mirror of https://github.com/tLDP/LDP
parent
febef49314
commit
7c1bedad3c
|
@ -330,8 +330,8 @@ Technical
|
|||
Original source of this HOWTO
|
||||
\layout Standard
|
||||
|
||||
This HOWTO is currently written with LyX version 1.1.6fix4 on a Red Hat Linux
|
||||
7.2 system with template SGML (DocBook book).
|
||||
This HOWTO is currently written with LyX version 1.2.0 on a Red Hat Linux
|
||||
7.3 system with template SGML (DocBook book).
|
||||
It's available on
|
||||
\begin_inset LatexCommand \url[LDP-CVS / users / Peter-Bieringer]{http://cvsview.linuxdoc.org/index.cgi/users/Peter-Bieringer/?cvsroot=Linuxdoc}
|
||||
|
||||
|
@ -390,7 +390,7 @@ sgmllyxtabletagfix.pl
|
|||
\begin_inset Quotes srd
|
||||
\end_inset
|
||||
|
||||
|
||||
(looks like fixed now in LyX 1.2.0)
|
||||
\layout Itemize
|
||||
|
||||
LyX sometimes uses special left/right entities for quotes instead the normal
|
||||
|
@ -896,25 +896,7 @@ As previously mentioned, IPv6 addresses are 128 bits long.
|
|||
|
||||
\layout Code
|
||||
|
||||
2
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
<superscript>
|
||||
\end_inset
|
||||
|
||||
128
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
</superscript>
|
||||
\layout Standard
|
||||
|
||||
\end_inset
|
||||
|
||||
-1: 340282366920938463463374607431768211455
|
||||
2^128-1: 340282366920938463463374607431768211455
|
||||
\layout Standard
|
||||
\align left
|
||||
Such numbers are not really addresses that can be memorized.
|
||||
|
@ -933,25 +915,7 @@ nibble
|
|||
This format reduces the length of the IPv6 address to 32 characters.
|
||||
\layout Code
|
||||
|
||||
2
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
<superscript>
|
||||
\end_inset
|
||||
|
||||
128
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
</superscript>
|
||||
\layout Standard
|
||||
|
||||
\end_inset
|
||||
|
||||
-1: 0xffffffffffffffffffffffffffffffff
|
||||
2^128-1: 0xffffffffffffffffffffffffffffffff
|
||||
\layout Standard
|
||||
\align left
|
||||
This representation is still not very convenient (possible mix-up or loss
|
||||
|
@ -965,25 +929,7 @@ This representation is still not very convenient (possible mix-up or loss
|
|||
removed:
|
||||
\layout Code
|
||||
|
||||
2
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
<superscript>
|
||||
\end_inset
|
||||
|
||||
128
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
</superscript>
|
||||
\layout Standard
|
||||
|
||||
\end_inset
|
||||
|
||||
-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
\layout Standard
|
||||
\align left
|
||||
A usable address (see address types later) is e.g.:
|
||||
|
@ -1473,7 +1419,7 @@ x
|
|||
)
|
||||
\layout Subsection
|
||||
|
||||
Global address type "Aggregatable global unicast"
|
||||
Global address type "(Aggregatable) global unicast"
|
||||
\layout Standard
|
||||
\align left
|
||||
Today, there is one global address type defined (the first design, called
|
||||
|
@ -1482,15 +1428,7 @@ Today, there is one global address type defined (the first design, called
|
|||
|
||||
\end_inset
|
||||
|
||||
, you will find some remains
|
||||
\begin_inset ERT
|
||||
status Collapsed
|
||||
|
||||
\layout Standard
|
||||
|
||||
\end_inset
|
||||
|
||||
in older Linux kernel sources).
|
||||
, you will find some remains in older Linux kernel sources).
|
||||
\layout Standard
|
||||
\align left
|
||||
It begins with (
|
||||
|
@ -1517,7 +1455,17 @@ xxx
|
|||
\emph default
|
||||
:
|
||||
\layout Standard
|
||||
\align left
|
||||
|
||||
Note: the prefix
|
||||
\begin_inset Quotes sld
|
||||
\end_inset
|
||||
|
||||
aggregatable
|
||||
\begin_inset Quotes srd
|
||||
\end_inset
|
||||
|
||||
is thrown away in current drafts.
|
||||
\newline
|
||||
There are some further subtypes defined, see below:
|
||||
\layout Subsubsection
|
||||
|
||||
|
@ -4651,7 +4599,7 @@ sysctl
|
|||
\begin_inset Quotes srd
|
||||
\end_inset
|
||||
|
||||
(recommended)
|
||||
|
||||
\layout Standard
|
||||
|
||||
Using the
|
||||
|
@ -4725,7 +4673,20 @@ Note: Don't use spaces around the
|
|||
\begin_inset Quotes srd
|
||||
\end_inset
|
||||
|
||||
on writing.
|
||||
on setting values.
|
||||
Also on multiple values per line, quote them like e.g.
|
||||
\layout Code
|
||||
|
||||
# sysctl -w net.ipv4.ip_local_port_range=
|
||||
\series bold
|
||||
"
|
||||
\series default
|
||||
32768 61000
|
||||
\series bold
|
||||
"
|
||||
\layout Code
|
||||
|
||||
net.ipv4.ip_local_port_range = 32768 61000
|
||||
\layout Subsubsection
|
||||
|
||||
Additionals
|
||||
|
@ -4843,7 +4804,7 @@ This enables global IPv6 forwarding between all interfaces.
|
|||
In IPv6 you can't control forwarding per device, forwarding control has
|
||||
to be done using IPv6-netfilter (controlled with ip6tables) rulesets and
|
||||
specify input and output devices (see
|
||||
\begin_inset LatexCommand \ref{firewalling-netfilter6}
|
||||
\begin_inset LatexCommand \ref[Firewalling/Netfilter6]{firewalling-netfilter6}
|
||||
|
||||
\end_inset
|
||||
|
||||
|
@ -4910,7 +4871,7 @@ Default: TRUE
|
|||
\layout Standard
|
||||
|
||||
Configure link-local addresses (see also
|
||||
\begin_inset LatexCommand \ref{chapter-addresstypes}
|
||||
\begin_inset LatexCommand \ref[Addresstypes]{chapter-addresstypes}
|
||||
|
||||
\end_inset
|
||||
|
||||
|
@ -5232,7 +5193,7 @@ cat
|
|||
\end_inset
|
||||
|
||||
.
|
||||
\layout Subsubsection
|
||||
\layout Subsection
|
||||
|
||||
if_inet6
|
||||
\layout Itemize
|
||||
|
@ -5365,13 +5326,13 @@ net/ipv6/route.c
|
|||
¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo
|
||||
\layout Code
|
||||
|
||||
+------------------------------+ +------+ +------+ +------+ +------+ ++
|
||||
¬ +------------------------------+ +------+ +------+ +------+ +------+ ++
|
||||
\layout Code
|
||||
|
||||
| | | | | |
|
||||
¬ | | | | | |
|
||||
\layout Code
|
||||
|
||||
5 6 7 8 9 10
|
||||
¬ 5 6 7 8 9 10
|
||||
\layout Enumerate
|
||||
|
||||
IPv6 destination network displayed in 32 hexadecimal chars without colons
|
||||
|
@ -5488,10 +5449,10 @@ Available netfilter6 tables
|
|||
|
||||
\end_inset
|
||||
|
||||
Netlink
|
||||
Netlink-Interface to kernel
|
||||
\layout Standard
|
||||
|
||||
To be filled...
|
||||
To be filled...I have no experience with that...
|
||||
\layout Chapter
|
||||
|
||||
|
||||
|
@ -6138,7 +6099,7 @@ In shown example, the used version is
|
|||
There is also a change-log available in the distributed tar-ball.
|
||||
\layout Subsection
|
||||
|
||||
Short hint for enabling IPv6 on current RHL 7.1, 7.2, ...
|
||||
Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...
|
||||
\layout Itemize
|
||||
|
||||
Check whether running system has already IPv6 module loaded
|
||||
|
@ -6189,13 +6150,16 @@ s-$version/sysconfig.txt.
|
|||
SuSE Linux
|
||||
\layout Standard
|
||||
|
||||
In newer versions there is a really rudimentary support available, see /etc/rc.co
|
||||
nfig for details.
|
||||
In newer 7.x versions there is a really rudimentary support available, see
|
||||
/etc/rc.config for details.
|
||||
\layout Standard
|
||||
|
||||
Because of the really different configuration and script file structure
|
||||
it is hard (or impossible) to use the set for Red Hat Linux and clones
|
||||
with this distribution.
|
||||
\newline
|
||||
In versions 8.x they completly change their configuration setup.
|
||||
|
||||
\layout Subsection
|
||||
|
||||
Further information
|
||||
|
@ -7216,14 +7180,14 @@ More to be filled...
|
|||
IPv6 security auditing
|
||||
\layout Standard
|
||||
|
||||
Currently there are no comfortable tools out which can check a system over
|
||||
network for IPv6 security issues.
|
||||
Currently there are no comfortable tools out which are able to check a system
|
||||
over network for IPv6 security issues.
|
||||
Neither
|
||||
\begin_inset LatexCommand \url[NMap]{http://www.insecure.org/nmap/}
|
||||
|
||||
\end_inset
|
||||
|
||||
, nor
|
||||
nor
|
||||
\begin_inset LatexCommand \url[Nessus]{http://www.nessus.org/}
|
||||
|
||||
\end_inset
|
||||
|
@ -7250,8 +7214,8 @@ With the IPv6-enabled netcat (see
|
|||
|
||||
\end_inset
|
||||
|
||||
for more) you can run a portscan by wrapping a script around and grab banners,
|
||||
and so on.
|
||||
for more) you can run a portscan by wrapping a script around which run
|
||||
through a port range, grab banners and so on.
|
||||
Usage example:
|
||||
\layout Code
|
||||
|
||||
|
@ -7302,7 +7266,7 @@ Audit results
|
|||
If the result of an audit mismatch your IPv6 security policy, use IPv6 firewalli
|
||||
ng to close the holes, e.g.
|
||||
using netfilter6 (see
|
||||
\begin_inset LatexCommand \ref{firewalling-netfilter6}
|
||||
\begin_inset LatexCommand \ref[Firewalling/Netfilter6]{firewalling-netfilter6}
|
||||
|
||||
\end_inset
|
||||
|
||||
|
|
Loading…
Reference in New Issue