[ale] IPv6

Michael H. Warfield mhw at wittsend.com
Thu Feb 13 18:02:55 EST 2003


On Thu, Feb 13, 2003 at 01:04:13PM -0500, Robert L. Harris wrote:

> Anyone using IPv6 yet?  I'm poking at it for work and decided to install
> it at home as well.  So far it looks good.  Only gotcha I've got so far
> is "lynx localhost" on my webserver hangs up, likely a misconfiguration
> on my part, but also "lynx ::1" and "lynx http://:1" both kinda blow
> chunks..

	I've been on the global IPv6 almost a year now.  Main hold up
was waiting for IPv6 support in iptables.  Once it was there, so was I.
In a heart beat.

	I have a /48 prefix from FreeNET6 <http://www.freenet6.net>
which is on the 6Bone (3ffe::/16).  That's with a static configured
SIT (Simple Internet Transision / Six In Tunnel) tunnel.  Some carriers
already have v6 Internet (2001::/16) prefixes but I don't know how you
go about requesting them.  If you just want to experiment with a few
machines, 6to4 (2002::/16) works pretty good and you don't need any
support from your ISP or your supporting IPv4 network to run 6to4 prefix
IPv6.  All of it talks to each other pretty well.  If you want to test
out an IPv6 connection, you can try browsing to <http://www.ip6.wittsend.com>
which is an IPv6 only virtual host on my server.

	There are a few gotchas to watch out for but, over all, I was
amazed at just how easy it is to set up and IPv6 network (read that as
EASIER than IPv4).

	RedHat 7.x and up...

	Gotchas...

	If you want to do IPv6 native over PPP on RedHat...  The fools at
RedHat forgot to enable the IPv6 option in the build.  You have to rebuild
the PPP rpm with IPv6 enabled.

	Make sure you install the ip6tables package for firewalling!  If
not, 6to4 will totally bypass your IPv4 firewall rules!

	Sendmail, xinetd, ssh all support IPv6, no problem.  Bind supports
IPv6 with some tricky spots (but you probably don't want to run a name
server on IPv6 at this time, anyways).  TCP Wrappers supports IPv6.
Everything out of xinetd.d seems to behave real nice.

	Client side.  Mozilla supports it fine.  Telnet and ftp support
is good.  Nmap, no go.  Ssh is good.  Fetchmail is good with a weird
gotacha.  Fetchmail can talk to any IPv6 site that also has an IPv4
address even though it never touches the IPv4 address (it verifies the
host name first using IPv4).  It won't even try connecting to an IPv6
only site/name.

	You need Apache 2.0 to do IPv6.  But it works great.  Both http
and https.  2.0.44 latest.

	Cablemodem / DSL routers like Linksys, Netgear, and D-Link
do not seem to support IPv6, SIT, SIT passthrough, or 6to4.  If you
have one of those, you are probably not going to work unless you put
something in front of it.  Bitch at their support people.  I just heard
from Linksys that they don't support it but their "engineers are looking
at it".

	Reverse DNS lookups for IPv6 on 6Bone (as oppose to v6 Internet)
are not working at this time.  The old convention of {nibbles}.ip6.int
has been deprecated for {something}.ip6.arpa, corresponding to the
ip-addr.arpa for IPv4.  They haven't got the delegation for e.f.f.3.ip6.arpa
fixed yet for the 6bone.  Nothing seems to "break", it just can't reverse
your address to a name yet even if you do have your DNS setup right.

	If you are routing an entire IPv6 network (/48), the current IPv6
code in the Linux kernel ignores the default IPv6 route if IPv6 forwarding
is enabled.  This is supposedly to prevent site-local and link-local
address from propagating to the 6bone or v6 Internet.  Your routers
have to have either explicit routes for 2001::16 and 3ffe::/16 or, at
least, a "half default route" of ::/1 to route properly.  End nodes
obey default routes just fine and autoconfigure to your radvd process
on your routers just perfect.

	If you are doing 6to4, part of your IPv6 address is your IPv4
address.  The first 16 bits are 2002, followed by your 32 bit IPv4
address, followed by your 80 bits of local address.  6to4 knows how
to reach other 6to4 (2002::/16) addresses based on the IPv4 gateway
field.  That all works like magic.  The black magic is in reaching
other non-6to4 IPv6 addresses and that takes place thanks to an
"anycast" address of 192.88.99.1.  That address reaches the nearest
core gateway that knows how to reach the other prefixes.  Lots of
details in the file:	/etc/sysconfig/network-scripts/ifup-ipv6

	I've successfully tested 6to4 from both broadband modems and
through a DSL gateway, even though I've got a global prefix and don't
need it.

	Tunnelling IPv6 over PPP works pretty cool too.  :-)

> :>

> Robert

> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                     | PGP Key ID: E344DA3B
>                                          @ x-hkp://pgp.mit.edu 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

 PGP signature




More information about the Ale mailing list