LAN addresses in IPv6

[Robert Moskowitz]

Timothy Murphy wrote:
> I've been playing with ipv6,
> and can use it externally thanks to a tunnel from sixxs.net .
> But I'm puzzled about its use inside my home network.
>
> What are the ipv6 addresses of the machines on this LAN?
> Are they the ipv6 addresses given by "ifconfig -a"?
> Or are they modifications of the "local address" given me by sixxs?
>   

Here is an example of an IPv6 addr:

ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:1B:77:43:09:78
inet addr:208.83.67.155 Bcast:208.83.67.159 Mask:255.255.255.248
inet6 addr: 2607:f4b8:3:1:21b:77ff:fe43:978/64 Scope:Global
inet6 addr: fe80::21b:77ff:fe43:978/64 Scope:Link

I have real IPv6 connectivity through my ISP Clearrate that gets its 
allocation from Verizon. I have a /48 allocation.

Does sixxs.net give you a prefix allocation and you run RADVD yourself 
or do you get the router advertisements through the tunnel? The key is 
to look for Scope:Global.

> I should say that the question is theoretical at the moment,
> as I am running Centos-5.2 and shorewall on my server,
> and it seems I have to wait until shorewall6 comes along for Centos,
> which apparently needs a more recent kernel and iptables
> than currently running under Centos, according to
> <http://www.shorewall.net/IPv6Support.html>.
>   

And this won't happen until Centos 6. We are unlikely to get a kernel 
that meets the needs for shorewall6 with Centos 5.3, ever.

> But I'd like to be prepared for the happy day.
>   

Hold your breath. I am working with some FC9 and FC10 boxes to work with 
shorewall6. My plan is to work out the resulting IP6tables and copy 
those to Centos boxes. At least those rules that should work with the 
Centos kernel.

> I find that at present I can ping6 from any laptop to itself
> using the ipv6 address from ifconfig -a:
> -------------------------------------
> [tim at mary ~]$ ping6 -Ieth1 fe80::240:f4ff:fe4d:608a
> PING fe80::240:f4ff:fe4d:608a(fe80::240:f4ff:fe4d:608a) from 
> fe80::240:f4ff:fe4d:608a eth1: 56 data bytes
> 64 bytes from fe80::240:f4ff:fe4d:608a: icmp_seq=0 ttl=64 time=0.058 ms
> -------------------------------------
> But I cannot ping6 from one machine to another:
> -------------------------------------
> [tim at helen ~]$ ping6 -Ieth1 fe80::202:2dff:fe21:3c9
> PING fe80::202:2dff:fe21:3c9(fe80::202:2dff:fe21:3c9) from 
> fe80::240:f4ff:fe4d:608a eth1: 56 data bytes
> ping: sendmsg: Operation not permitted
> -------------------------------------
>
> I assume that shorewall is preventing this.
>   

Not shorewall, but perhaps ip6tables. Though there is a parameter in 
shorewall.conf to even allow ipv6 at all. You have to enable that.

> Incidentally, I didn't find any online documentation
> giving much help with IPv6 under Fedora and/or Centos;
> all the ipv6 documents seemed aimed at someone
> very different to myself.
>   

Join the crowd. I have a testbed that is strictly IPv6. No IPv4 except 
for lo's localloop. I run a duo stack host that provides services like 
DNS, NTP (still having acl problems with it), yum repos, and the like. I 
am working on an HTTPD proxy as well. Trying for a strictly IPv6 setup; 
it is hard to impossible.


For example, where is VNC for IPv6? You have to buy it from RealVNC, 
supposedly. The source for TightVNC for FC11 now has IPv6 for the client 
but still not the server. The developer indicated that this is NOT an 
easy mod.

Where is a SIP environment supporting IPv6? SIP Communicator is getting 
there, but still not right. I have not found any other SIPv6 client. 
Asterisk has only recently merged the IPv6 effort, and it has not 
migrated to Trixbox yet.

No IPv6 is still getting little attention. I recently filed a bug on 
FC10 that you cannot have only an IPv6 nameserver in /etc/resolv.conf, 
you need at least one IPv4 address, even if it is a dummy like 
127.0.0.1. This is supposedly in glibc, and no one was testing this 
until one of the testers helped me identify the problem so I could 
submit the bug.