||
|
the IPv4 address):
|
|||
|
\layout Code
|
|||
|
|
|||
|
0:0:0:0:0:ffff:a.b.c.d/96
|
|||
|
\layout Standard
|
|||
|
|
|||
|
or in compressed format
|
|||
|
\layout Code
|
|||
|
|
|||
|
::ffff:a.b.c.d/96
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For example, the IPv4 address 1.2.3.4 looks like this:
|
|||
|
\layout Code
|
|||
|
|
|||
|
::ffff:1.2.3.4
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv4-compatible IPv6 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Also for sockets, in this case it's for dual use and looking like
|
|||
|
\layout Code
|
|||
|
|
|||
|
0:0:0:0:0:0:a.b.c.d/96
|
|||
|
\layout Standard
|
|||
|
|
|||
|
or in compressed format
|
|||
|
\layout Code
|
|||
|
|
|||
|
::a.b.c.d/96
|
|||
|
\layout Standard
|
|||
|
|
|||
|
They are also used by automatic tunneling, which is being replaced by
|
|||
|
\begin_inset LatexCommand \ref[6to4 tunneling]{tunneling-6to4}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Network part, also known as prefix
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Designers defined some address types and left a lot of room for future use.
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[RFC 2373 [July 1998] / IP Version 6 Addressing Architecture]{http://rfc.net/rfc2373.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
defines the current addressing scheme but there is already a new draft
|
|||
|
available:
|
|||
|
\begin_inset LatexCommand \url[draft-ietf-ipngwg-addr-arch-*.txt]{ftp://ftp.ietf.org/internet-drafts/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Now lets take a look at the different types of prefixes (and therefore address
|
|||
|
types):
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Link local address type
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
These are special addresses which will only be valid on a link of an interface.
|
|||
|
Using this address as destination the packet would never pass a router.
|
|||
|
It's used for link communication like:
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
anyone else here on this link?
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
anyone here with a special address (e.g.
|
|||
|
looking for a router)?
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
They're starting with (
|
|||
|
\emph on
|
|||
|
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
x
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\emph default
|
|||
|
is any hex char, normally
|
|||
|
\emph on
|
|||
|
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0
|
|||
|
\emph default
|
|||
|
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
)
|
|||
|
\layout Code
|
|||
|
|
|||
|
fe8
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x: <- currently the only used one
|
|||
|
\layout Code
|
|||
|
|
|||
|
fe9
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x:
|
|||
|
\layout Code
|
|||
|
|
|||
|
fea
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x:
|
|||
|
\layout Code
|
|||
|
|
|||
|
feb
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x:
|
|||
|
\layout Standard
|
|||
|
|
|||
|
An address with this prefix is found on each IPv6-enabled interface after
|
|||
|
stateless auto-configuration (which is normally always the case).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: only fe80 is currently used for that.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Site local address type
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
These are addresses similar to the
|
|||
|
\begin_inset LatexCommand \url[RFC 1918 / Address Allocation for Private Internets]{http://rfc.net/rfc1918.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
in IPv4 today, with the added advantage that everyone who use this address
|
|||
|
type has the capability to use the given 16 bits for a maximum number of
|
|||
|
65536 subnets.
|
|||
|
Comparable with the
|
|||
|
\family typewriter
|
|||
|
10.0.0.0/8
|
|||
|
\family default
|
|||
|
in IPv4 today.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Another advantage: because it's possible to assign more than one address
|
|||
|
to an interface with IPv6, you can also assign such a site local address
|
|||
|
in addition to a global one.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
It's starting with (
|
|||
|
\emph on
|
|||
|
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
x
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\emph default
|
|||
|
is any hex char, normally
|
|||
|
\emph on
|
|||
|
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0
|
|||
|
\emph default
|
|||
|
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
)
|
|||
|
\layout Code
|
|||
|
|
|||
|
fec
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x: <- common used one
|
|||
|
\layout Code
|
|||
|
|
|||
|
fed
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x:
|
|||
|
\layout Code
|
|||
|
|
|||
|
fee
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x:
|
|||
|
\layout Code
|
|||
|
|
|||
|
fef
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x:
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Global address type "Aggregatable global unicast"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Today, there is one global address type defined (the first design, called
|
|||
|
"provider based," was thrown away some years ago
|
|||
|
\begin_inset LatexCommand \url[RFC 1884 / IP Version 6 Addressing Architecture [obsolete]]{http://rfc.net/rfc1884.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, you will find some remains
|
|||
|
\latex latex
|
|||
|
|
|||
|
\latex default
|
|||
|
in older Linux kernel sources).
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
It's starting with (
|
|||
|
\emph on
|
|||
|
x
|
|||
|
\emph default
|
|||
|
are hex chars)
|
|||
|
\layout Code
|
|||
|
|
|||
|
2
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
xxx
|
|||
|
\shape default
|
|||
|
\emph default
|
|||
|
:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
xxx
|
|||
|
\shape default
|
|||
|
\emph default
|
|||
|
:
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
There are some subtypes defined by now:
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
6bone test addresses
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
These were the first global addresses which were defined and in use.
|
|||
|
They all start with
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f102::1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A special 6bone test address which will be never be globally unique is starting
|
|||
|
with
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:
|
|||
|
\layout Standard
|
|||
|
|
|||
|
and is mostly shown in examples, because if real addresses are shown, it's
|
|||
|
possible that people do a copy & paste to their configuration files and
|
|||
|
can cause duplicates an globally unique address.
|
|||
|
This can cause many troubles on the original host (e.g.
|
|||
|
getting answer packets for request that were never sent).
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
6to4 addresses
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
These addresses, designed for a special tunneling possibility [
|
|||
|
\begin_inset LatexCommand \url[RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds]{http://rfc.net/rfc3056.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
and
|
|||
|
\begin_inset LatexCommand \url[RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers]{http://rfc.net/rfc2893.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
], encode a given IPv4 address and a possible subnet and are starting with
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
2002:
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For example, representing 192.168.1.1/5:
|
|||
|
\layout Code
|
|||
|
|
|||
|
2002:c0a8:0101:5::1
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Assigned by provider for hierarchical routing
|
|||
|
\layout Standard
|
|||
|
|
|||
|
These addresses are delegated to Internet service providers (ISP) and start
|
|||
|
with
|
|||
|
\layout Code
|
|||
|
|
|||
|
2001:
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Multicast addresses
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Multicast addresses are used for related services.
|
|||
|
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
They alway start with (
|
|||
|
\emph on
|
|||
|
xx
|
|||
|
\emph default
|
|||
|
is the scope value)
|
|||
|
\layout Code
|
|||
|
|
|||
|
ff
|
|||
|
\shape italic
|
|||
|
\emph on
|
|||
|
x
|
|||
|
\shape default
|
|||
|
\emph default
|
|||
|
y:
|
|||
|
\layout Standard
|
|||
|
|
|||
|
They are split into scopes and types:
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Multicast scopes
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Multicast scope is a parameter to specify the maximum distance a multicast
|
|||
|
packet can travel from the sending entity.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Currently, the following regions (scopes) are defined:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ffx1: node-local, packets never leave the node.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ffx2: link-local, packets are never forwarded by routers, so they never
|
|||
|
leave the specified link.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ffx5: site-local, packets never leave the site.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ffx8: organization-local, packets never leave the organization (not so easy
|
|||
|
to implement, must be covered by routing protocol).
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ffxe: global scope.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
others are reserved
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Multicast types
|
|||
|
\layout Standard
|
|||
|
|
|||
|
There are many types already defined/reserved (see
|
|||
|
\begin_inset LatexCommand \url[RFC 2373 / IP Version 6 Addressing Architecture]{http://rfc.net/rfc2373.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for details).
|
|||
|
Some examples are:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
All Nodes Address: ID = 1h, addresses all hosts on the local node (ff01:0:0:0:0:
|
|||
|
0:1) or the connected link (ff02:0:0:0:0:0:1).
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
All Routers Address: ID = 2h, addresses all routers on the local node (ff01:0:0:
|
|||
|
0:0:0:2), on the connected link (ff02:0:0:0:0:0:2), or on the local site
|
|||
|
(ff05:0:0:0:0:0:2)
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Solicited node link-local multicast address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Special multicast address used as destination address in neighborhood discovery,
|
|||
|
because unlike in IPv4, there exists no ARP anymore in IPv6.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
An example for such address looks like
|
|||
|
\layout Code
|
|||
|
|
|||
|
ff02::1:ff00:1234
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Used prefix shows that this is a link-local multicast address.
|
|||
|
The suffix is generated from the destination address.
|
|||
|
In this example, a packet should be sent to address
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
fe80::1234
|
|||
|
\begin_inset Quotes erd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, but the network stack don't know the current layer 2 MAC address.
|
|||
|
It replaces the upper 104 bits with
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ff02::1:ff00::/104
|
|||
|
\begin_inset Quotes erd
|
|||
|
\end_inset
|
|||
|
|
|||
|
and let the least 24 bits exist.
|
|||
|
Such address is now used on-link to find the corresponding node which has
|
|||
|
to send a reply containing its layer 2 MAC address also.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Anycast addresses
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Anycast addresses are special addresses and are able to cover things like
|
|||
|
nearest DNS server, nearest DHCP server, or similar dynamic groups.
|
|||
|
Addresses are taken out of the unicast address space (aggregatable global
|
|||
|
or site-local at the moment).
|
|||
|
The anycast mechanism (client view) will be handled by dynamic routing
|
|||
|
protocols.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: Anycast addresses cannot be used as source addresses, they are only
|
|||
|
used as destination addresses.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Subnet-router anycast address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A simple example for an anycast addresses is the subnet-router anycast address.
|
|||
|
Assuming that a node has the following global assigned IPv6 address:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101:210:a4ff:fee3:9566/64 <- Node's address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The subnet-router anycast address will be created blanking the suffix (least
|
|||
|
significant 64 bits) completely:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101::/64 <- subnet-router anycast address
|
|||
|
\layout Section
|
|||
|
|
|||
|
Address types (host part)
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
For auto-configuration and mobility issues, it was decided to use the lower
|
|||
|
64 bits as host part of the address in most of the current address types.
|
|||
|
Therefore each single subnet can hold a big amount of addresses.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
This host part can be inspected differently:
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Automatically computed (also known as stateless)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
With auto-configuration, the host part of the address is computed by converting
|
|||
|
the MAC address of an interface (if available) with the EUI-64 method to
|
|||
|
a unique IPv6 address.
|
|||
|
If no MAC address is available (happens e.g.
|
|||
|
on virtual devices), something else (like the IPv4 addresses or the MAC
|
|||
|
address of a physical interface) is used instead.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Looking again at the first example
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101:210:a4ff:fee3:9566
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
here,
|
|||
|
\layout Code
|
|||
|
|
|||
|
210:a4ff:fee3:9566
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
is the host part and computed from the NIC's MAC address
|
|||
|
\layout Code
|
|||
|
|
|||
|
00:10:A4:E3:95:66
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
using the
|
|||
|
\begin_inset LatexCommand \url[IEEE-Tutorial EUI-64]{http://standards.ieee.org/regauth/oui/tutorials/EUI64.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
design for EUI-48 identifiers.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Privacy problem with automatically computed and solution
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Because the "automatically computed" host part is globally unique (except
|
|||
|
when a vendor of a NIC uses the same MAC address on more than one NIC),
|
|||
|
client tracking is possible on the server in proxy-less connection.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
This is already known, and a solution was designed: privacy extension, defined
|
|||
|
in
|
|||
|
\begin_inset LatexCommand \url[RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6]{http://rfc.net/rfc3041.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(there is also already a newer draft available:
|
|||
|
\begin_inset LatexCommand \url[draft-ietf-ipngwg-temp-addresses-*.txt]{ftp://ftp.ietf.org/internet-drafts/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
).
|
|||
|
Using a random and a static value a new suffix is generated from time to
|
|||
|
time.
|
|||
|
Note: this is only reasonable for outgoing client connections and isn't
|
|||
|
really useful for well-known servers.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Manually set
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For servers it's perhaps easier to remember simpler addresses, but that's
|
|||
|
also accounted for.
|
|||
|
It's possible to assign (additionally) another IPv6 address to an interface,
|
|||
|
e.g.
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101::1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For manual suffixes like
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
::1
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
shown in the above example it's required that the 6th most significant
|
|||
|
bit is set to 0 (the universal/local bit of the automatically generated
|
|||
|
identifier).
|
|||
|
Also some other (otherwise unchosen) bit combinations are reserved for
|
|||
|
anycast addresses, too.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Prefix lengths for routing
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In the early design phase it was planned to use a fully hierarchical routing
|
|||
|
approach to reduce the size of the routing tables maximally.
|
|||
|
Reasons for such thoughts were the number of current IPv4 routing entries
|
|||
|
in core routers (> 104 thousand in May 2001), reducing the need of memory
|
|||
|
in hardware routers (ASIC driven) to hold the routing table and increase
|
|||
|
speed (fewer entries hopefully result in faster lookups).
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Today's view is that routing will be mostly hierarchically designed for
|
|||
|
networks with only one service provider.
|
|||
|
With more than one ISP connections, this is not possible, and subject to
|
|||
|
an issue named multi-homing.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Prefix lengths (also known as "netmasks")
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Similar to IPv4, the routable network path for routing to take place.
|
|||
|
Because standard netmask notation for 128 bits doesn't look nice, designers
|
|||
|
employed the IPv4 Classless Inter Domain Routing (CIDR,
|
|||
|
\begin_inset LatexCommand \url[RFC 1519]{http://rfc.net/rfc1519.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
) scheme, which specifies the number of bits of the IP address to be used
|
|||
|
for routing.
|
|||
|
It is also called the "slash" notation.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
An example looks like:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:1:2:3:4:5/48
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
This notation will be expanded to
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Network:
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:0100:0000:0000:0000:0000:0000
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Net-mask:
|
|||
|
\layout Code
|
|||
|
|
|||
|
ffff:ffff:ffff:0000:0000:0000:0000:0000
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Matching a route
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Under normal circumstances (no QoS) a lookup in a routing table results
|
|||
|
in the route with the most significant number of address bits means the
|
|||
|
route with the biggest prefix length matches first.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For example if a routing table shows following entries (list is not complete):
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100::/48 :: U 1 0 0 sit1
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe::/16 ::192.88.99.1 UG 1 0 0 tun6to4
|
|||
|
\layout Code
|
|||
|
|
|||
|
2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Shown destination addresses of IPv6 packets will be routed through shown
|
|||
|
device
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:1:2:3:4:5/48 -> routed through device sit1
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:200:1:2:3:4:5/48 -> routed through device tun6to4
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-systemcheck}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
IPv6-ready system check
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Before you can start using IPv6 on a Linux host, you have to test, whether
|
|||
|
your system is IPv6-ready.
|
|||
|
Perhaps you have to do some work to enable it first.
|
|||
|
\layout Section
|
|||
|
|
|||
|
IPv6-ready kernel
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Modern Linux distributions already contain IPv6-ready kernels, the IPv6
|
|||
|
capability is mostly compiled as module, so it's possible that this module
|
|||
|
is not loaded on startup.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
See
|
|||
|
\begin_inset LatexCommand \url[IPv6+Linux-Status-Distribution]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
page for most up-to-date information.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Check for IPv6 support in the current running kernel
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
To check, whether current running kernel supports IPv6, take a look into
|
|||
|
your
|
|||
|
\family typewriter
|
|||
|
/proc
|
|||
|
\family default
|
|||
|
-file-system.
|
|||
|
Following entry must exists:
|
|||
|
\layout Code
|
|||
|
|
|||
|
/proc/net/if_inet6
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
A short auto-magically test looks like:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
If this fails, it's possible, that the IPv6 module is not loaded.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Try to load IPv6 module
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
You can try to load the IPv6 module executing
|
|||
|
\layout Code
|
|||
|
|
|||
|
# modprobe ipv6
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
If this is successful, this module should be listed, testable with following
|
|||
|
auto-magically line:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
And the upper shown check should be now run successfully.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: unloading the module is currently not supported and can result under
|
|||
|
some circumstances in a kernel crash.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Automatically loading of module
|
|||
|
\layout Standard
|
|||
|
|
|||
|
It's possible to automatically load the IPv6 module on demand.
|
|||
|
You only have to add following line in the configuration file of the kernel
|
|||
|
module loader (normally /etc/modules.conf or /etc/conf.modules):
|
|||
|
\layout Code
|
|||
|
|
|||
|
alias net-pf-10 ipv6 # automatically load IPv6 module on demand
|
|||
|
\layout Standard
|
|||
|
|
|||
|
It's also possible to disable automatically loading of the IPv6 module using
|
|||
|
following line
|
|||
|
\layout Code
|
|||
|
|
|||
|
alias net-pf-10 off # disable automatically load of IPv6 module on demand
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Compile kernel with IPv6 capabilities
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
If both upper shown results were negative and your kernel has no IP6 support,
|
|||
|
than you have some possibilities:
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
Update your distribution to a current one which supports IPv6 out-of-the-box
|
|||
|
(recommended for newbies), see here again:
|
|||
|
\begin_inset LatexCommand \url[IPv6+Linux-Status-Distribution]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
Compile a new vanilla kernel (easy, if you know which options you needed)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Recompile kernel sources given by your Linux distribution (sometimes not
|
|||
|
so easy)
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
Compile a kernel with USAGI extensions
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
If you've decided to compile a kernel, you should have already experience
|
|||
|
in kernel compiling and read the
|
|||
|
\begin_inset LatexCommand \url[Linux Kernel HOWTO]{http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A mostly up-to-time comparison between vanilla and USAGI extended kernels
|
|||
|
is available on
|
|||
|
\begin_inset LatexCommand \url[IPv6+Linux-Status-Kernel]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Compiling a vanilla kernel
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More detailed hints about compiling an IPv6-enabled kernel can be found
|
|||
|
e.g.
|
|||
|
on
|
|||
|
\begin_inset LatexCommand \url[IPv6-HOWTO-2#kernel]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-2.html#kernel}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Compiling a kernel with USAGI extensions
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Same as for vanilla kernel, only recommend for advanced users, which are
|
|||
|
already familiar with IPv6 and kernel compilation.
|
|||
|
See also
|
|||
|
\begin_inset LatexCommand \url[USAGI project / FAQ]{http://www.linux-ipv6.org/faq.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6-ready network devices
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Not all existing network devices have already (or ever) the capability to
|
|||
|
transport IPv6 packets.
|
|||
|
A current status can be found at
|
|||
|
\begin_inset LatexCommand \url[IPv6+Linux-status-kernel.html#transport]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#transport}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Major issue is that because of the network layer structure of kernel implementat
|
|||
|
ion an IPv6 packet isn't really recognized by it's IP header number (6 instead
|
|||
|
of 4).
|
|||
|
It's recognized by the protocol number of the Layer 2 transport protocol.
|
|||
|
Therefore any transport protocol which doesn't use such protocol number
|
|||
|
hasn't now the capability to dispatch the IPv6 packet.
|
|||
|
Attention: the packet is still transported over the link, but on receivers
|
|||
|
side, the dispatching won't work (you can see this e.g.
|
|||
|
using tcpdump).
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Currently known never
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
IPv6 capable links
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Serial Line IP (SLIP,
|
|||
|
\begin_inset LatexCommand \url[RFC 1055]{http://rfc.net/rfc1055.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
), should be better called now to SLIPv4, device named: slX
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Parallel Line IP (PLIP), same like SLIP, device names: plipX
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ISDN with encapsulation
|
|||
|
\emph on
|
|||
|
rawip
|
|||
|
\emph default
|
|||
|
, device names: isdnX
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Currently known
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
not supported IPv6 capable links
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ISDN with encapsulation
|
|||
|
\emph on
|
|||
|
syncppp
|
|||
|
\emph default
|
|||
|
, device names: ipppX (design issue of the ipppd, will be merged into more
|
|||
|
general PPP layer in kernel series 2.5.x)
|
|||
|
\layout Section
|
|||
|
|
|||
|
IPv6-ready network configuration tools
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
You don't get a lot success, if you're running an IPv6-ready kernel, but
|
|||
|
have no tools to configure IPv6.
|
|||
|
There are exist some in several packages to configure IPv6.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
net-tools package
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
The net-tool packages include some tools like
|
|||
|
\family typewriter
|
|||
|
ifconfig
|
|||
|
\family default
|
|||
|
and
|
|||
|
\family typewriter
|
|||
|
route
|
|||
|
\family default
|
|||
|
, which helps you configure IPv6 on an interface.
|
|||
|
Look at the output of
|
|||
|
\family typewriter
|
|||
|
ifconfig -?
|
|||
|
\family default
|
|||
|
or
|
|||
|
\family typewriter
|
|||
|
route -?
|
|||
|
\family default
|
|||
|
, if something is shown like IPv6 or inet6, then the tool is IPv6-ready.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Auto-magically check:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> IPv6-ready"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Same check can be done for
|
|||
|
\family typewriter
|
|||
|
route
|
|||
|
\family default
|
|||
|
:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready"
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
iproute package
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Alexey N.
|
|||
|
Kuznetsov (current a maintainer of the Linux networking code) created a
|
|||
|
tool-set which configure networks through the netlink device.
|
|||
|
Using this tool-set you are able to do more than using net-tools, but the
|
|||
|
documentation is not very well for newbies.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If the program /sbin/ip isn't found, then I very recommend to install the
|
|||
|
iproute package.
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
You can get it from your Linux distribution (if contained)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
You can download the tar-ball and recompile it:
|
|||
|
\begin_inset LatexCommand \url[Original FTP source]{ftp://ftp.inr.ac.ru/ip-routing/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
and mirror (missing)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
You've able to look for a proper RPM package at
|
|||
|
\begin_inset LatexCommand \url[RPMfind/iproute]{http://rpmfind.net/linux/rpm2html/search.php?query=iproute}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(sometimes rebuilding of a SRPMS package is recommended)
|
|||
|
\layout Section
|
|||
|
|
|||
|
IPv6-ready test/debug programs
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
After you've prepared your system for IPv6, you sure want to use IPv6 now
|
|||
|
for network communications.
|
|||
|
First you should learn to look with a sniffer program for IPv6 packets.
|
|||
|
This is very recommended because in debug/troubleshooting issues this can
|
|||
|
help you very fast.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 ping
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This program is mostly included in package
|
|||
|
\emph on
|
|||
|
iputils
|
|||
|
\emph default
|
|||
|
.
|
|||
|
It's designed for simple transport tests sending ICMPv6 echo-request packets
|
|||
|
and wait for ICMPv6 echo-reply packets.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ping6 <hostwithipv6address>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ping6 <ipv6address>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ping6 [-I <device>] <link-local-ipv6address>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ping6 -c 1 ::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
PING ::1(::1) from ::1 : 56 data bytes
|
|||
|
\layout Code
|
|||
|
|
|||
|
64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
--- ::1 ping statistics ---
|
|||
|
\layout Code
|
|||
|
|
|||
|
1 packets transmitted, 1 packets received, 0% packet loss
|
|||
|
\layout Code
|
|||
|
|
|||
|
round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Hint: ping6 needs raw access to socket and therefore root permissions.
|
|||
|
So if non-root users cannot use ping6 then there exist 2 issues:
|
|||
|
\layout Enumerate
|
|||
|
|
|||
|
ping6 is not in user's path (probably, because ping6 stays mostly in /usr/sbin
|
|||
|
-> add path (not really recommended)
|
|||
|
\layout Enumerate
|
|||
|
|
|||
|
ping6 don't run well, because of missing root permissions -> chmod u+s /usr/sbin
|
|||
|
/ping6
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Specifying interface for IPv6 ping
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Using link-local addresses for an IPv6 ping kernel doesn't know through
|
|||
|
which (physically or virtual) device it must send the packet - each device
|
|||
|
has a link-local address.
|
|||
|
A try will result in following error message:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ping6 fe80::212:34ff:fe12:3456
|
|||
|
\layout Code
|
|||
|
|
|||
|
connect: Invalid argument
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In this case you have to specify the interface additionally like shown here:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205
|
|||
|
\layout Code
|
|||
|
|
|||
|
PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> fe80::212:34ff:fe12:3478 eth0: 56 data bytes
|
|||
|
\layout Code
|
|||
|
|
|||
|
64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
--- fe80::2e0:18ff:fe90:9205 ping statistics ---
|
|||
|
\layout Code
|
|||
|
|
|||
|
1 packets transmitted, 1 packets received, 0% packet loss round-trip
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 traceroute6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This program is mostly included in package
|
|||
|
\emph on
|
|||
|
iputils
|
|||
|
\emph default
|
|||
|
.
|
|||
|
Its a program similar to IPv4 traceroute.
|
|||
|
But unlike modern IPv4 versions, the IPv6 one doesn't still understand
|
|||
|
to traceroute using ICMP echo-request packets (which is more accepted by
|
|||
|
firewalls around than UDP packets to high ports).
|
|||
|
Below you will see an example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# traceroute6 www.6bone.net
|
|||
|
\layout Code
|
|||
|
|
|||
|
traceroute to 6bone.net (3ffe:b00:c18:1::10) from 3ffe:ffff:0000:f101::2,
|
|||
|
30
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> hops max, 16 byte packets
|
|||
|
\layout Code
|
|||
|
|
|||
|
1 localipv6gateway (3ffe:ffff:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441
|
|||
|
ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 tracepath6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This program is mostly included in package
|
|||
|
\emph on
|
|||
|
iputils
|
|||
|
\emph default
|
|||
|
.
|
|||
|
Its a program like traceroute6 and traces the path to a given destination
|
|||
|
discovering the MTU along this path.
|
|||
|
Below you will see an example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# tracepath6 www.6bone.net
|
|||
|
\layout Code
|
|||
|
|
|||
|
1?: [LOCALHOST] pmtu 1480
|
|||
|
\layout Code
|
|||
|
|
|||
|
1: 3ffe:401::2c0:33ff:fe02:14 150.705ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
2: 3ffe:b00:c18::5 267.864ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280
|
|||
|
\layout Code
|
|||
|
|
|||
|
3: 3ffe:3900:5::2 asymm 4 346.632ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms
|
|||
|
\layout Code
|
|||
|
|
|||
|
6: 3ffe:3800::1:1 asymm 4 578.126ms !N
|
|||
|
\layout Code
|
|||
|
|
|||
|
Resume: pmtu 1280
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 tcpdump
|
|||
|
\layout Standard
|
|||
|
|
|||
|
On Linux tcpdump is the major tool for packet capturing.
|
|||
|
Below you find some examples.
|
|||
|
IPv6 support is normally built-in in current releases of version 3.6.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
tcpdump uses expressions for filtering packets to minimize the noise:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
icmp6: filters native ICMPv6 traffic
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ip6: filters native IPv6 traffic (including ICMPv6)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
proto ipv6: filters tunneled IPv6-in-IPv4 traffic
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
not port ssh: to suppress displaying SSH packets for running tcpdump in
|
|||
|
a remote SSH session
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Also some command line options are very useful to catch and print more informati
|
|||
|
on of a packet, mostly interesting for digging into ICMPv6 packets:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
-s 512
|
|||
|
\begin_inset Quotes erd
|
|||
|
\end_inset
|
|||
|
|
|||
|
: increase the snap length during capturing of a packet to 512 bytes
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
-vv
|
|||
|
\begin_inset Quotes erd
|
|||
|
\end_inset
|
|||
|
|
|||
|
: really verbose output
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset Quotes eld
|
|||
|
\end_inset
|
|||
|
|
|||
|
-n
|
|||
|
\begin_inset Quotes erd
|
|||
|
\end_inset
|
|||
|
|
|||
|
: don't resolve addresses to names, useful if reverse DNS resolving isn't
|
|||
|
working proper
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv6 ping to
|
|||
|
\size footnotesize
|
|||
|
3ffe:ffff:100:f101::1
|
|||
|
\size default
|
|||
|
native over a local link
|
|||
|
\layout Code
|
|||
|
|
|||
|
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcpdump: listening on eth0
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101:2e0:18ff:fe90:9205 > 3ffe:ffff:100:f101::1: icmp6: echo
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> request (len 64, hlim 64)
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100:f101::1 > 3ffe:ffff:100:f101:2e0:18ff:fe90:9205: icmp6: echo
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> reply (len 64, hlim 64)
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv6 ping to
|
|||
|
\size footnotesize
|
|||
|
3ffe:ffff:100::1
|
|||
|
\size default
|
|||
|
routed through an IPv6-in-IPv4-tunnel
|
|||
|
\layout Standard
|
|||
|
|
|||
|
1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples)
|
|||
|
\layout Code
|
|||
|
|
|||
|
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcpdump: listening on ppp0
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
|
|||
|
\layout Code
|
|||
|
|
|||
|
5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 64, hlim 61) (ttl 23, id 29887, len 124)
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
|
|||
|
\layout Code
|
|||
|
|
|||
|
5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 64, hlim 61) (ttl 23, id 29919, len 124)
|
|||
|
\layout Section
|
|||
|
|
|||
|
IPv6-ready programs
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Current distributions already contain most needed IPv6 enabled client and
|
|||
|
servers.
|
|||
|
See first on
|
|||
|
\begin_inset LatexCommand \url[IPv6+Linux-Status-Distribution]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
If still not included, you can check
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - Current Status - Applications]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
whether the program is already ported to IPv6 and usable with Linux.
|
|||
|
For common used programs there are some hints available at
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo - Part 3]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-3.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
and
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo - Part 4]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-4.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Section
|
|||
|
|
|||
|
IPv6-ready client programs (selection)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To run the following shown tests require that your system is IPv6 enabled
|
|||
|
and some examples show addresses which only can be reached if a successful
|
|||
|
connection to the 6bone is available.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Checking DNS for resolving IPv6 addresses
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because of security updates in the last years every Domain Name System (DNS)
|
|||
|
server should run newer software which already understands the (intermediate)
|
|||
|
IPv6 address-type AAAA (the newer one named A6 isn't still common at the
|
|||
|
moment because only supported using BIND9 and newer and also the non-existent
|
|||
|
support of root domain IP6.ARPA).
|
|||
|
A simple whether the used system can resolve IPv6 addresses is
|
|||
|
\layout Code
|
|||
|
|
|||
|
# host -t AAAA www.join.uni-muenster.de
|
|||
|
\layout Standard
|
|||
|
|
|||
|
and should show something like following:
|
|||
|
\layout Code
|
|||
|
|
|||
|
www.join.uni-muenster.de.
|
|||
|
is an alias for ns.join.uni-muenster.de.
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
ns.join.uni-muenster.de.
|
|||
|
has AAAA address 3ffe:400:10:100:201:2ff:feb5:3806
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6-ready telnet clients
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6-ready telnet clients are available.
|
|||
|
A simple test can be done with
|
|||
|
\layout Code
|
|||
|
|
|||
|
$ telnet 3ffe:400:100::1 80
|
|||
|
\layout Code
|
|||
|
|
|||
|
Trying 3ffe:400:100::1...
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Connected to 3ffe:400:100::1.
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Escape character is '^]'.
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
HEAD / HTTP/1.0
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
HTTP/1.1 200 OK
|
|||
|
\layout Code
|
|||
|
|
|||
|
Date: Sun, 16 Dec 2001 16:07:21
|
|||
|
\layout Code
|
|||
|
|
|||
|
GMT Server: Apache/2.0.28 (Unix)
|
|||
|
\layout Code
|
|||
|
|
|||
|
Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT
|
|||
|
\layout Code
|
|||
|
|
|||
|
ETag: "3f02-a4d-b1b3e080"
|
|||
|
\layout Code
|
|||
|
|
|||
|
Accept-Ranges: bytes
|
|||
|
\layout Code
|
|||
|
|
|||
|
Content-Length: 2637
|
|||
|
\layout Code
|
|||
|
|
|||
|
Connection: close
|
|||
|
\layout Code
|
|||
|
|
|||
|
Content-Type: text/html; charset=ISO-8859-1
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Connection closed by foreign host.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If the telnet client don't understand the IPv6 address and says something
|
|||
|
like
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
cannot resolve hostname
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, then it's not IPv6-enabled.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6-ready ssh clients
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
openssh
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Current versions of openssh are IPv6-ready.
|
|||
|
Depending on configuring before compiling it has two behavior.
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
--without-ipv4-default: the client tries an IPv6 connect first automatically
|
|||
|
and fall back to IPv4 if not working
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
--with-ipv4-default: default connection is IPv4, IPv6 connection must be
|
|||
|
force like following example shows
|
|||
|
\layout Code
|
|||
|
|
|||
|
$ ssh
|
|||
|
\series bold
|
|||
|
-6
|
|||
|
\series default
|
|||
|
::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
user@::1's password: ******
|
|||
|
\layout Code
|
|||
|
|
|||
|
[user@ipv6host user]$
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If your ssh client don't understand the option
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
-6
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
then it's not IPv6-enabled, like most ssh version 1 packages.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
ssh.com
|
|||
|
\layout Standard
|
|||
|
|
|||
|
SSH.com's SSH client and server is also IPv6 aware now and is free for all
|
|||
|
Linux and FreeBSD machine regardless if used for personal or commercial
|
|||
|
use.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6-ready web browsers
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A current status of IPv6 enabled web browsers is available at
|
|||
|
\begin_inset LatexCommand \url[IPv6+Linux-status-apps.html#HTTP]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#HTTP}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Most of them have unresolved problems at the moment
|
|||
|
\layout Enumerate
|
|||
|
|
|||
|
If using an IPv4 only proxy in the settings, IPv6 requests will be send
|
|||
|
to the proxy, too.
|
|||
|
But proxy don't understand the request and fails.
|
|||
|
Solution: update proxy software (see later).
|
|||
|
\layout Enumerate
|
|||
|
|
|||
|
Automatic proxy settings (*.pac) cannot be extended to handle IPv6 requests
|
|||
|
differently (e.g.
|
|||
|
don't use proxy) because of their nature (written in Java-script and well
|
|||
|
hard coded in source like to be seen in Maxilla source code).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Also older versions don't understand an URL with IPv6 encoded addresses
|
|||
|
like
|
|||
|
\begin_inset LatexCommand \url[http://[3ffe:400:100::1]/]{http://[3ffe:400:100::1]/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(this given URL only works with an IPv6-enabled browser!).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A short test is to try shown URL with a given browser and using no proxy.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
URLs for testing
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A good starting point for browsing using IPv6 is
|
|||
|
\begin_inset LatexCommand \url[http://www.kame.net/]{http://www.kame.net/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
If the turtle on this page is animated, the connection is via IPv6, otherwise
|
|||
|
the turtle is static.
|
|||
|
\layout Section
|
|||
|
|
|||
|
IPv6-ready server programs
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In this part of this HOWTO, more client specific issues are mentioned.
|
|||
|
Therefore hints for IPv6-ready servers like sshd, httpd, telnetd, etc.
|
|||
|
are shown below in
|
|||
|
\begin_inset LatexCommand \ref[Hints for IPv6-enabled daemons]{chapter-hints-daemons}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-configuration-interface}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Configuring interfaces
|
|||
|
\layout Section
|
|||
|
|
|||
|
Different network devices
|
|||
|
\layout Standard
|
|||
|
|
|||
|
On a node, there exist different network devices.
|
|||
|
They can be collected in classes
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Physically bounded, like eth0, tr0
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Virtually existing, like ppp0, tun0, tap0, sit0, isdn0, ippp0
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Physically bounded
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Physically bounded interfaces like Ethernet or Token-Ring are normal ones
|
|||
|
and need no special treatment.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Virtually bounded
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Virtually bounded interfaces always need special support
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv6-in-IPv4 tunnel interfaces
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This interfaces are normally named
|
|||
|
\series bold
|
|||
|
sit
|
|||
|
\emph on
|
|||
|
x
|
|||
|
\series default
|
|||
|
\emph default
|
|||
|
.
|
|||
|
The name
|
|||
|
\emph on
|
|||
|
sit
|
|||
|
\emph default
|
|||
|
is a shortcut for
|
|||
|
\series bold
|
|||
|
S
|
|||
|
\series default
|
|||
|
imple
|
|||
|
\series bold
|
|||
|
I
|
|||
|
\series default
|
|||
|
nternet
|
|||
|
\series bold
|
|||
|
T
|
|||
|
\series default
|
|||
|
ransition.
|
|||
|
This device has the capability to encapsulate IPv6 packets into IPv4 ones
|
|||
|
and tunnel them to a foreign endpoint.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\series bold
|
|||
|
sit0
|
|||
|
\series default
|
|||
|
has a special meaning and cannot be used for dedicated tunnels.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
PPP interfaces
|
|||
|
\layout Standard
|
|||
|
|
|||
|
PPP interfaces get their IPv6 capability from an IPv6 enabled PPP daemon.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
ISDN HDLC interfaces
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 capability for HDLC with encapsulation
|
|||
|
\series bold
|
|||
|
ip
|
|||
|
\series default
|
|||
|
is already built-in in the kernel
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
ISDN PPP interfaces
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ISDN PPP interfaces (ippp) aren't IPv6 enabled by kernel.
|
|||
|
Also there are also no plans to do that because in kernel 2.5.+ they will
|
|||
|
be replaced by a more generic ppp interface layer.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
SLIP + PLIP
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Like mentioned earlier, this interfaces don't support IPv6 transport (sending
|
|||
|
is OK, but dispatching on receiving don't work).
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Ether-tap device
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Ether-tap devices are IPv6-enabled and also stateless configured.
|
|||
|
For use, the module
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ethertap
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
has to be loaded before.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
tun devices
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Currently not tested by me.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
ATM
|
|||
|
\layout Standard
|
|||
|
|
|||
|
01/2002: Aren't currently supported by vanilla kernel, supported by USAGI
|
|||
|
extension
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Others
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Did I forget an interface?...
|
|||
|
\layout Section
|
|||
|
|
|||
|
Bringing interfaces up/down
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Two methods can be used to bring interfaces up or down.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip link set dev <interface> up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip link set dev <interface> down
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip link set dev eth0 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip link set dev eth0 down
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ifconfig"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig <interface> up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig <interface> down
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig eth0 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig eth0 down
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-configuration-address}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Configuring IPv6 addresses
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
There are different ways to configure an IPv6 address on an interface.
|
|||
|
You can use use "ifconfig" or "ip".
|
|||
|
\layout Section
|
|||
|
|
|||
|
Displaying existing IPv6 addresses
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
First you should check, whether and which IPv6 addresses are already configured
|
|||
|
(perhaps auto-magically during stateless auto-configuration).
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr show dev <interface>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example for a static configured host:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr show dev eth0
|
|||
|
\layout Code
|
|||
|
|
|||
|
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_ fast qlen
|
|||
|
100
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 fe80::210:a4ff:fee3:9566/10 scope link
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 3ffe:ffff:0:f101::1/64 scope global
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 fec0:0:0:f101::1/64 scope site
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example for a host which is auto-configured
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Here you see some auto-magically configured IPv6 addresses and their lifetime.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr show dev eth0
|
|||
|
\layout Code
|
|||
|
|
|||
|
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
|
|||
|
qlen
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 100
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 2002:d950:f5f8:f101:2e0:18ff:fe90:9205/64 scope global dynamic
|
|||
|
\layout Code
|
|||
|
|
|||
|
valid_lft 16sec preferred_lft 6sec
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 3ffe:400:100:f101:2e0:18ff:fe90:9205/64 scope global dynamic
|
|||
|
\layout Code
|
|||
|
|
|||
|
valid_lft 2591997sec preferred_lft 604797sec inet6 fe80::2e0:18ff:fe90:9205/10
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> scope link
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ifconfig"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig <interface>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example (output filtered with grep to display only IPv6 addresses).
|
|||
|
Here you see different IPv6 addresses with different scopes.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig eth0 |grep "inet6 addr:"
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 addr: 3ffe:ffff:0:f101::1/64 Scope:Global
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 addr: fec0:0:0:f101::1/64 Scope:Site
|
|||
|
\layout Section
|
|||
|
|
|||
|
Add an IPv6 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Adding an IPv6 address is similar to the mechanism of "IP ALIAS" addresses
|
|||
|
in Linux IPv4 addressed interfaces.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev <interface>
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr add 3ffe:ffff:0:f101::1/64 dev eth0
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ifconfig"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig <interface> inet6 add <ipv6address>/<prefixlength>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig eth0 inet6 add 3ffe:ffff:0:f101::1/64
|
|||
|
\layout Section
|
|||
|
|
|||
|
Removing an IPv6 address
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Not so often needed, be carefully with removing non existent IPv6 address,
|
|||
|
sometimes using older kernels it results in a crash.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev <interface>
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr del 3ffe:ffff:0:f101::1/64 dev eth0
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ifconfig"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig eth0 inet6 del 3ffe:ffff:0:f101::1/64
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-configuration-route}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Configuring normal IPv6 routes
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
If you want to leave your link and want to send packets in the world wide
|
|||
|
IPv6-Internet, you need routing.
|
|||
|
If there is already an IPv6 enabled router on your link, it's possible
|
|||
|
enough to add IPv6 routes.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Also here there are different ways to configure an IPv6 address on an interface.
|
|||
|
You can use use "ifconfig" or "ip"
|
|||
|
\layout Section
|
|||
|
|
|||
|
Displaying existing IPv6 routes
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
First you should check, whether and which IPv6 addresses are already configured
|
|||
|
(perhaps auto-magically during auto-configuration).
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route show [dev <device>]
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route show dev eth0
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440
|
|||
|
\layout Code
|
|||
|
|
|||
|
fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440
|
|||
|
\layout Code
|
|||
|
|
|||
|
ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440
|
|||
|
\layout Code
|
|||
|
|
|||
|
default proto kernel metric 256 mtu 1500 advmss 1440
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Example (output is filtered for interface eth0).
|
|||
|
Here you see different IPv6 routes for different addresses on a single
|
|||
|
interface.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 |grep "
|
|||
|
\backslash
|
|||
|
Weth0
|
|||
|
\backslash
|
|||
|
W"
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- Interface route for global address
|
|||
|
\layout Code
|
|||
|
|
|||
|
fe80::/10 :: UA 256 0 0 eth0
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- Interface route for link-local address
|
|||
|
\layout Code
|
|||
|
|
|||
|
ff00::/8 :: UA 256 0 0 eth0
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- Interface route for all multicast addresses
|
|||
|
\layout Code
|
|||
|
|
|||
|
::/0 :: UDA 256 0 0 eth0
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- Automatic default route
|
|||
|
\layout Section
|
|||
|
|
|||
|
Add an IPv6 route through a gateway
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Mostly needed to reach the outside with IPv6 using an IPv6-enabled router
|
|||
|
on your link.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address>
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> [dev <device>]
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> <ipv6address> [dev <device>]
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
A device can be needed, too, if the IPv6 address of the gateway is a link
|
|||
|
local one.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Following shown example adds a route for all currently global addresses
|
|||
|
(2000::/3) through gateway
|
|||
|
\family typewriter
|
|||
|
\lang afrikaans
|
|||
|
3ffe:ffff:0:f101::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1
|
|||
|
\layout Section
|
|||
|
|
|||
|
Removing an IPv6 route through a gateway
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Not so often needed manually, mostly done by network configure scripts on
|
|||
|
shutdown (full or per interface)
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address>
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> [dev <device>]
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route del 2000::/3 via 3ffe:ffff:0:f101::1
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <network>/<prefixlength> [dev <device>]
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example for removing upper added route again:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del 2000::/3 gw 3ffe:ffff:0:f101::1
|
|||
|
\layout Section
|
|||
|
|
|||
|
Add an IPv6 route through an interface
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Not often needed, sometimes in cases of dedicated point-to-point links.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device>
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> metric 1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route add 2000::/3 dev eth0 metric 1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Metric
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
1
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
is used here to be compatible with the metric used by route, because the
|
|||
|
default metric on using
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ip
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
is
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
1024
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <network>/<prefixlength> dev <device>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add 2000::/3 dev eth0
|
|||
|
\layout Section
|
|||
|
|
|||
|
Removing an IPv6 route through an interface
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Not so often needed to use by hand, configuration scripts will use such
|
|||
|
on shutdown.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route del <ipv6network>/<prefixlength> dev <device>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route del 2000::/3 dev eth0
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <network>/<prefixlength> dev <device>
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del 2000::/3 dev eth0
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-configuring-ipv6-in-ipv4-tunnels}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Configuring IPv6-in-IPv4 tunnels
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
If you want to leave your link you have no IPv6 capable network around you,
|
|||
|
you need IPv6-in-IPv4 tunneling to reach the World Wide IPv6-Internet.
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
There are some kind of tunnel mechanism and also some possibilities to setup
|
|||
|
tunnels.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Types of tunnels
|
|||
|
\layout Standard
|
|||
|
|
|||
|
There are more than one possibility to tunnel IPv6 packets over IPv4-only
|
|||
|
links.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Static point-to-point tunneling: 6bone
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
A point-to-point tunnel is a dedicated tunnel to an endpoint, which knows
|
|||
|
about your IPv6 network (for backward routing) and the IPv4 address of
|
|||
|
your tunnel endpoint and defined in
|
|||
|
\begin_inset LatexCommand \url[RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers]{http://rfc.net/rfc2893.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
Requirements:
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
IPv4 address of your local tunnel endpoint must be static, global unique
|
|||
|
and reachable from the foreign tunnel endpoint
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
A global IPv6 prefix assigned to you (see 6bone registry)
|
|||
|
\layout Itemize
|
|||
|
\align left
|
|||
|
A foreign tunnel endpoint which is capable to route your IPv6 prefix to
|
|||
|
your local tunnel endpoint (mostly remote manual configuration required)
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Automatically tunneling
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Automatic tunneling occurs, when a node directly connects another node gotten
|
|||
|
the IPv4 address of the other node before.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{tunneling-6to4}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
6to4-Tunneling
|
|||
|
\layout Standard
|
|||
|
|
|||
|
6to4 tunneling (
|
|||
|
\begin_inset LatexCommand \url[RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds]{http://rfc.net/rfc3056.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
) uses a simple mechanism to create automatic tunnels.
|
|||
|
Each node with a global unique IPv4 address is able to be a 6to4 tunnel
|
|||
|
endpoint (if no IPv4 firewall prohibits traffic).
|
|||
|
6to4 tunneling is mostly not a one-to-one tunnel.
|
|||
|
This case of tunneling can be divided into upstream and downstream tunneling.
|
|||
|
Also, a special IPv6 address indicates that this node will use 6to4 tunneling
|
|||
|
for connecting the world-wide IPv6 network
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Generation of 6to4 prefix
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The 6to4 address is defined like following (schema is taken from
|
|||
|
\begin_inset LatexCommand \url[RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds]{http://rfc.net/rfc3056.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
):
|
|||
|
\layout Code
|
|||
|
|
|||
|
| 3+13 | 32 | 16 | 64 bits |
|
|||
|
\layout Code
|
|||
|
|
|||
|
+---+------+-----------+--------+--------------------------------+
|
|||
|
\layout Code
|
|||
|
|
|||
|
| FP+TLA | V4ADDR | SLA ID | Interface ID |
|
|||
|
\layout Code
|
|||
|
|
|||
|
| 0x2002 | | | |
|
|||
|
\layout Code
|
|||
|
|
|||
|
+---+------+-----------+--------+--------------------------------+
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Where FP is the known prefix for global addresses, TLA is the top level
|
|||
|
aggregator.
|
|||
|
V4ADDR is the node's global unique IPv4 address (in hexadecimal notation).
|
|||
|
SLA is the subnet identifier (65536 local subnets possible).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Such prefix is generated and normally using SLA
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0000
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
and suffix
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
::1
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
assigned to the 6to4 tunnel interface.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Upstream tunneling
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The node has to know to which foreign tunnel endpoint its in IPv4 packed
|
|||
|
IPv6 packets should be send to.
|
|||
|
In
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
early
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
days of 6to4 tunneling, dedicated upstream accepting routers were defined.
|
|||
|
See
|
|||
|
\begin_inset LatexCommand \url[NSayer's 6to4 information]{http://www.kfu.com/~nsayer/6to4/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for a list of routers.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Nowadays, 6to4 upstream routers can be found auto-magically using the anycast
|
|||
|
address 192.88.99.1.
|
|||
|
In the background routing protocols handle this, see
|
|||
|
\begin_inset LatexCommand \url[RFC 3068 / An Anycast Prefix for 6to4 Relay Routers]{http://www.faqs.org/rfcs/rfc3068.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for details.
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Downstream tunneling
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The downstream (6bone -> your 6to4 enabled node) is not really fix and can
|
|||
|
vary from foreign host which originated packets were send to.
|
|||
|
There exist two possibilities:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Foreign host uses uses 6to4 and sends packet direct back to your node (see
|
|||
|
below)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Foreign host sends packets back to the world-wide IPv6 network and depending
|
|||
|
on the dynamic routing a relay router create a automatic tunnel back to
|
|||
|
your node.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Displaying existing tunnels
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "ip"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 tunnel show [<device>]
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 tunnel show
|
|||
|
\layout Code
|
|||
|
|
|||
|
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
|
|||
|
\layout Code
|
|||
|
|
|||
|
sit1: ipv6/ip remote 195.226.187.50 local any ttl 64
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example (output is filtered to display only tunnels through virtual interface
|
|||
|
sit0):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 | grep "
|
|||
|
\backslash
|
|||
|
Wsit0
|
|||
|
\backslash
|
|||
|
W*$"
|
|||
|
\layout Code
|
|||
|
|
|||
|
::/96 :: U 256 2 0 sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
2002::/16 :: UA 256 0 0 sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
2000::/3 ::193.113.58.75 UG 1 0 0 sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
fe80::/10 :: UA 256 0 0 sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
ff00::/8 :: UA 256 0 0 sit0
|
|||
|
\layout Section
|
|||
|
|
|||
|
Setup of point-to-point tunnel
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
There are 3 possibilities to add or remove point-to-point tunnels.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Add point-to-point tunnels
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ip" and "route"
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Common method at the moment for a small amount of tunnels
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage for creating a tunnel device (but it's not up afterward, also a TTL
|
|||
|
must be specified because the default value is 0).
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel add <device> mode sit ttl <ttldefault> remote
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> <ipv4addressofforeigntunnel> local <ipv4addresslocal>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage (generic example for three tunnels):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> <ipv4addressofforeigntunnel1> local <ipv4addresslocal>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit1 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel add sit2 mode sit ttl <ttldefault>
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> <ipv4addressofforeigntunnel2> local <ipv4addresslocal>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit2 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute2> dev sit2
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel add sit3 mode sit ttl <ttldefault>
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> <ipv4addressofforeigntunnel3> local <ipv4addresslocal>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit3 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute3> dev sit3
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ifconfig" and "route" (deprecated)
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
This not very recommended way to add a tunnel because it's a little bit
|
|||
|
strange.
|
|||
|
No problem if adding only one, but if you setup more than one, you cannot
|
|||
|
easy shutdown the first ones and leave the others running.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage (generic example for three tunnels):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel1>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit1 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel2>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit2 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute2> dev sit2
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel3>
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit3 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute3> dev sit3
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Important: DON'T USE THIS, because this setup implicit enable "automatic
|
|||
|
tunneling" from anywhere in the Internet, this is a risk, and it should
|
|||
|
not be advocated.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "route" only
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
It's also possible to setup tunnels in Non Broadcast Multiple Access (NBMA)
|
|||
|
style, it's a easy way to add many tunnels at once.
|
|||
|
But none of the tunnel can be numbered (which is a not required feature).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage (generic example for three tunnels):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute1> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> ::<ipv4addressofforeigntunnel1> dev sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute2> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> ::<ipv4addressofforeigntunnel2> dev sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute3> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> ::<ipv4addressofforeigntunnel3> dev sit0
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Important: DON'T USE THIS, because this setup implicit enable "automatic
|
|||
|
tunneling" from anywhere in the Internet, this is a risk, and it should
|
|||
|
not be advocated.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Removing point-to-point tunnels
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Manually not so often needed, but used by scripts for clean shutdown or
|
|||
|
restart of IPv6 configuration.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ip" and "route"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage for removing a tunnel device:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel del <device>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage (generic example for three tunnels):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute1> dev sit1
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit1 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel del sit
|
|||
|
\series bold
|
|||
|
1
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute2> dev sit2
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit2 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel del sit2
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute3> dev sit3
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit3 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel del sit3
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ifconfig" and "route" (deprecated because not very funny)
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Not only the creation is strange, the shutdown also...you have to remove the
|
|||
|
tunnels in backorder, means the latest created must be removed first.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Usage (generic example for three tunnels):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute3> dev sit3
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit3 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute2> dev sit2
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit2 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit1 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 down
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "route"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This is like removing normal IPv6 routes
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
Usage (generic example for three tunnels):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute1> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> ::<ipv4addressofforeigntunnel1> dev sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute2> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> ::<ipv4addressofforeigntunnel2> dev sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del <prefixtoroute3> gw
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> ::<ipv4addressofforeigntunnel3> dev sit0
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 down
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Numbered point-to-point tunnels
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Sometimes it's needed to configure a point-to-point tunnel with IPv6 addresses
|
|||
|
like in IPv4 today.
|
|||
|
This is only possible with the first (ifconfig+route - deprecated) and
|
|||
|
third (ip+route) tunnel setup.
|
|||
|
In such cases, you can add the IPv6 address to the tunnel interface like
|
|||
|
shown on interface configuration.
|
|||
|
|
|||
|
\layout Section
|
|||
|
|
|||
|
Setup of 6to4 tunnels
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Add a 6to4 tunnel
|
|||
|
\layout Standard
|
|||
|
|
|||
|
First, you have to calculate your 6to4 prefix using your local assigned
|
|||
|
global routable IPv4 address (if your host has no global routable IPv4
|
|||
|
address, in special cases NAT on border gateways is possible):
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Assuming your IPv4 address is
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.4
|
|||
|
\layout Standard
|
|||
|
|
|||
|
the generated 6to4 prefix will be
|
|||
|
\layout Code
|
|||
|
|
|||
|
2002:0102:0304::
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Local 6to4 gateways should always assigned the manual suffix
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
::1
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, therefore your local 6to4 address will be
|
|||
|
\layout Code
|
|||
|
|
|||
|
2002:0102:0304::1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
There are two ways possible to setup 6to4 tunneling now.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ip" and a dedicated tunnel device
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This is now the recommended way.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Create a new tunnel device
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel add tun6to4 mode sit remote any local <localipv4address>
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Bring interface up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip link set dev tun6to4 up
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Add local 6to4 address to interface
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 addr add <local6to4address>/16 dev tun6to4
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Add (default) route to the global IPv6 network using the all-6to4-routers
|
|||
|
IPv4 anycast address
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ifconfig" and "route" and generic tunnel device
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
sit0
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(deprecated)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This is now deprecated because using the generic tunnel device sit0 doesn't
|
|||
|
let specify filtering per device.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Bring generic tunnel interface sit0 up
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 up
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Add local 6to4 address to interface
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 add <local6to4address>/16
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Add (default) route to the global IPv6 network using the all-6to4-relays
|
|||
|
IPv4 anycast address
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Remove a 6to4 tunnel
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using "ip" and a dedicated tunnel device
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Remove all routes through this dedicated tunnel device
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip -6 route flush dev tun6to4
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Shut down interface
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip link set dev tun6to4 down
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Remove created tunnel device
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ip tunnel del tun6to4
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Using
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ifconfig
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
and
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
route
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
and generic tunnel device
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
sit0
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(deprecated)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Remove (default) route through the 6to4 tunnel interface
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Remove local 6to4 address to interface
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 del <local6to4address>/16
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Shut down generic tunnel device (take care about this, perhaps it's still
|
|||
|
in use...)
|
|||
|
\layout Code
|
|||
|
|
|||
|
# /sbin/ifconfig sit0 down
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-configuring-ipv4-in-ipv6-tunnels}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Configuring IPv4-in-IPv6 tunnels
|
|||
|
\layout Standard
|
|||
|
\align left
|
|||
|
This will be filled in the future.
|
|||
|
At the moment, such tunnels are more used in test environments.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More information in the meantime:
|
|||
|
\begin_inset LatexCommand \url[RFC 2473 / Generic Packet Tunneling in IPv6 Specification]{http://rfc.net/rfc2473.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-kernel-settings}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Kernel settings
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To be filled...
|
|||
|
\layout Section
|
|||
|
|
|||
|
/proc filesystem
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To be filled with following content next: switches forwarding and autoconf
|
|||
|
behavior, acceptance of router advertisements and more.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Entries in /proc/net/
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To be filled...
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Entries in /proc/sys/net/
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To be filled...
|
|||
|
\layout Section
|
|||
|
|
|||
|
Netlink
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To be filled...
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
Network debugging
|
|||
|
\layout Section
|
|||
|
|
|||
|
Server socket binding
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Using
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
netstat
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
for server socket binding check
|
|||
|
\layout Standard
|
|||
|
|
|||
|
It's always interesting which server sockets are currently active on a node.
|
|||
|
Using
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
netstat
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
is a short way to get such information:
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Used options: -nlptu
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Example:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# netstat -nlptu
|
|||
|
\layout Code
|
|||
|
|
|||
|
Active Internet connections (only servers)
|
|||
|
\layout Code
|
|||
|
|
|||
|
Proto Recv-Q Send-Q Local Address Foreign Address State
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> PID/Program name
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1258/rpc.statd
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1502/rpc.mountd
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 22433/lpd Waiting
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1746/smbd
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1230/portmap
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 3551/X
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 18735/junkbuster
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 18822/(squid)
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 30734/named
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 6742/xinetd-ipv6
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 :::13 :::* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 6742/xinetd-ipv6
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 6742/xinetd-ipv6
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 :::53 :::* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 30734/named
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 :::22 :::* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1410/sshd
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 :::6010 :::* LISTEN
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 13237/sshd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:32768 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1258/rpc.statd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:2049 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> -
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:32770 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1502/rpc.mountd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:32771 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> -
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 1.2.3.1:137 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1751/nmbd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:137 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1751/nmbd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 1.2.3.1:138 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1751/nmbd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:138 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1751/nmbd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:33044 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 30734/named
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 1.2.3.1:53 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 30734/named
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 127.0.0.1:53 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 30734/named
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:67 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1530/dhcpd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:67 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1530/dhcpd
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:32858 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 18822/(squid)
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:4827 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 18822/(squid)
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:111 0.0.0.0:*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 1230/portmap
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 :::53 :::*
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 30734/named
|
|||
|
\layout Section
|
|||
|
|
|||
|
Examples for tcpdump packet dumps
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Here some examples of captured packets are shown, perhaps useful for your
|
|||
|
own debugging...
|
|||
|
\layout Standard
|
|||
|
|
|||
|
...more coming next...
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Router discovery
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Router advertisement
|
|||
|
\layout Code
|
|||
|
|
|||
|
15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> advertisement(chlim=64, router_ltime=30, reachable_time=0,
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20,
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000,
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr:
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 0:12:34:12:34:50) (len 88, hlim 255)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Router with link-local address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
fe80::212:34ff:fe12:3450
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
send an advertisement to the all-node-on-link multicast address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ff02::1
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
containing two prefixes
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
2002:0102:0304:1::/64
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(lifetime 30 s) and
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
3ffe:ffff:0:1::/64
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(lifetime 2592000 s) including its own layer 2 MAC address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0:12:34:12:34:50
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Router solicitation
|
|||
|
\layout Code
|
|||
|
|
|||
|
15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Node with link-local address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
fe80::212:34ff:fe12:3456
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
and layer 2 MAC address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0:12:34:12:34:56
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
is looking for a router on-link, therefore sending this solicitation to
|
|||
|
the all-router-on-link multicast address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ff02::2
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Neighbor discovery
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Neighbor discovery solicitation for duplicate address detection
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Following packets are sent by a node with layer 2 MAC address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
0:12:34:12:34:56
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
during autoconfiguration to check whether a potential address is already
|
|||
|
used by another node on the link sending this to the solicited-node link-local
|
|||
|
multicast address
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Node wants to configure its link-local address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
fe80::212:34ff:fe12:3456
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, checks for duplicate now
|
|||
|
\layout Code
|
|||
|
|
|||
|
15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Node wants to configure its global address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
2002:0102:0304:1:212:34ff:fe12:3456
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(after receiving advertisement shown above), checks for duplicate now
|
|||
|
\layout Code
|
|||
|
|
|||
|
15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len
|
|||
|
32,
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> hlim 255)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Node wants to configure its global address
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
3ffe:ffff:0:1:212:34ff:fe12:3456
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(after receiving advertisement shown above), checks for duplicate now
|
|||
|
\layout Code
|
|||
|
|
|||
|
15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32,
|
|||
|
hlim
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 255)
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Neighbor discovery solicitation for looking for host or gateway
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Note wants to send packages to
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
3ffe:ffff:0:1::10
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
but has no layer 2 MAC address to send packet, so send solicitation now
|
|||
|
\layout Code
|
|||
|
|
|||
|
13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6:
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e0:18:90:92:5) (len
|
|||
|
32,
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> hlim 255)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Node looks for
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
fe80::10
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
now
|
|||
|
\layout Code
|
|||
|
|
|||
|
13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255)
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-support-persistent-configuration}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Support for persistent IPv6 configuration in Linux distributions
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Some Linux distribution contain already support of a persistent IPv6 configurati
|
|||
|
on using existing or new configuration and script files and some hook in
|
|||
|
the IPv4 script files.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Red Hat Linux and
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
clones
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Since starting writing the
|
|||
|
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
it was my intention to enable a persistent IPv6 configuration which catch
|
|||
|
most of the wished cases like host-only, router-only, dual-homed-host,
|
|||
|
router with second stub network, normal tunnels, 6to4 tunnels, and so on.
|
|||
|
Nowadays there exists a set of configuration and script files which do
|
|||
|
the job very well (never heard about real problems, but I don't know how
|
|||
|
many use the set.
|
|||
|
Because this configuration and scrips files are extended from time to time,
|
|||
|
they got their own HOWTO page:
|
|||
|
\begin_inset LatexCommand \url[IPv6-HOWTO/scripts/current]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
Because I began my IPv6 experience using a Red Hat Linux 5.0 clone, my IPv6
|
|||
|
development systems are mostly Red Hat Linux based now, it's kind a logic
|
|||
|
that the scripts are developed for this kind of distribution (so called
|
|||
|
|
|||
|
\emph on
|
|||
|
historic issue
|
|||
|
\emph default
|
|||
|
).
|
|||
|
Also it was very easy to extend some configuration files, create new ones
|
|||
|
and create some simple hook for calling IPv6 setup during IPv4 setup.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Fortunately, in Red Hat Linux since 7.1 a snapshot of my IPv6 scripts is
|
|||
|
included, this was and is still further on assisted by Pekka Savola.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Mandrake since version 8.0 also includes an IPv6-enabled initscript package,
|
|||
|
but a minor bug still prevents usage (
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
ifconfig
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
misses
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
inet6
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
before
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
add
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
).
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Test for IPv6 support
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You can test, whether your Linux distribution contain support for persistent
|
|||
|
IPv6 configuration using my set.
|
|||
|
Following script library should exist:
|
|||
|
\layout Code
|
|||
|
|
|||
|
/etc/sysconfig/network-scripts/network-functions-ipv6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Auto-magically test:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo
|
|||
|
"Main
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> IPv6 script libary exists"
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The version of the library is important if you miss some features.
|
|||
|
You can get it executing following (or easier look at the top of the file):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# source /etc/sysconfig/network-scripts/network-functions-ipv6 &&
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> getversion_ipv6_functions
|
|||
|
\layout Code
|
|||
|
|
|||
|
20011124
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In shown example, the used version is
|
|||
|
\series bold
|
|||
|
20011124
|
|||
|
\series default
|
|||
|
.
|
|||
|
Check this against latest information on
|
|||
|
\begin_inset LatexCommand \url[IPv6-HOWTO/scripts/current]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
to see what has been changed.
|
|||
|
There is also a change-log available in the distributed tar-ball.
|
|||
|
\layout Section
|
|||
|
|
|||
|
SuSE Linux
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In newer versions there is a really rudimentary support available, see /etc/rc.co
|
|||
|
nfig for details.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because of the really different configuration and script file structure
|
|||
|
it is hard (or impossible) to use the set for Red Hat Linux and clones
|
|||
|
with this distribution.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Further information
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[How to setup 6to4 IPv6 with SuSE 7.3]{http://www.feyrer.de/IPv6/SuSE73-IPv6+6to4-setup.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Section
|
|||
|
|
|||
|
Debian Linux
|
|||
|
\layout Standard
|
|||
|
|
|||
|
I still don't have any information weather a persistent IPv6 configuration
|
|||
|
can stored somewhere.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Further information
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[IPv6 on Debian Linux]{http://people.debian.org/~csmall/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-autoconfiguration}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Auto-configuration and mobility
|
|||
|
\layout Section
|
|||
|
|
|||
|
Stateless auto-configuration
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Is supported and seen on the assigned link-local address after an IPv6-enabled
|
|||
|
interface is up.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Stateful auto-configuration using Router Advertisement Daemon (radvd)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
to be filled.
|
|||
|
See
|
|||
|
\begin_inset LatexCommand \ref[radvd daemon autoconfiguration]{hints-daemons-radvd}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
below.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Dynamic Host Configuration Protocol v6 (DHCPv6)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
to be filled.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Mobility
|
|||
|
\layout Standard
|
|||
|
|
|||
|
to be filled.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For the moment, see
|
|||
|
\begin_inset LatexCommand \url[Mobile IPv6 for Linux(MIPL) homepage]{http://www.mipl.mediapoli.com/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
for more details
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-firewalling-security}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Firewalling and security issues
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 firewalling is important, especially if using IPv6 on internal networks
|
|||
|
with global IPv6 addresses.
|
|||
|
Because unlike at IPv4 networks where in common internal hosts are protected
|
|||
|
automatically using private IPv4 addresses like
|
|||
|
\begin_inset LatexCommand \url[RFC 1918 / Address Allocation for Private Internets]{http://rfc.net/rfc1918.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
or
|
|||
|
\begin_inset LatexCommand \url[APIPA / Automatic Private IP Addressing]{http://www.glossary-tech.com/apipa.htm}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, in IPv6 normally global addresses are used and someone with IPv6 connectivity
|
|||
|
can reach all internal IPv6 enabled nodes.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Firewalling
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{firewalling-netfilter6}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Firewalling using netfilter6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Native IPv6 firewalling is only supported in kernel versions 2.4+.
|
|||
|
In older 2.2- you can only filter IPv6-in-IPv4 by protocol 41.
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Attention: no warranty that described rules or examples are really protect
|
|||
|
your system!
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
More information
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Netfilter project]{http://www.netfilter.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[maillist archive of netfilter users]{http://lists.samba.org/pipermail/netfilter/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[maillist archive of netfilter developers]{http://lists.samba.org/pipermail/netfilter-devel/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Unofficial status informations]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#netfilter6 }
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Preparation
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Get sources
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Get the latest kernel source:
|
|||
|
\begin_inset LatexCommand \url[http://www.kernel.org/]{http://www.kernel.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Get the latest iptables package:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Source tarball (for kernel patches):
|
|||
|
\begin_inset LatexCommand \url[http://www.netfilter.org/]{http://www.netfilter.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Source RPM for rebuild of binary (for RedHat systems):
|
|||
|
\begin_inset LatexCommand \url[ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/]{ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
or perhaps also at
|
|||
|
\begin_inset LatexCommand \url[http://www.netcore.fi/pekkas/linux/ipv6/ ]{http://www.netcore.fi/pekkas/linux/ipv6/ }
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Extract sources
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Change to source directory:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# cd /path/to/src
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Unpack and rename kernel sources
|
|||
|
\layout Code
|
|||
|
|
|||
|
# tar z|jxf kernel-version.tar.gz|bz2
|
|||
|
\layout Code
|
|||
|
|
|||
|
# mv linux linux-version-iptables-version+IPv6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Unpack iptables sources
|
|||
|
\layout Code
|
|||
|
|
|||
|
# tar z|jxf iptables-version.tar.gz|bz2
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Apply latest iptables/IPv6-related patches to kernel source
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Change to iptables directory
|
|||
|
\layout Code
|
|||
|
|
|||
|
# cd iptables-version
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Apply pending patches
|
|||
|
\layout Code
|
|||
|
|
|||
|
# make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Apply additional IPv6 related patches (still not in the vanilla kernel included)
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Say yes at following options (iptables-1.2.2)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ah-esp.patch
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN
|
|||
|
connections like PPP or PPPoE)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ipv6-agr.patch.ipv6
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ipv6-ports.patch.ipv6
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
LOG.patch.ipv6
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
REJECT.patch.ipv6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Check IPv6 extensions
|
|||
|
\layout Code
|
|||
|
|
|||
|
# make print-extensions
|
|||
|
\layout Code
|
|||
|
|
|||
|
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Configure, build and install new kernel
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Change to kernel sources
|
|||
|
\layout Code
|
|||
|
|
|||
|
# cd /path/to/src/linux-version-iptables-version/
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Edit Makefile
|
|||
|
\layout Code
|
|||
|
|
|||
|
- EXTRAVERSION =
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ EXTRAVERSION = -iptables-version+IPv6-try
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Run configure, enable IPv6 related
|
|||
|
\layout Code
|
|||
|
|
|||
|
Code maturity level options
|
|||
|
\layout Code
|
|||
|
|
|||
|
Prompt for development and/or incomplete code/drivers
|
|||
|
: yes
|
|||
|
\layout Code
|
|||
|
|
|||
|
Networking options
|
|||
|
\layout Code
|
|||
|
|
|||
|
Network packet filtering: yes
|
|||
|
\layout Code
|
|||
|
|
|||
|
The IPv6 protocol: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
IPv6: Netfilter Configuration
|
|||
|
\layout Code
|
|||
|
|
|||
|
IP6 tables support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
All new options like following:
|
|||
|
\layout Code
|
|||
|
|
|||
|
limit match support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
MAC address match support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
Multiple port match support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
Owner match support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
netfilter MARK match support: module
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Aggregated address check: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
Packet filtering: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
REJECT target support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
LOG target support: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
Packet mangling: module
|
|||
|
\layout Code
|
|||
|
|
|||
|
MARK target support: module
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Configure other related to your system, too
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Compilation and installing: see the kernel section here and other HOWTOs
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Rebuild and install binaries of iptables
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Make sure, that upper kernel source tree is also available at /usr/src/linux/
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Rename older directory
|
|||
|
\layout Code
|
|||
|
|
|||
|
# mv /usr/src/linux /usr/src/linux.old
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Create a new softlink
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ln /path/to/src/linux-version-iptables-version /usr/src/linux
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Rebuild SRPMS
|
|||
|
\layout Code
|
|||
|
|
|||
|
# rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Install new iptables packages (iptables + iptables-ipv6)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
On RH 7.1 systems, normally, already an older version is installed, therefore
|
|||
|
use "freshen"
|
|||
|
\layout Code
|
|||
|
|
|||
|
# rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
If not already installed, use "install"
|
|||
|
\layout Code
|
|||
|
|
|||
|
# rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
On RH 6.2 systems, normally, no kernel 2.4.x is installed, therefore the requiremen
|
|||
|
ts don't fit.
|
|||
|
Use "--nodeps" to install it
|
|||
|
\layout Code
|
|||
|
|
|||
|
# rpm -ihv --nodep /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Perhaps it's necessary to create a softlink for iptables libraries where
|
|||
|
iptables looks for them
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ln -s /lib/iptables/ /usr/lib/iptables
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Usage
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Check for support
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Load module, if so compiled
|
|||
|
\layout Code
|
|||
|
|
|||
|
# modprobe ip6_tables
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Check for capability
|
|||
|
\layout Code
|
|||
|
|
|||
|
# [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 'ip6tables' firewalling (IPv6)!"
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Learn how to use ip6tables
|
|||
|
\layout Standard
|
|||
|
|
|||
|
List all IPv6 netfilter entries
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Short
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -L
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Extended
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -n -v --line-numbers -L
|
|||
|
\layout Standard
|
|||
|
|
|||
|
List specified filter
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -n -v --line-numbers -L INPUT
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Insert a log rule at the input filter with options
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:"
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> --log-level 7
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Insert a drop rule at the input filter
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables --table filter --append INPUT -j DROP
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Delete a rule by number
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables --table filter --delete INPUT 1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Allow ICMPv6, at the moment, with unpatched kernel 2.4.5 and iptables-1.2.2
|
|||
|
no type can be specified
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Accept incoming ICMPv6 through tunnels
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Allow outgoing ICMPv6 through tunnels
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Allow incoming SSH, here an example is shown for a ruleset which allows
|
|||
|
incoming SSH connection from a specified IPv6 address
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Allow incoming SSH from 3ffe:400:100::1/128
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -A INPUT -i sit+ -p tcp -s 3ffe:400:100::1/128 --sport 512:65535
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> --dport 22 -j ACCEPT
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Allow response packets (at the moment IPv6 connection tracking isn't in
|
|||
|
mainstream netfilter6 implemented)
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -A OUTPUT -o sit+ -p tcp -d 3ffe:400:100::1/128 --dport 512:65535
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> --sport 22 ! --syn j ACCEPT
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Enable tunneled IPv6-in-IPv4, to accept tunneled IPv6-in-IPv4 packets, you
|
|||
|
have to insert rules in your IPv4 firewall setup relating to such packets,
|
|||
|
for example
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Accept incoming IPv6-in-IPv4 on interface ppp0
|
|||
|
\layout Code
|
|||
|
|
|||
|
# iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Allow outgoing IPv6-in-IPv4 to interface ppp0
|
|||
|
\layout Code
|
|||
|
|
|||
|
# iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If you have only a static tunnel, you can specify the IPv4 addresses, too,
|
|||
|
like
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 1.2.3.4
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 1.2.3.4
|
|||
|
\layout Code
|
|||
|
|
|||
|
# iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Protect against incoming TCP connection requests (VERY RECOMMENDED!), for
|
|||
|
security issues you should really insert a rule which blocks incoming TCP
|
|||
|
connection requests.
|
|||
|
Adapt "-i" option, if other interface names are in use!
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Block incoming TCP connection requests to this host
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Block incoming TCP connection requests to hosts behind this router
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Perhaps the rules have to be placed below others, but that is work you have
|
|||
|
to think about it.
|
|||
|
Best way is to create a script and execute rules in a specified way.
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Protect against incoming UDP connection requests (ALSO RECOMMENDED!), like
|
|||
|
mentioned on my firewall information it's possible to control the ports
|
|||
|
on outgoing UDP/TCP sessions.
|
|||
|
So if all of your local IPv6 systems are use local ports e.g.
|
|||
|
from 32768 to 60999 you are able to filter UDP connections also (until
|
|||
|
connection tracking works) like:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Block incoming UDP packets which cannot be responses of outgoing requests
|
|||
|
of this host
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Block incoming UDP packets which cannot be responses of forwarded requests
|
|||
|
of hosts behind this router
|
|||
|
\layout Code
|
|||
|
|
|||
|
ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Demonstration example
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Following lines show a more sophisticated setup as an example.
|
|||
|
Happy netfilter6 ruleset creation....
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip6tables -n -v -L
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain INPUT (policy DROP 0 packets, 0 bytes)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 extIN all sit+ * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
4 384 intIN all eth0 * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT all * * ::1/128 ::1/128
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT all lo * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `INPUT-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain FORWARD (policy DROP 0 packets, 0 bytes)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 int2ext all eth0 sit+ ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ext2int all sit+ eth0 ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `FORWARD-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 extOUT all * sit+ ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
4 384 intOUT all * eth0 ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT all * * ::1/128 ::1/128
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT all * lo ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `OUTPUT-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain ext2int (1 references)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `ext2int-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP tcp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP udp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain extIN (1 references)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> tcp spts:512:65535 dpt:22
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> tcp spts:512:65535 dpt:22
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT udp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> udp spts:1:65535 dpts:1024:65535
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:'
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain extOUT (1 references)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * ::/0
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 3ffe:400:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * ::/0
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 3ffe:400:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> tcp spts:1024:65535 dpts:1:65535
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT udp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> udp spts:1024:65535 dpts:1:65535
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `extOUT-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain int2ext (1 references)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT tcp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> tcp spts:1024:65535 dpts:1:65535
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `int2ext:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `int2ext-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP tcp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP udp * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain intIN (1 references)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT all * * ::/0
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> fe80::/ffc0::
|
|||
|
\layout Code
|
|||
|
|
|||
|
4 384 ACCEPT all * * ::/0 ff02::/16
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Chain intOUT (1 references)
|
|||
|
\layout Code
|
|||
|
|
|||
|
pkts bytes target prot opt in out source destination
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD>
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 ACCEPT all * * ::/0
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> fe80::/ffc0::
|
|||
|
\layout Code
|
|||
|
|
|||
|
4 384 ACCEPT all * * ::/0 ff02::/16
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 LOG all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> LOG flags 0 level 7 prefix `intOUT-default:'
|
|||
|
\layout Code
|
|||
|
|
|||
|
0 0 DROP all * * ::/0 ::/0
|
|||
|
|
|||
|
\layout Section
|
|||
|
|
|||
|
Security
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Node security
|
|||
|
\layout Standard
|
|||
|
|
|||
|
It's very recommend to apply all available patches and disable all not necessary
|
|||
|
services.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled...
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Access limitations
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Many services uses the tcp_wrapper library for access control.
|
|||
|
Below is described the
|
|||
|
\begin_inset LatexCommand \ref[use of tcp_wrapper]{hints-daemons-tcpwrapper}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled...
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-encryption-authentication}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Encryption and Authentication
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Unlike in IPv4 encryption and authentication is a mandatory feature of IPv6.
|
|||
|
This features are normally implemented using IPsec (which can be also used
|
|||
|
by IPv4).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
But because of the independence of encryption and authentication from the
|
|||
|
key exchange protocol there exists currently some interoperability problems
|
|||
|
regarding this issue.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Support in kernel
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Support in vanilla Linux kernel
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Currently missing in 2.4, perhaps in 2.5 (see below).
|
|||
|
There is an issue about keeping the Linux kernel source free of export/import-c
|
|||
|
ontrol-laws regarding encryption code.
|
|||
|
This is also one case why
|
|||
|
\begin_inset LatexCommand \url[FreeS/WAN project]{http://www.freeswan.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(IPv4 only IPsec) isn't still contained in vanilla source.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Support in USAGI kernel
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The USAGI project has taken over in July 2001 the IPv6 enabled FreeS/WAN
|
|||
|
code from the
|
|||
|
\begin_inset LatexCommand \url[IABG / IPv6 Project]{http://www.ipv6.iabg.de/downloadframe/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
and included in their kernel extensions, but still work in progress, means
|
|||
|
that not all IABG features are already working in USAGI extension.
|
|||
|
\layout Section
|
|||
|
|
|||
|
Usage
|
|||
|
\layout Standard
|
|||
|
|
|||
|
to be filled, mostly like FreeS/WAN for IPv4.
|
|||
|
For the meantime look for documentation at
|
|||
|
\begin_inset LatexCommand \url[FreeS/WAN / Online documentation]{http://www.freeswan.org/doc.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-qos}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Quality of Service (QoS)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 supports QoS with use of Flow Labels and Traffic Classes.
|
|||
|
This can be controlled using
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
tc
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
(contained in package
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
iproute
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
more to be filled...
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-hints-daemons}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Hints for IPv6-enabled daemons
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Here some hints are shown for IPv6-enabled daemons.
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{hints-daemons-bind}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Berkeley Internet Name Daemon BIND (named)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 is supported since version 9.
|
|||
|
Always use newest available version.
|
|||
|
At least version 9.1.3 must be used, older versions can contain remote exploitabl
|
|||
|
e security holes.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Listening on IPv6 addresses
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: unlike in IPv4 current versions doesn't allow to bind a server socket
|
|||
|
to dedicated IPv6 addresses, so only
|
|||
|
\emph on
|
|||
|
any
|
|||
|
\emph default
|
|||
|
or
|
|||
|
\emph on
|
|||
|
none
|
|||
|
\emph default
|
|||
|
are valid.
|
|||
|
Because this can be a security issue, check the Access Control List (ACL)
|
|||
|
section below, too!
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Enable BIND named for listening on IPv6 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To enable IPv6 for listening, following options are requested to change
|
|||
|
\layout Code
|
|||
|
|
|||
|
options {
|
|||
|
\layout Code
|
|||
|
|
|||
|
# sure other options here, too
|
|||
|
\layout Code
|
|||
|
|
|||
|
listen-on-v6 { any; };
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This should result after restart in e.g.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# netstat -lnptu |grep "named
|
|||
|
\backslash
|
|||
|
W*$"
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 :::53 :::* LISTEN 12345/named
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- incoming TCP requests
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 1.2.3.4:53 0.0.0.0:* 12345/named
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- incoming UDP requests to IPv4 1.2.3.4
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 127.0.0.1:53 0.0.0.0:* 12345/named
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- incoming UDP requests to IPv4 localhost
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 0.0.0.0:32868 0.0.0.0:* 12345/named
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- dynamic choosen port for outgoing queries
|
|||
|
\layout Code
|
|||
|
|
|||
|
udp 0 0 :::53 :::* 12345/named
|
|||
|
\emph on
|
|||
|
|
|||
|
\emph default
|
|||
|
<- incoming UDP request to any IPv6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
And a simple test looks like
|
|||
|
\layout Code
|
|||
|
|
|||
|
# dig localhost @::1
|
|||
|
\layout Standard
|
|||
|
|
|||
|
and should show you a result.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Disable BIND named for listening on IPv6 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To disable IPv6 for listening, following options are requested to change
|
|||
|
\layout Code
|
|||
|
|
|||
|
options {
|
|||
|
\layout Code
|
|||
|
|
|||
|
# sure other options here, too
|
|||
|
\layout Code
|
|||
|
|
|||
|
listen-on-v6 { none; };
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
IPv6 enabled Access Control Lists (ACL)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 enabled ACLs are possible and should be used whenever it's possible.
|
|||
|
An example looks like following:
|
|||
|
\layout Code
|
|||
|
|
|||
|
acl internal-net {
|
|||
|
\layout Code
|
|||
|
|
|||
|
127.0.0.1;
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.0/24;
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100::/56;
|
|||
|
\layout Code
|
|||
|
|
|||
|
::1/128;
|
|||
|
\layout Code
|
|||
|
|
|||
|
::ffff:1.2.3.4/128;
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Code
|
|||
|
|
|||
|
acl ns-internal-net {
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.4;
|
|||
|
\layout Code
|
|||
|
|
|||
|
1.2.3.5;
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100::4/128;
|
|||
|
\layout Code
|
|||
|
|
|||
|
3ffe:ffff:100::5/128;
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This ACLs can be used e.g.
|
|||
|
for queries of clients and transfer zones to secondary name-servers.
|
|||
|
This prevents also your caching name-server to be used from outside using
|
|||
|
IPv6.
|
|||
|
\layout Code
|
|||
|
|
|||
|
options {
|
|||
|
\layout Code
|
|||
|
|
|||
|
# sure other options here, too
|
|||
|
\layout Code
|
|||
|
|
|||
|
listen-on-v6 { none; };
|
|||
|
\layout Code
|
|||
|
|
|||
|
allow-query { internal-net; };
|
|||
|
\layout Code
|
|||
|
|
|||
|
allow-transfer { ns-internal-net; };
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Standard
|
|||
|
|
|||
|
It's also possible to set the
|
|||
|
\emph on
|
|||
|
allow-query
|
|||
|
\emph default
|
|||
|
and
|
|||
|
\emph on
|
|||
|
allow-transfer
|
|||
|
\emph default
|
|||
|
option for most of single zone definitions, too.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Sending queries with dedicated IPv6 address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This option is not required, but perhaps needed:
|
|||
|
\layout Code
|
|||
|
|
|||
|
query-source-v6 address <ipv6address|*> port <port|*>;
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Per zone defined dedicated IPv6 addresses
|
|||
|
\layout Standard
|
|||
|
|
|||
|
It's also possible to define per zone some IPv6 addresses.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Transfer source address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Transfer source address is used for outgoing zone transfers:
|
|||
|
\layout Code
|
|||
|
|
|||
|
transfer-source-v6 <ipv6addr|*> [port port];
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Notify source address
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Notify source address is used for outgoing notify messages:
|
|||
|
\layout Code
|
|||
|
|
|||
|
notify-source-v6 <ipv6addr|*> [port port];
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Serving IPv6 related DNS data
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For IPv6 new types and root zones for reverse lookups are defined:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
AAAA and reverse IP6.INT: specified in
|
|||
|
\begin_inset LatexCommand \url[RFC 1886 / DNS Extensions to support IP version 6]{http://rfc.net/rfc1886.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, usable since BIND version 4.9.6
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
A6, DNAME and reverse IP6.ARPA: specified in
|
|||
|
\begin_inset LatexCommand \url[RFC 2874 / DNS Extensions to Support IPv6 Address Aggregation and Renumbering]{http://rfc.net/rfc2874.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, usable since BIND 9
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Perhaps filled later more content, for the meantime take a look at given
|
|||
|
RFCs and
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
AAAA and reverse IP6.INT:
|
|||
|
\begin_inset LatexCommand \url[IPv6 DNS Setup Information]{http://www.isi.edu/~bmanning/v6DNS.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
A6, DNAME and reverse IP6.ARPA: take a look into chapter 4 and 6 of the BIND
|
|||
|
9 Administrator Reference Manual (ARM) distributed which the bind-package
|
|||
|
or get this here:
|
|||
|
\begin_inset LatexCommand \url[BIND version 9 ARM (PDF)]{http://www.nominum.com/resources/documentation/Bv9ARM.pdf}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because IP6.INT is deprecated (but still in use), a DNS server which will
|
|||
|
support IPv6 information has to serve both reverse zones.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Checking IPv6-enabled connect
|
|||
|
\layout Standard
|
|||
|
|
|||
|
To check, whether BIND is listening on an IPv6 socket and serving data see
|
|||
|
following examples.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
IPv6 connect, but denied by ACL
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Specifying a dedicated server for the query, an IPv6 connect can be forced:
|
|||
|
\layout Code
|
|||
|
|
|||
|
$ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
Using domain server:
|
|||
|
\layout Code
|
|||
|
|
|||
|
Name: 3ffe:ffff:200:f101::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
Address: 3ffe:ffff:200:f101::1#53
|
|||
|
\layout Code
|
|||
|
|
|||
|
Aliases:
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
Host www.6bone.net.
|
|||
|
not found: 5(REFUSED)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Related log entry looks like following:
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 3 12:43:32 gate named[12347]: client
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> 3ffe:ffff:200:f101:212:34ff:fe12:3456#32770:
|
|||
|
\layout Code
|
|||
|
|
|||
|
query denied
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If you see such entries in the log, check whether requests from this client
|
|||
|
should be allowed and perhaps review your ACL configuration.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Successful IPv6 connect
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A successful IPv6 connect looks like following:
|
|||
|
\layout Code
|
|||
|
|
|||
|
$ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
Using domain server:
|
|||
|
\layout Code
|
|||
|
|
|||
|
Name: 3ffe:ffff:200:f101::1
|
|||
|
\layout Code
|
|||
|
|
|||
|
Address: 3ffe:ffff:200:f101::1#53
|
|||
|
\layout Code
|
|||
|
|
|||
|
Aliases:
|
|||
|
\layout Code
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
www.6bone.net.
|
|||
|
is an alias for 6bone.net.
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
6bone.net.
|
|||
|
has AAAA address 3ffe:b00:c18:1::10
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{hints-daemons-xinetd}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Internet super daemon (xinetd)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
IPv6 is supported since version around 1.8.9.
|
|||
|
Always use newest available version.
|
|||
|
At least version 2.3.3 must be used, older versions can contain remote exploitabl
|
|||
|
e security holes.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Some Linux distribution contain an extra package for the IPv6 enabled xinetd,
|
|||
|
some others start the IPv6-enabled xinetd if following variable is set:
|
|||
|
NETWORKING_IPV6="yes", mostly done by /etc/sysconfig/network (only valid
|
|||
|
for Red Hat like distributions).
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If you enable a built-in service like e.g.
|
|||
|
daytime by modifying the configuration file in /etc/xinetd.d/daytime like
|
|||
|
\layout Code
|
|||
|
|
|||
|
# diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime
|
|||
|
\layout Code
|
|||
|
|
|||
|
--- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001
|
|||
|
\layout Code
|
|||
|
|
|||
|
+++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001
|
|||
|
\layout Code
|
|||
|
|
|||
|
@@ -10,5 +10,5 @@
|
|||
|
\layout Code
|
|||
|
|
|||
|
protocol = tcp
|
|||
|
\layout Code
|
|||
|
|
|||
|
user = root
|
|||
|
\layout Code
|
|||
|
|
|||
|
wait = no
|
|||
|
\layout Code
|
|||
|
|
|||
|
- disable = yes
|
|||
|
\layout Code
|
|||
|
|
|||
|
+ disable = no
|
|||
|
\layout Code
|
|||
|
|
|||
|
}
|
|||
|
\layout Standard
|
|||
|
|
|||
|
After restarting the xinetd you should get a positive result like:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# netstat -lnptu -A inet6 |grep "xinetd*"
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service
|
|||
|
daytime/tcp
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd.
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: An IPv4-only xinetd won't start on an IPv6-enabled node and also the
|
|||
|
IPv6-enabled won't start on an IPv4-only node (will be hopefully fixed
|
|||
|
in the future).
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{hints-daemons-apache2}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Webserver Apache2 (httpd2)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Apache web server supports IPv6 native by maintainers since 2.0.14.
|
|||
|
Available patches for the older 1.3.x series are not current and shouldn't
|
|||
|
be used in public environment, but available at
|
|||
|
\begin_inset LatexCommand \url[KAME / Misc]{ftp://ftp.kame.net/pub/kame/misc/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Listening on IPv6 addresses
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Note: virtual hosts on IPv6 addresses are broken in versions until 2.0.28
|
|||
|
(a patch is available for 2.0.28).
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Virtual host listen on an IPv6 address only
|
|||
|
\layout Code
|
|||
|
|
|||
|
Listen [3ffe:ffff:100::1]:80
|
|||
|
\layout Code
|
|||
|
|
|||
|
<VirtualHost [3ffe:ffff:100::1]:80>
|
|||
|
\layout Code
|
|||
|
|
|||
|
ServerName ipv6only.yourdomain.yourtopleveldomain
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ...sure more config lines
|
|||
|
\layout Code
|
|||
|
|
|||
|
</VirtualHost>
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Virtual host listen on an IPv6 and on an IPv4 address
|
|||
|
\layout Code
|
|||
|
|
|||
|
Listen [3ffe:ffff:100::2]:80
|
|||
|
\layout Code
|
|||
|
|
|||
|
Listen 1.2.3.4:80
|
|||
|
\layout Code
|
|||
|
|
|||
|
<VirtualHost [3ffe:ffff:100::2]:80 1.2.3.4:80>
|
|||
|
\layout Code
|
|||
|
|
|||
|
ServerName ipv6andipv4.yourdomain.yourtopleveldomain
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ...sure more config lines
|
|||
|
\layout Code
|
|||
|
|
|||
|
</VirtualHost>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This should result after restart in e.g.
|
|||
|
\layout Code
|
|||
|
|
|||
|
# netstat -lnptu |grep "httpd2
|
|||
|
\backslash
|
|||
|
W*$"
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 3ffe:ffff:100::1:80 :::* LISTEN 12345/httpd2
|
|||
|
\layout Code
|
|||
|
|
|||
|
tcp 0 0 3ffe:ffff:100::2:80 :::* LISTEN 12345/httpd2
|
|||
|
\layout Standard
|
|||
|
|
|||
|
For simple tests use the telnet example already shown.
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{hints-daemons-radvd}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Router Advertisement Daemon (radvd)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
The router advertisement daemon is very useful on a LAN, if clients should
|
|||
|
be auto-configured.
|
|||
|
The daemon itself should run a Linux router (not necessary the default
|
|||
|
IPv4 gateway).
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You can specify some information and flags which should be contained in
|
|||
|
the advertisement.
|
|||
|
Common used are
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Prefix (needed)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Lifetime of the prefix
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Frequency of sending advertisements (optional)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
After a proper configuration, the daemon sends advertisements through specified
|
|||
|
interfaces and clients are hopefully receive them and auto-magically configure
|
|||
|
addresses with received prefix and the default route.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Configuring radvd
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Simple configuration
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Radvd's config file is normally /etc/radvd.conf.
|
|||
|
An simple example looks like following:
|
|||
|
\layout Code
|
|||
|
|
|||
|
interface eth0 {
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvSendAdvert on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
MinRtrAdvInterval 3;
|
|||
|
\layout Code
|
|||
|
|
|||
|
MaxRtrAdvInterval 10;
|
|||
|
\layout Code
|
|||
|
|
|||
|
prefix 3ffe:ffff:0100:f101::/64 {
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvOnLink on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvAutonomous on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvRouterAddr on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This results on client side in
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip -6 addr show eth0
|
|||
|
\layout Code
|
|||
|
|
|||
|
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 3ffe:ffff:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
valid_lft 2591992sec preferred_lft 604792sec
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 fe80::2e0:12ff:fe34:1234/10 scope link
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because no lifetime was defined, a very high value was used.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Special 6to4 configuration
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Version since 0.6.2pl3 support the automatic (re)-generation of the prefix
|
|||
|
depending on an IPv4 address of a specified interface.
|
|||
|
This can be used to distribute advertisements in a LAN after the 6to4 tunneling
|
|||
|
has changed.
|
|||
|
Mostly used behind a dynamic dial-on-demand Linux router.
|
|||
|
Because of the sure shorter lifetime of such prefix (after each dial-up,
|
|||
|
another prefix is valid), the lifetime configured to minimal values:
|
|||
|
\layout Code
|
|||
|
|
|||
|
interface eth0 {
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvSendAdvert on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
MinRtrAdvInterval 3;
|
|||
|
\layout Code
|
|||
|
|
|||
|
MaxRtrAdvInterval 10;
|
|||
|
\layout Code
|
|||
|
|
|||
|
prefix 0:0:0:f101::/64 {
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvOnLink off;
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvAutonomous on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvRouterAddr on;
|
|||
|
\layout Code
|
|||
|
|
|||
|
Base6to4Interface ppp0;
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvPreferredLifetime 20;
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvValidLifetime 30;
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Code
|
|||
|
|
|||
|
};
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local
|
|||
|
IPv4 address):
|
|||
|
\layout Code
|
|||
|
|
|||
|
# ip -6 addr show eth0
|
|||
|
\layout Code
|
|||
|
|
|||
|
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
|
|||
|
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 2002:0102:0304
|
|||
|
\series bold
|
|||
|
:
|
|||
|
\series default
|
|||
|
f101:2e0:12ff:fe34:1234/64 scope global dynamic
|
|||
|
\layout Code
|
|||
|
|
|||
|
valid_lft 22sec preferred_lft 12sec
|
|||
|
\layout Code
|
|||
|
|
|||
|
inet6 fe80::2e0:12ff:fe34:1234/10 scope link
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Because a small lifetime was defined, such prefix will be thrown away quickly,
|
|||
|
if no related advertisement was received.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Debugging
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A program called
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
radvdump
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
can help you looking into sent or received advertisements.
|
|||
|
Simple to use:
|
|||
|
\layout Code
|
|||
|
|
|||
|
# radvdump
|
|||
|
\layout Code
|
|||
|
|
|||
|
Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255)
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvCurHopLimit: 64
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvManagedFlag: off
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvOtherConfigFlag: off
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvHomeAgentFlag: off
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvReachableTime: 0
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvRetransTimer: 0
|
|||
|
\layout Code
|
|||
|
|
|||
|
Prefix 2002:0102:0304:f101::/64
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvValidLifetime: 30
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvPreferredLifetime: 20
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvOnLink: off
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvAutonomous: on
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvRouterAddr: on
|
|||
|
\layout Code
|
|||
|
|
|||
|
Prefix 3ffe:ffff:100:f101::/64
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvValidLifetime: 2592000
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvPreferredLifetime: 604800
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvOnLink: on
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvAutonomous: on
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvRouterAddr: on
|
|||
|
\layout Code
|
|||
|
|
|||
|
AdvSourceLLAddress: 00 80 12 34 56 78
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Output shows you each advertisement package in readable format.
|
|||
|
You should see your configured values here again, if not, perhaps it's
|
|||
|
not your radvd which sends the advertisement...look for another router on
|
|||
|
the link (and take the LLAddress, which is the MAC address for tracing).
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{hints-daemons-tcpwrapper}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
tcp_wrapper
|
|||
|
\layout Standard
|
|||
|
|
|||
|
tcp_wrapper is a library which can help you to protect service against misuse.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Filtering capabilities
|
|||
|
\layout Standard
|
|||
|
|
|||
|
You can use tcp_wrapper for
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Filtering against source addresses (IPv4 or IPv6)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Filtering against users (requires a running ident daemon on the client)
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Which program uses tcp_wrapper
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Following are known:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Each service which is called by xinetd (if xinetd is compiled using tcp_wrapper
|
|||
|
library)
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
sshd (if compiled using tcp_wrapper)
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Usage
|
|||
|
\layout Standard
|
|||
|
|
|||
|
tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny.
|
|||
|
For more information see
|
|||
|
\layout Code
|
|||
|
|
|||
|
$ man hosts.all
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Example for /etc/hosts.allow
|
|||
|
\layout Standard
|
|||
|
|
|||
|
In this file, each service which should be positive filtered (means connects
|
|||
|
are accepted) need a line.
|
|||
|
\layout Code
|
|||
|
|
|||
|
sshd: 1.2.3.
|
|||
|
[3ffe:ffff:100:200::]/64
|
|||
|
\layout Code
|
|||
|
|
|||
|
daytime-stream: 1.2.3.
|
|||
|
[3ffe:ffff:100:200::]/64
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Example for /etc/hosts.deny
|
|||
|
\layout Standard
|
|||
|
|
|||
|
This file contains all negative filter entries and should normally deny
|
|||
|
the rest using
|
|||
|
\layout Code
|
|||
|
|
|||
|
ALL: ALL
|
|||
|
\layout Standard
|
|||
|
|
|||
|
If this node is a more sensible one you can replace the standard line above
|
|||
|
with this one, but this can cause a DoS attack (load of mailer and spool
|
|||
|
directory), if too many connects were made in short time.
|
|||
|
Perhaps a logwatch is better for such issues.
|
|||
|
\layout Code
|
|||
|
|
|||
|
ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`"
|
|||
|
\layout Code
|
|||
|
|
|||
|
| tee -a /var/log/tcp.deny.log | mail root@localhost)
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Logging
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Depending on the entry in the syslog daemon configuration file /etc/syslog.conf
|
|||
|
the tcp_wrapper logs normally into /var/log/secure.
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Refused connection
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A refused connection via IPv4 to an xinetd covered daytime service produces
|
|||
|
a line like following example
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> from=::ffff:1.2.3.4
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap
|
|||
|
\layout Code
|
|||
|
|
|||
|
from=3ffe:ffff:100:200::212:34ff:fe12:3456
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A refused connection via IPv4 to an dual-listen sshd produces a line like
|
|||
|
following example
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> (::ffff:1.2.3.4)
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:39:33 gate sshd[12345]: refused connect
|
|||
|
\layout Code
|
|||
|
|
|||
|
from 3ffe:ffff:100:200::212:34ff:fe12:3456
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> (3ffe:ffff:100:200::212:34ff:fe12:3456)
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Permitted connection
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A permitted connection via IPv4 to an xinetd covered daytime service produces
|
|||
|
a line like following example
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> from=::ffff:1.2.3.4
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0
|
|||
|
\layout Code
|
|||
|
|
|||
|
from=3ffe:ffff:100:200::212:34ff:fe12:3456
|
|||
|
\layout Standard
|
|||
|
|
|||
|
A permitted connection via IPv4 to an dual-listen sshd produces a line like
|
|||
|
following example
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4
|
|||
|
\layout Code
|
|||
|
|
|||
|
<EFBFBD> port 33381 ssh2
|
|||
|
\layout Code
|
|||
|
|
|||
|
Jan 2 20:42:19 gate sshd[12345]: Accepted password for user
|
|||
|
\layout Code
|
|||
|
|
|||
|
from 3ffe:ffff:100:200::212:34ff:fe12:3456 port 33380 ssh2
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
Programming (using API)
|
|||
|
\layout Standard
|
|||
|
|
|||
|
I have no experience in IPv6 programming, perhaps this chapter will be filled
|
|||
|
by others or moved away to another HOWTO.
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
Interoperability
|
|||
|
\layout Standard
|
|||
|
|
|||
|
There are some projects around the world which checks the interoperability
|
|||
|
of different operating systems regarding the implementation of IPv6 features.
|
|||
|
Here some URLs:
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[TAHI Project]{http://www.tahi.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More coming next...
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{chapter-information}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Further information and URLs
|
|||
|
\layout Section
|
|||
|
|
|||
|
Paper printed books
|
|||
|
\layout Standard
|
|||
|
|
|||
|
See following URL for more:
|
|||
|
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot / References]{http://www.switch.ch/lan/ipv6/references.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Section
|
|||
|
|
|||
|
Online information
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{information-joinipv6}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Join the IPv6 backbone
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Global registries
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
IPv6 test backbone:
|
|||
|
\begin_inset LatexCommand \url[6bone]{http://www.6bone.net/6bone_hookup.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
,
|
|||
|
\begin_inset LatexCommand \url[How to join 6bone]{http://www.6bone.net/6bone_hookup.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
America:
|
|||
|
\begin_inset LatexCommand \url[ARIN]{http://www.arin.net/regserv.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
EMEA:
|
|||
|
\begin_inset LatexCommand \url[RIPE]{http://www.ripe.net/ripencc/mem-services/registration/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Asia/Pacific:
|
|||
|
\begin_inset LatexCommand \url[APNIC]{http://www.apnic.net/drafts/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Tunnel brokers
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Freenet6]{http://www.freenet6.net/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, Canada
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Hurricane Electric]{http://ipv6tb.he.net/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, US backbone
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Centro Studi e Laboratory Telecomunicazioni]{https://carmen.cselt.it/ipv6tb/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, Italy
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Another more filled list of current tunnel brokers is available at
|
|||
|
\begin_inset LatexCommand \url[ipv6-net.org]{http://www.ipv6-net.de/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Latest news
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[hs247 IPv6 news and information]{http://hs247.com/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, also homepage for #ipv6 channel on EFnet
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[ipv6-net.org]{http://www.ipv6-net.de/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, German forum
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Protocol references
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Current IEFT drafts of IP Version 6 Working Group (ipv6)]{http://www.ietf.org/ids.by.wg/ipv6.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Network Sorcery / IPv6, Internet Protocol version 6]{http://www.networksorcery.com/enp/protocol/ipv6.htm}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, IPv6 protocol header
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot / References]{http://www.switch.ch/lan/ipv6/references.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
, big list of IPv6 references maintained by Simon Leinen
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
More information
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
Linux related
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[IPv6-HowTo for Linux by Peter Bieringer]{http://www.bieringer.de/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Germany, and his
|
|||
|
\begin_inset LatexCommand \url[Bieringer / IPv6 - software archive]{ftp://ftp.bieringer.de/pub/linux/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Linux+IPv6 status by Peter Bieringer]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Germany
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[USAGI project]{http://www.linux-ipv6.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Japan, and their
|
|||
|
\begin_inset LatexCommand \url[USAGI project - software archive]{ftp://ftp.linux-ipv6.org/pub/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[ Pekka Savola's Red Hat Linux related packages]{http://www.netcore.fi/pekkas/linux/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Finland
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Gav's Linux IPv6 Page]{http://www.bugfactory.org/~gav/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Project6 - IPv6 Networking For Linux]{http://project6.ferrara.linux.it/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Italy, and their
|
|||
|
\begin_inset LatexCommand \url[Project6 - software archive]{ftp://ftp.ferrara.linux.it/pub/project6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
General
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[IPv6.org]{http://www.ipv6.org/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[6bone]{http://www.6bone.net/6bone_hookup.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[UK IPv6 Resource Centre]{http://www.cs-ipv6.lancs.ac.uk/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- UK
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[JOIN: IPv6 information]{http://www.join.uni-muenster.de/JOIN/ipv6/texte-englisch/informationsquellen.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Germany, by the JOIN project team maintaining also
|
|||
|
\begin_inset LatexCommand \url[Links to external WWW pages comprising IPv6/IPng]{http://www.join.uni-muenster.de/JOIN/ipv6/texte-englisch/www.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[TIPSTER6 project]{http://tipster6.ik.bme.hu/tipster6_en.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Hungary,
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
Testing Experimental IPv6 Technology and Services in Hungary
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[WIDE project]{http://www.v6.wide.ad.jp/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Japan
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[KAME project]{http://www.kame.net/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Japan
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot]{http://www.switch.ch/lan/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Switzerland
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[IPv6 Corner of Hubert Feyrer]{http://www.feyrer.de/IPv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
- Germany
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout Subsubsection
|
|||
|
|
|||
|
In Portuguese
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[IPv6 pages of Miguel Rosa]{http://ipng.ip6.fc.ul.pt/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[FCCN (National Foundation for the Scientific Computation)]{http://www.rcts.pt/ipv6/ipb6.htm}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Grupo de Pesquisa em IPv6 do Brasil]{http://linuxgo.persogo.com.br/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[University of Algarve, Portugal]{http://www.ipv6.ualg.pt/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[IPv6 - MFA]{http://www.ipv6.mfa.eti.br/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{information-onlinetesttools}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Online test tools
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
finger, nslookup, ping, traceroute, whois:
|
|||
|
\begin_inset LatexCommand \url[tUK IPv6 Resource Centre / The test page]{http://www.cs-ipv6.lancs.ac.uk/ipv6/testing/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
ping, traceroute, tracepath, 6bone registry, DNS:
|
|||
|
\begin_inset LatexCommand \url[JOIN / Testtools]{http://www.join.uni-muenster.de/lab/testtools.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
(German language only, but should be no problem for non German speakers)
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{information-maillists}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Maillists
|
|||
|
\layout Standard
|
|||
|
|
|||
|
More to be filled later...suggestions are welcome!
|
|||
|
\layout SGML
|
|||
|
|
|||
|
<informaltable>
|
|||
|
\begin_inset Tabular
|
|||
|
<lyxtabular version="2" rows="7" columns="5">
|
|||
|
<features rotate="false" islongtable="false" endhead="0" endfirsthead="0" endfoot="0" endlastfoot="0">
|
|||
|
<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special="">
|
|||
|
<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special="">
|
|||
|
<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special="">
|
|||
|
<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special="">
|
|||
|
<column alignment="center" valignment="top" leftline="true" rightline="true" width="" special="">
|
|||
|
<row topline="true" bottomline="true" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Request e-mail address
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
What to subscribe
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Maillist e-mail address
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Language
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Access through WWW
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
<row topline="true" bottomline="false" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
majordomo (at) oss.sgi.com
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
netdev
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
netdev (at) oss.sgi.com
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
English
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Archive]{http://oss.sgi.com/projects/netdev/archive/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
<row topline="true" bottomline="false" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
majordomo (at) atlan.uni-muenster.de
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ipv6
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ipv6 (at) uni-muenster.de
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
German/English
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Info]{http://www.join.uni-muenster.de/JOIN/ipv6/texte-englisch/mailingliste.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
,
|
|||
|
\begin_inset LatexCommand \url[Archive]{http://www.join.uni-muenster.de/local/majordomo/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
<row topline="true" bottomline="false" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
majordomo (at) isi.edu
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
6bone
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
6bone (at) isi.edu
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
English
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Info]{http://www.6bone.net/6bone_email.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
,
|
|||
|
\begin_inset LatexCommand \url[Threaded archive]{http://ryouko.dgim.crc.ca/ipv6/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
,
|
|||
|
\begin_inset LatexCommand \url[Mirror of archive]{http://www.wcug.wwu.edu/lists/6bone/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
<row topline="true" bottomline="false" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
majordomo (at) sunroof.eng.sun.com
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ipng
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ipng (at) sunroof.eng.sun.com
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
English
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Info]{http://playground.sun.com/pub/ipng/html/instructions.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
,
|
|||
|
\begin_inset LatexCommand \url[Archive]{ftp://playground.sun.com/pub/ipng/mail-archive/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
,
|
|||
|
\begin_inset LatexCommand \url[Mirror of archive]{http://www.wcug.wwu.edu/lists/ipng/}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
<row topline="true" bottomline="false" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
majordomo (at) ipv6.org
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
users
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
users (at) ipv6.org
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
English
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Info]{http://www.ipv6.org/mailing-lists.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
<row topline="true" bottomline="true" newpage="false">
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
majordomo (at) mfa.eti.br
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ipv6
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
ipv6 (at) mfa.eti.br
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Portuguese
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special="">
|
|||
|
\begin_inset Text
|
|||
|
|
|||
|
\layout Standard
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \url[Info]{http://www.mfa.eti.br/listas.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\end_inset
|
|||
|
</cell>
|
|||
|
</row>
|
|||
|
</lyxtabular>
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
|
|||
|
\layout SGML
|
|||
|
|
|||
|
</informaltable>
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Another source is
|
|||
|
\begin_inset LatexCommand \url[JOIN Project / List of IPv6-related maillists]{http://www.join.uni-muenster.de/JOIN/ipv6/texte-englisch/ipv6.infoquellen.html}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
.
|
|||
|
\layout Chapter
|
|||
|
|
|||
|
The End / Revision history
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Thanks for reading.
|
|||
|
Hope it helps!
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{revision-history}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Revision history
|
|||
|
\layout Subsection
|
|||
|
|
|||
|
Releases 0.x
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.16 2002-01-19/PB: minor fixes, remove
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
bold
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
and
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
emphasize
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
formats on code lines, fix
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
too long unwrapped code lines
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
using selfmade utility, extend list of URLs.
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.15 2002-01-15/PB: fix bug in addresstype/anycast, move content related
|
|||
|
credits to end of document
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.14 2002-01-14/PB: Minor review at all, new chapter
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
debugging
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, review
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
addresses
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft,
|
|||
|
add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo,
|
|||
|
minor enhancements
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.13 2002-01-05/PB: Add example BIND9/host, move revision history to end
|
|||
|
of document, minor extensions
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.12 2002-01-03/PB: Merge review of David Ranch
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.11 2002-01-02/PB: Spell checking and merge review of Pekka Savola
|
|||
|
\layout Description
|
|||
|
|
|||
|
0.10 2002-01-02/PB: First public release of chapter 1
|
|||
|
\layout Section
|
|||
|
|
|||
|
|
|||
|
\begin_inset LatexCommand \label{content-related-credits}
|
|||
|
|
|||
|
\end_inset
|
|||
|
|
|||
|
Content related credits
|
|||
|
\layout Standard
|
|||
|
|
|||
|
Credits for fixes and hints are listed here, will grow sure in the future
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
S .P.
|
|||
|
Meenakshi <meena at cs dot iitm dot ernet dot in>: For a hint using a
|
|||
|
\begin_inset Quotes sld
|
|||
|
\end_inset
|
|||
|
|
|||
|
send mail
|
|||
|
\begin_inset Quotes srd
|
|||
|
\end_inset
|
|||
|
|
|||
|
shell program on tcp_wrapper/hosts.deny
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Georg K<>fer <gkaefer at salzburg dot co dot at>: For detection of no proper
|
|||
|
PDF creation (fixed now by LDP maintainer Greg Ferguson) and some suggestions
|
|||
|
\layout Itemize
|
|||
|
|
|||
|
Frank Dinies <FrankDinies at web dot de>: For a bugfix on IPv6 address explanati
|
|||
|
on
|
|||
|
\the_end
|