[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LAN addresses in IPv6

Timothy Murphy wrote:
I've been playing with ipv6,
and can use it externally thanks to a tunnel from sixxs.net .
But I'm puzzled about its use inside my home network.

What are the ipv6 addresses of the machines on this LAN?
Are they the ipv6 addresses given by "ifconfig -a"?
Or are they modifications of the "local address" given me by sixxs?

Here is an example of an IPv6 addr:

ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:1B:77:43:09:78
inet addr: Bcast: Mask:
inet6 addr: 2607:f4b8:3:1:21b:77ff:fe43:978/64 Scope:Global
inet6 addr: fe80::21b:77ff:fe43:978/64 Scope:Link

I have real IPv6 connectivity through my ISP Clearrate that gets its allocation from Verizon. I have a /48 allocation.

Does sixxs.net give you a prefix allocation and you run RADVD yourself or do you get the router advertisements through the tunnel? The key is to look for Scope:Global.

I should say that the question is theoretical at the moment,
as I am running Centos-5.2 and shorewall on my server,
and it seems I have to wait until shorewall6 comes along for Centos,
which apparently needs a more recent kernel and iptables
than currently running under Centos, according to

And this won't happen until Centos 6. We are unlikely to get a kernel that meets the needs for shorewall6 with Centos 5.3, ever.

But I'd like to be prepared for the happy day.

Hold your breath. I am working with some FC9 and FC10 boxes to work with shorewall6. My plan is to work out the resulting IP6tables and copy those to Centos boxes. At least those rules that should work with the Centos kernel.

I find that at present I can ping6 from any laptop to itself
using the ipv6 address from ifconfig -a:
[tim mary ~]$ ping6 -Ieth1 fe80::240:f4ff:fe4d:608a
PING fe80::240:f4ff:fe4d:608a(fe80::240:f4ff:fe4d:608a) from fe80::240:f4ff:fe4d:608a eth1: 56 data bytes
64 bytes from fe80::240:f4ff:fe4d:608a: icmp_seq=0 ttl=64 time=0.058 ms
But I cannot ping6 from one machine to another:
[tim helen ~]$ ping6 -Ieth1 fe80::202:2dff:fe21:3c9
PING fe80::202:2dff:fe21:3c9(fe80::202:2dff:fe21:3c9) from fe80::240:f4ff:fe4d:608a eth1: 56 data bytes
ping: sendmsg: Operation not permitted

I assume that shorewall is preventing this.

Not shorewall, but perhaps ip6tables. Though there is a parameter in shorewall.conf to even allow ipv6 at all. You have to enable that.

Incidentally, I didn't find any online documentation
giving much help with IPv6 under Fedora and/or Centos;
all the ipv6 documents seemed aimed at someone
very different to myself.

Join the crowd. I have a testbed that is strictly IPv6. No IPv4 except for lo's localloop. I run a duo stack host that provides services like DNS, NTP (still having acl problems with it), yum repos, and the like. I am working on an HTTPD proxy as well. Trying for a strictly IPv6 setup; it is hard to impossible.

For example, where is VNC for IPv6? You have to buy it from RealVNC, supposedly. The source for TightVNC for FC11 now has IPv6 for the client but still not the server. The developer indicated that this is NOT an easy mod.

Where is a SIP environment supporting IPv6? SIP Communicator is getting there, but still not right. I have not found any other SIPv6 client. Asterisk has only recently merged the IPv6 effort, and it has not migrated to Trixbox yet.

No IPv6 is still getting little attention. I recently filed a bug on FC10 that you cannot have only an IPv6 nameserver in /etc/resolv.conf, you need at least one IPv4 address, even if it is a dummy like This is supposedly in glibc, and no one was testing this until one of the testers helped me identify the problem so I could submit the bug.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]