From 394db6d67137117a4930a96cd3df8f408122dba1 Mon Sep 17 00:00:00 2001 From: pbldp <> Date: Mon, 18 Nov 2002 19:28:36 +0000 Subject: [PATCH] Modified Files: Linux+IPv6-HOWTO.sgml : Fix broken RFC URLs --- LDP/howto/docbook/Linux+IPv6-HOWTO.sgml | 39 +++++++++++++------------ 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml b/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml index 3a5b88f6..4c051bd5 100644 --- a/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml +++ b/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml @@ -8,12 +8,12 @@ Peter Bieringer
pb (at) bieringer.de
+ Release 0.33 2002-11-18 PB See revision history for more Release 0.32 2002-11-03 PB See revision history for more Release 0.31 2002-09-29 PB See revision history for more - Release 0.30 2002-09-27 PB See revision history for more The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions about IPv6 on the Linux operating system. This HOWTO will provide the reader with enough information to install, configure, and use IPv6 applications on Linux machines. -GeneralCVS-ID: $Id: Linux+IPv6-HOWTO.lyx,v 1.35 2002/10/06 12:09:31 pbldp Exp $Information about available translations you will find in section Translations.Copyright, license and othersCopyrightWritten and Copyright (C) 2001-2002 by Peter Bieringer +GeneralCVS-ID: $Id: Linux+IPv6-HOWTO.lyx,v 1.37 2002/11/18 19:01:55 pbldp Exp $Information about available translations you will find in section Translations.Copyright, license and othersCopyrightWritten and Copyright (C) 2001-2002 by Peter Bieringer LicenseThis Linux IPv6 HOWTO is published under GNU GPL version 2: @@ -75,7 +75,7 @@ Linux operating system compatible hardwareSurely you wish to experiment with real hardware, and not only read this HOWTO to fall asleep here and there. :) -BasicsWhat is IPv6?IPv6 is a new layer 3 transport protocol (see linuxports/howto/intro_to_networking/ISO - OSI Model) which will supersede IPv4 (also known as IP). IPv4 was designed long time ago (RFC 760 from January 1980) and since its inception, there have been many requests for more addresses and enhanced capabilities. Major changes in IPv6 are the redesign of the header, including the increase of address size from 32 bits to 128 bits. Because layer 3 is responsible for end-to-end packet transport using packet routing based on addresses, it must include the new IPv6 addresses (source and destination), like IPv4.For more information about the IPv6 history take a look at older IPv6 related RFCs listed e.g. at SWITCH IPv6 Pilot / References. +BasicsWhat is IPv6?IPv6 is a new layer 3 transport protocol (see linuxports/howto/intro_to_networking/ISO - OSI Model) which will supersede IPv4 (also known as IP). IPv4 was designed long time ago (RFC 760 / Internet Protocol from January 1980) and since its inception, there have been many requests for more addresses and enhanced capabilities. Major changes in IPv6 are the redesign of the header, including the increase of address size from 32 bits to 128 bits. Because layer 3 is responsible for end-to-end packet transport using packet routing based on addresses, it must include the new IPv6 addresses (source and destination), like IPv4.For more information about the IPv6 history take a look at older IPv6 related RFCs listed e.g. at SWITCH IPv6 Pilot / References. History of IPv6 in LinuxTo-do: better time-line, more content...BeginningThe first IPv6 related network code was added to the Linux kernel 2.1.8 in November 1996 by Pedro Roque. It was based on the BSD API:One sequence of 16 bit blocks containing only zeroes can be replaced with "::". But not more than one at a time, otherwise it is no longer a unique representation. 3ffe:ffff:100:f101::1 ]]>The biggest reduction is seen by the IPv6 localhost address: ::1 -]]>There is also a so-called compact (base85 coded) representation defined RFC 1924 / A Compact Representation of IPv6 Addresses (written 1996), never seen in the wild, but here is an example: There is also a so-called compact (base85 coded) representation defined RFC 1924 / A Compact Representation of IPv6 Addresses (written 1996), never seen in the wild, but here is an example: J%s99FJXT ]]>
Info: ipv6calc is an IPv6 address format calculator and converter program and can be found here: ipv6calc
 -FAQ (Basics)Why is the name IPv6 and not IPv5 as successor for IPv4?On any IP header, the first 4 bits are reserved for protocol version. So theoretically a protocol number between 0 and 15 is possible:4: is already used for IPv45: is reserved for the Stream Protocol (STP, RFC 1819) (which never really made it to the public)The next free number was 6. Hence IPv6 was born! +FAQ (Basics)Why is the name IPv6 and not IPv5 as successor for IPv4?On any IP header, the first 4 bits are reserved for protocol version. So theoretically a protocol number between 0 and 15 is possible:4: is already used for IPv45: is reserved for the Stream Protocol (STP, RFC 1819 / Internet Stream Protocol Version 2) (which never really made it to the public)The next free number was 6. Hence IPv6 was born! IPv6 addresses: why such a high number of bits?During the design of IPv4, people thought that 32 bits were enough for the world. Looking back into the past, 32 bits were enough until now and will perhaps be enough for another few years. However, 32 bits are not enough to provide each network device with a global address in the future. Think about mobile phones, cars (including electronic devices on its CAN-bus), toasters, refrigerators, light switches, and so on...So designers have chosen 128 bits, 4 times more in length and 2^96 greater in size than in IPv4 today.The usable size is smaller than it may appear however. This is because in the currently defined address schema, 64 bits are used for interface identifiers. The other 64 bits are used for routing. Assuming the current strict levels of aggregation (/48, /35, ...), it is still possible to "run out" of space, but hopefully not in the near future. IPv6 addresses: why so small a number of bits on a new design?While, there are (possibly) some people on the Internet who are thinking about IPv8 and IPv16, their design is far away from acceptance and implementation. In the meantime 128 bits was the best choice regarding header overhead and data transport. Consider the minimum Maximum Transfer Unit (MTU) in IPv4 (576 octets) and in IPv6 (1280 octets), the header length in IPv4 is 20 octets (minimum, can increase to 60 octets with IPv4 options) and in IPv6 is 48 octets (fixed). This is 3.4 % of MTU in IPv4 and 3.8 % of MTU in IPv6. This means the header overhead is almost equal. More bits for addresses would require bigger headers and therefore more overhead. Also, consider the maximum MTU on normal links (like Ethernet today): it's 1500 octets (in special cases: 9k octets using Jumbo frames). Ultimately, it wouldn't be a proper design if 10 % or 20 % of transported data in a Layer-3 packet were used for addresses and not for payload. @@ -127,18 +127,18 @@ BTW: a good URL for displaying a given IPv6 address in detail is the These addresses are also used by automatic tunneling, which is being replaced by 6to4 tunneling. -Network part, also known as prefixDesigners defined some address types and left a lot of scope for future definitions as currently unknown requirements arise. RFC 2373 [July 1998] / IP Version 6 Addressing Architecture defines the current addressing scheme but there is already a new draft available: draft-ietf-ipngwg-addr-arch-*.txt.Now lets take a look at the different types of prefixes (and therefore address types):Link local address typeThese are special addresses which will only be valid on a link of an interface. Using this address as destination the packet would never pass through a router. It's used for link communications such as:anyone else here on this link?anyone here with a special address (e.g. looking for a router)?They begin with ( where "x" is any hex character, normally "0")Network part, also known as prefixDesigners defined some address types and left a lot of scope for future definitions as currently unknown requirements arise. RFC 2373 [July 1998] / IP Version 6 Addressing Architecture defines the current addressing scheme but there is already a new draft available: draft-ietf-ipngwg-addr-arch-*.txt.Now lets take a look at the different types of prefixes (and therefore address types):Link local address typeThese are special addresses which will only be valid on a link of an interface. Using this address as destination the packet would never pass through a router. It's used for link communications such as:anyone else here on this link?anyone here with a special address (e.g. looking for a router)?They begin with ( where "x" is any hex character, normally "0")An address with this prefix is found on each IPv6-enabled interface after stateless auto-configuration (which is normally always the case).Note: only fe80 is currently in use. -Site local address typeThese are addresses similar to the RFC 1918 / Address Allocation for Private Internets in IPv4 today, with the added advantage that everyone who use this address type has the capability to use the given 16 bits for a maximum number of 65536 subnets. Comparable with the 10.0.0.0/8 in IPv4 today.Another advantage: because it's possible to assign more than one address to an interface with IPv6, you can also assign such a site local address in addition to a global one.It begins with: Site local address typeThese are addresses similar to the RFC 1918 / Address Allocation for Private Internets in IPv4 today, with the added advantage that everyone who use this address type has the capability to use the given 16 bits for a maximum number of 65536 subnets. Comparable with the 10.0.0.0/8 in IPv4 today.Another advantage: because it's possible to assign more than one address to an interface with IPv6, you can also assign such a site local address in addition to a global one.It begins with: (where "x" is any hex character, normally "0") -Global address type "(Aggregatable) global unicast"Today, there is one global address type defined (the first design, called "provider based," was thrown away some years ago RFC 1884 / IP Version 6 Addressing Architecture [obsolete], you will find some remains in older Linux kernel sources).It begins with (x are hex characters)Global address type "(Aggregatable) global unicast"Today, there is one global address type defined (the first design, called "provider based," was thrown away some years ago RFC 1884 / IP Version 6 Addressing Architecture [obsolete], you will find some remains in older Linux kernel sources).It begins with (x are hex characters)Note: the prefix "aggregatable" is thrown away in current drafts. There are some further subtypes defined, see below:6bone test addressesThese were the first global addresses which were defined and in use. They all start with 6bone te ]]></programlisting><para>and is mostly shown in examples, because if real addresses are shown, its possible for someone to do a copy & paste to their configuration files. Thus inadvertently causing duplicates on a globally unique address. This would cause serious problems for the original host (e.g. getting answer packets for request that were never sent). You can still apply for one of these prefixes, see here <ulink url="http://www.6bone.net/6bone_hookup.html">How to join 6bone</ulink>. Also some <link linkend="information-joinipv6-tunnelbrokers">tunnel brokers</link> still distribute 6bone test address prefixes.</para></sect3> -<sect3><title>6to4 addressesThese addresses, designed for a special tunneling mechanism [RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds and RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers], encode a given IPv4 address and a possible subnet and begin with 6to4 addressesThese addresses, designed for a special tunneling mechanism [RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds and RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers], encode a given IPv4 address and a possible subnet and begin with For example, representing 192.168.1.1/5:A small shell command line can help you generating such address out of a given IPv4 one:See also tunneling using 6to4 and information about 6to4 relay routers. @@ -156,7 +156,7 @@ You can still apply for one of these prefixes, see here RFC 2373 / IP Version 6 Addressing Architecture for details). Some examples are:All Nodes Address: ID = 1h, addresses all hosts on the local node (ff01:0:0:0:0:0:0:1) or the connected link (ff02:0:0:0:0:0:0:1).All Routers Address: ID = 2h, addresses all routers on the local node (ff01:0:0:0:0:0:0:2), on the connected link (ff02:0:0:0:0:0:0:2), or on the local site (ff05:0:0:0:0:0:0:2) +Multicast typesThere are many types already defined/reserved (see RFC 2373 / IP Version 6 Addressing Architecture for details). Some examples are:All Nodes Address: ID = 1h, addresses all hosts on the local node (ff01:0:0:0:0:0:0:1) or the connected link (ff02:0:0:0:0:0:0:1).All Routers Address: ID = 2h, addresses all routers on the local node (ff01:0:0:0:0:0:0:2), on the connected link (ff02:0:0:0:0:0:0:2), or on the local site (ff05:0:0:0:0:0:0:2) Solicited node link-local multicast addressSpecial multicast address used as destination address in neighborhood discovery, because unlike in IPv4, ARP no longer exists in IPv6.An example of this address looks likeUsed prefix shows that this is a link-local multicast address. The suffix is generated from the destination address. In this example, a packet should be sent to address "fe80::1234", but the network stack doesn't know the current layer 2 MAC address. It replaces the upper 104 bits with "ff02:0:0:0:0:1:ff00::/104" and leaves the lower 24 bits untouched. This address is now used `on-link' to find the corresponding node which has to send a reply containing its layer 2 MAC address. @@ -168,12 +168,12 @@ You can still apply for one of these prefixes, see here IEEE-Tutorial EUI-64 design for EUI-48 identifiers.Privacy problem with automatically computed and solutionBecause the "automatically computed" host part is globally unique (except when a vendor of a NIC uses the same MAC address on more than one NIC), client tracking is possible on the host when not using a proxy of any kind.This is a known problem, and a solution was defined: privacy extension, defined in RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (there is also already a newer draft available: draft-ietf-ipngwg-temp-addresses-*.txt). Using a random and a static value a new suffix is generated from time to time. Note: this is only reasonable for outgoing client connections and isn't really useful for well-known servers. +]]>using the IEEE-Tutorial EUI-64 design for EUI-48 identifiers.Privacy problem with automatically computed and solutionBecause the "automatically computed" host part is globally unique (except when a vendor of a NIC uses the same MAC address on more than one NIC), client tracking is possible on the host when not using a proxy of any kind.This is a known problem, and a solution was defined: privacy extension, defined in RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (there is also already a newer draft available: draft-ietf-ipngwg-temp-addresses-*.txt). Using a random and a static value a new suffix is generated from time to time. Note: this is only reasonable for outgoing client connections and isn't really useful for well-known servers. Manually setFor servers it's probably easier to remember simpler addresses, this can also be accommodated. It is possible to assign an additional IPv6 address to an interface, e.g. For manual suffixes like "::1" shown in the above example it's required that the 6th most significant bit is set to 0 (the universal/local bit of the automatically generated identifier). Also some other (otherwise unchosen ) bit combinations are reserved for anycast addresses, too. -Prefix lengths for routingIn the early design phase it was planned to use a fully hierarchical routing approach to reduce the size of the routing tables maximally. The reasoning behind this approach were the number of current IPv4 routing entries in core routers (> 104 thousand in May 2001), reducing the need of memory in hardware routers (ASIC driven) to hold the routing table and increase speed (fewer entries hopefully result in faster lookups).Todays view is that routing will be mostly hierarchically designed for networks with only one service provider. With more than one ISP connections, this is not possible, and subject to an issue named multi-homing.Prefix lengths (also known as "netmasks")Similar to IPv4, the routable network path for routing to take place. Because standard netmask notation for 128 bits doesn't look nice, designers employed the IPv4 Classless Inter Domain Routing (CIDR, RFC 1519 / Classless Inter-Domain Routing) scheme, which specifies the number of bits of the IP address to be used for routing. It is also called the "slash" notation.An example: Prefix lengths for routingIn the early design phase it was planned to use a fully hierarchical routing approach to reduce the size of the routing tables maximally. The reasoning behind this approach were the number of current IPv4 routing entries in core routers (> 104 thousand in May 2001), reducing the need of memory in hardware routers (ASIC driven) to hold the routing table and increase speed (fewer entries hopefully result in faster lookups).Todays view is that routing will be mostly hierarchically designed for networks with only one service provider. With more than one ISP connections, this is not possible, and subject to an issue named multi-homing.Prefix lengths (also known as "netmasks")Similar to IPv4, the routable network path for routing to take place. Because standard netmask notation for 128 bits doesn't look nice, designers employed the IPv4 Classless Inter Domain Routing (CIDR, RFC 1519 / Classless Inter-Domain Routing) scheme, which specifies the number of bits of the IP address to be used for routing. It is also called the "slash" notation.An example: This notation will be expanded:Network: Net-mask: @@ -196,7 +196,7 @@ You can still apply for one of these prefixes, see here IPv6+Linux-Status-DistributionCompile a new vanilla kernel (easy, if you know which options you needed)Recompile kernel sources given by your Linux distribution (sometimes not so easy)Compile a kernel with USAGI extensionsIf you decide to compile a kernel, you should have previous experience in kernel compiling and read the Linux Kernel HOWTO.A mostly up-to-time comparison between vanilla and USAGI extended kernels is available on IPv6+Linux-Status-Kernel.Compiling a vanilla kernelMore detailed hints about compiling an IPv6-enabled kernel can be found e.g. on IPv6-HOWTO-2#kernel.Note: you should use whenever possible kernel series 2.4.x or above, because the IPv6 support in series 2.2.x is not so in current state and needs some patches for ICMPv6 and 6to4 support (can be found on kernel series 2.2.x IPv6 patches). Compiling a kernel with USAGI extensionsSame as for vanilla kernel, only recommend for advanced users, which are already familiar with IPv6 and kernel compilation. See also USAGI project / FAQ. -IPv6-ready network devicesNot all existing network devices have already (or ever) the capability to transport IPv6 packets. A current status can be found at IPv6+Linux-status-kernel.html#transport.A major issue is that because of the network layer structure of kernel implementation an IPv6 packet isn't really recognized by it's IP header number (6 instead of 4). It's recognized by the protocol number of the Layer 2 transport protocol. Therefore any transport protocol which doesn't use such protocol number cannot dispatch IPv6 packets. Note: the packet is still transported over the link, but on receivers side, the dispatching won't work (you can see this e.g. using tcpdump).Currently known never "IPv6 capable links"Serial Line IP (SLIP, RFC 1055), should be better called now to SLIPv4, device named: slXParallel Line IP (PLIP), same like SLIP, device names: plipXISDN with encapsulation rawip, device names: isdnX +IPv6-ready network devicesNot all existing network devices have already (or ever) the capability to transport IPv6 packets. A current status can be found at IPv6+Linux-status-kernel.html#transport.A major issue is that because of the network layer structure of kernel implementation an IPv6 packet isn't really recognized by it's IP header number (6 instead of 4). It's recognized by the protocol number of the Layer 2 transport protocol. Therefore any transport protocol which doesn't use such protocol number cannot dispatch IPv6 packets. Note: the packet is still transported over the link, but on receivers side, the dispatching won't work (you can see this e.g. using tcpdump).Currently known never "IPv6 capable links"Serial Line IP (SLIP, RFC 1055 / SLIP), should be better called now to SLIPv4, device named: slXParallel Line IP (PLIP), same like SLIP, device names: plipXISDN with encapsulation rawip, device names: isdnX Currently known "not supported IPv6 capable links"ISDN with encapsulation syncppp, device names: ipppX (design issue of the ipppd, will be merged into more general PPP layer in kernel series 2.5.x) @@ -450,9 +450,9 @@ You can still apply for one of these prefixes, see here Configuring IPv6-in-IPv4 tunnelsIf you want to leave your link you have no IPv6 capable network around you, you need IPv6-in-IPv4 tunneling to reach the World Wide IPv6-Internet.There are some kind of tunnel mechanism and also some possibilities to setup tunnels.Types of tunnelsThere are more than one possibility to tunnel IPv6 packets over IPv4-only links.Static point-to-point tunneling: 6boneA point-to-point tunnel is a dedicated tunnel to an endpoint, which knows about your IPv6 network (for backward routing) and the IPv4 address of your tunnel endpoint and defined in RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers. Requirements:IPv4 address of your local tunnel endpoint must be static, global unique and reachable from the foreign tunnel endpointA global IPv6 prefix assigned to you (see 6bone registry)A foreign tunnel endpoint which is capable to route your IPv6 prefix to your local tunnel endpoint (mostly remote manual configuration required) +Configuring IPv6-in-IPv4 tunnelsIf you want to leave your link you have no IPv6 capable network around you, you need IPv6-in-IPv4 tunneling to reach the World Wide IPv6-Internet.There are some kind of tunnel mechanism and also some possibilities to setup tunnels.Types of tunnelsThere are more than one possibility to tunnel IPv6 packets over IPv4-only links.Static point-to-point tunneling: 6boneA point-to-point tunnel is a dedicated tunnel to an endpoint, which knows about your IPv6 network (for backward routing) and the IPv4 address of your tunnel endpoint and defined in RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers. Requirements:IPv4 address of your local tunnel endpoint must be static, global unique and reachable from the foreign tunnel endpointA global IPv6 prefix assigned to you (see 6bone registry)A foreign tunnel endpoint which is capable to route your IPv6 prefix to your local tunnel endpoint (mostly remote manual configuration required) Automatically tunnelingAutomatic tunneling occurs, when a node directly connects another node gotten the IPv4 address of the other node before. -6to4-Tunneling6to4 tunneling (RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds) uses a simple mechanism to create automatic tunnels. Each node with a global unique IPv4 address is able to be a 6to4 tunnel endpoint (if no IPv4 firewall prohibits traffic). 6to4 tunneling is mostly not a one-to-one tunnel. This case of tunneling can be divided into upstream and downstream tunneling. Also, a special IPv6 address indicates that this node will use 6to4 tunneling for connecting the world-wide IPv6 networkGeneration of 6to4 prefixThe 6to4 address is defined like following (schema is taken from RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds):6to4-Tunneling6to4 tunneling (RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds) uses a simple mechanism to create automatic tunnels. Each node with a global unique IPv4 address is able to be a 6to4 tunnel endpoint (if no IPv4 firewall prohibits traffic). 6to4 tunneling is mostly not a one-to-one tunnel. This case of tunneling can be divided into upstream and downstream tunneling. Also, a special IPv6 address indicates that this node will use 6to4 tunneling for connecting the world-wide IPv6 networkGeneration of 6to4 prefixThe 6to4 address is defined like following (schema is taken from RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds): -Configuring IPv4-in-IPv6 tunnelsThis will be filled in the future. At the moment, such tunnels are more used in test environments.More information in the meantime: RFC 2473 / Generic Packet Tunneling in IPv6 Specification +Configuring IPv4-in-IPv6 tunnelsThis will be filled in the future. At the moment, such tunnels are more used in test environments.More information in the meantime: RFC 2473 / Generic Packet Tunneling in IPv6 Specification <anchor id="proc-filesystem">Kernel settings in /proc-filesystemNote: the source of this section is mostly the file "ip-sysctl.txt" which is included in current kernel sources in directory "Documentation/networking". Credits to Pekka Savola for maintaining the IPv6-related part in this file. Also some text is more or less copied & pasted into this document.How to access the /proc-filesystemUsing "cat" and "echo"Using "cat" and "echo" is the simplest way to access the /proc filesystem, but two requirements are needed for thatThe /proc-filesystem had to be enabled in kernel, means on compiling following switch has to be setThe /proc-filesystem was mounted before, which can be tested using< Dynamic Host Configuration Protocol v6 (DHCPv6)to be filled. Mobilityto be filled.For the moment, see Mobile IPv6 for Linux(MIPL) homepage for more details -FirewallingIPv6 firewalling is important, especially if using IPv6 on internal networks with global IPv6 addresses. Because unlike at IPv4 networks where in common internal hosts are protected automatically using private IPv4 addresses like RFC 1918 / Address Allocation for Private Internets or APIPA / Automatic Private IP Addressing, in IPv6 normally global addresses are used and someone with IPv6 connectivity can reach all internal IPv6 enabled nodes.Firewalling using netfilter6 Native IPv6 firewalling is only supported in kernel versions 2.4+. In older 2.2- you can only filter IPv6-in-IPv4 by protocol 41. Attention: no warranty that described rules or examples are really protect your system! Audit your ruleset after installation, see for more.More informationNetfilter projectmaillist archive of netfilter usersmaillist archive of netfilter developersUnofficial status informations +FirewallingIPv6 firewalling is important, especially if using IPv6 on internal networks with global IPv6 addresses. Because unlike at IPv4 networks where in common internal hosts are protected automatically using private IPv4 addresses like RFC 1918 / Address Allocation for Private Internets or APIPA / Automatic Private IP Addressing, in IPv6 normally global addresses are used and someone with IPv6 connectivity can reach all internal IPv6 enabled nodes.Firewalling using netfilter6 Native IPv6 firewalling is only supported in kernel versions 2.4+. In older 2.2- you can only filter IPv6-in-IPv4 by protocol 41. Attention: no warranty that described rules or examples are really protect your system! Audit your ruleset after installation, see for more.More informationNetfilter projectmaillist archive of netfilter usersmaillist archive of netfilter developersUnofficial status informations PreparationGet sourcesGet the latest kernel source: http://www.kernel.org/Get the latest iptables package: Source tarball (for kernel patches): http://www.netfilter.org/Source RPM for rebuild of binary (for RedHat systems): ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/ or perhaps also at http://www.netcore.fi/pekkas/linux/ipv6/ Extract sourcesChange to source directory: Notify source address Notify source address is used for outgoing notify messages: [port port]; ]]> -Serving IPv6 related DNS dataFor IPv6 new types and root zones for reverse lookups are defined:AAAA and reverse IP6.INT: specified in RFC 1886 / DNS Extensions to support IP version 6, usable since BIND version 4.9.6A6, DNAME (DEPRICATED NOW!) and reverse IP6.ARPA: specified in RFC 2874 / DNS Extensions to Support IPv6 Address Aggregation and Renumbering, usable since BIND 9, but see also an information about the current state at draft-ietf-dnsext-ipv6-addresses-00.txtPerhaps filled later more content, for the meantime take a look at given RFCs andAAAA and reverse IP6.INT: IPv6 DNS Setup InformationA6, DNAME (DEPRICATED NOW!) and reverse IP6.ARPA: take a look into chapter 4 and 6 of the BIND 9 Administrator Reference Manual (ARM) distributed which the bind-package or get this here: BIND version 9 ARM (PDF)Because IP6.INT is deprecated (but still in use), a DNS server which will support IPv6 information has to serve both reverse zones.Current best practiceBecause there are some troubles around using the new formats, current best practice is:Forward lookup support:AAAAReverse lookup support:Reverse nibble format for zone ip6.int (FOR BACKWARD COMPATIBILITY)Reverse nibble format for zone ip6.arpa (RECOMMENDED) +Serving IPv6 related DNS dataFor IPv6 new types and root zones for reverse lookups are defined:AAAA and reverse IP6.INT: specified in RFC 1886 / DNS Extensions to support IP version 6, usable since BIND version 4.9.6A6, DNAME (DEPRICATED NOW!) and reverse IP6.ARPA: specified in RFC 2874 / DNS Extensions to Support IPv6 Address Aggregation and Renumbering, usable since BIND 9, but see also an information about the current state at draft-ietf-dnsext-ipv6-addresses-00.txtPerhaps filled later more content, for the meantime take a look at given RFCs andAAAA and reverse IP6.INT: IPv6 DNS Setup InformationA6, DNAME (DEPRICATED NOW!) and reverse IP6.ARPA: take a look into chapter 4 and 6 of the BIND 9 Administrator Reference Manual (ARM) distributed which the bind-package or get this here: BIND version 9 ARM (PDF)Because IP6.INT is deprecated (but still in use), a DNS server which will support IPv6 information has to serve both reverse zones.Current best practiceBecause there are some troubles around using the new formats, current best practice is:Forward lookup support:AAAAReverse lookup support:Reverse nibble format for zone ip6.int (FOR BACKWARD COMPATIBILITY)Reverse nibble format for zone ip6.arpa (RECOMMENDED) Checking IPv6-enabled connectTo check, whether BIND is listening on an IPv6 socket and serving data see following examples.IPv6 connect, but denied by ACLSpecifying a dedicated server for the query, an IPv6 connect can be forced: (1) recommended for common Linux & IPv6 issues.(2) very recommended if you provide server applications.Something missing? Suggestions are welcome!Another list is available at JOIN Project / List of IPv6-related maillists. -Revision history / Credits / The EndRevision historyVersions x.y are published on the Internet.Versions x.y.z are work-in-progress and only published as LyX file on CVS.Releases 0.x0.32 +Revision history / Credits / The EndRevision historyVersions x.y are published on the Internet.Versions x.y.z are work-in-progress and only published as LyX file on CVS.Releases 0.x0.33 +2002-11-18/PB: Fix broken RFC-URLs0.32 2002-11-03/PB: Add information about Chinese translation0.31.1 2002-10-06/PB: Add another maillist0.31 2002-09-29/PB: Extend information in proc-filesystem entries0.30