====== ipv6 ====== prefix length is first 64 bits VT is 2001:468:c80::/48 Global is 2000::/3 IPv6to4 is 2002::/16 IPv6to4 for VT is 2002:80ad::/32 2002:c652::/32 if these 2002 addresses appear, it could cause it to search 40 hops away. Turn off IPv6to4 Link LocalL fe80::/10 Multicast: ff00:/8 All node Multicast: ff01:: Multicast on link local ff02:: loopback ::1 [[http://rdweb.cns.vt.edu/wiki]] [[http://www.sixxs.net]] Good firefox plugin: showIP [[http://www.kame.net]] [[http://ipv6.vt.edu]] host.dept.ip6.vt.edu -> AAAA host.dept.vt.edu -> A host4.dept.vt.edu used for ip4 addresses only === Common problems === 2002:... addresses are for IPv6to4 gateways If only fe80::, maybe router discovery is off ==== SixXS Subnet ==== [[http://www.ipv4.sixxs.net/wiki/Installing_a_Subnet]] independence ~ # cat /etc/radvd.conf interface eth0 { AdvSendAdvert on; prefix 2001:4978:215::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; }; for independence: ip addr add 2001:4978:215::1/64 dev eth0 /etc/init.d/radvd start Hostname: uschi02.sixxs.net This PoP provides tunnels from the following prefixes: * 2001:4978:f::/48 of size /64 Subnets are allocated out of: * 2001:4978:100::/40 of size /48 * 2001:4978:200::/40 of size /48 address for independence as reported by ssh login from independence to riccioli: cl-734.chi-02.us.sixxs.net for thinkpad-steve as reported by ssh login to riccioli: 2001:4978:215:0:218:deff:fe4b:2569 sixxs 2001:4978:f:2dd::1 gw-734.chi-02.us.sixxs.net independence sixxs external 2001:4978:f:2dd::2 cl-734.chi-02.us.sixxs.net independence eth0 internal 2001:4978:215::1 thinkpad wlan0 2001:4978:215:0:218:deff:fe4b:2569 bacchus 2001:468:c80:610c:230:48ff:fe8f:77dd/64 chernabog.cc.ipv6.vt.edu 2001:0468:0c80:2105:0000:025e:42da:ffc7 (tried to connect using SPT=80) inbound.smtp.vt.edu 2001:468:c80:2106:0:240:5040:1614 hephaistos 2001:468:c80:610c:24f:4eff:fe0f:fd4a/64 ==== crash course ==== http://www.linux.com/learn/tutorials/428331-ipv6-crash-course-for-linux === discover link local addresses === ff02::1 is short for ff02:0:0:0:0:0:0:1, which is a special link-local multicast address for discovering all link-local hosts $ ping6 -c4 -I eth0 ff02::1 === IPv6 neighbor table === ip -6 neigh show nud reachable means the network unreachability detection status is reachable === Ping the addresses === ping6 -c4 -I eth0 fe80::(rest of address) /etc/hosts file of each PC: fe80::20b:6aff:feef:7e8d fatfreddy fe80::221:97ff:feed:ef01 phineas fe80::3f1:4baf:a7dd:ba4f franklin Now you can ping6 by hostname: $ ping6 -I eth0 phineas This is how you establish an SSH session: ssh phineas@fe80::221:97ff:feed:ef01%eth0 Again, you must specify the network interface name on your PC, and you must do it as shown, appended with a percent sign and no spaces. scp has its own fiendish syntax quirks: $ scp test.txt phineas@\[fe80::221:97ff:feed:ef01%eth0\]: phineas@fe80::221:97ff:feed: ef01%eth0's password: test.txt 100% 19 0.0KB/s 00:00 The IPv6 address must be enclosed in square braces, including the interface name, and the braces must be escaped. Let's fake one up for practice and assign it to a network interface: # ip -6 addr add 2001::1/64 dev eth0 Now let's check our work: $ ifconfig eth0 |grep "inet6 addr:" inet6 addr: 2001::1/64 Scope:Global inet6 addr: fe80::20b:6aff:feef:7e8d/64 Scope:Link If you need to remove it, use the del command with the ip utility: # ip -6 addr del 2001::1/64 dev eth0 ==== ==== http://www.linux.com/learn/tutorials/432537-another-ipv6-crash-course-for-linux-real-ipv6-addresses-routing-name-service === === these iptables rule block all IPv6 traffic from entering or leaving your LAN: ip6tables -P output drop ip6tables -p input drop ip6tables -p forward drop 2001:db8:0000:0000:0000:0000:0000:0001 _____________|____|___________________ network ID subnet interface ID === Routing (quoted directly from the article) === Your router must support IPv6, of course. If you're using a Linux PC as your test machine you're in business. First start IPv6 forwarding: # sysctl -w net.ipv6.conf.all.forwarding=1 Verify forwarding is enabled: # cat /proc/sys/net/ipv6/conf/eth0/forwarding 1 A return value of 1 means it is enabled, 0 means it is not. Now install radvd, the router advertiser daemon. Then create /etc/radvd.conf with this simple configuration: interface eth0 { AdvSendAdvert on; prefix 2001:db8::/64 { }; }; Copy it exactly, changing only the interface name if necessary. Now create an IPv6 address on your router, or PC acting as your router, and set an IPv6 route: # ip address add 2001:db8::1a/64 dev eth0 # ip route add 2001:db8::/64 dev eth0 Check your work by running ifconfig and ip -6 route show. Your ip output should look similar to this: 2001:db8::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 2001:db8::/64 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 Finally, start up the radvd daemon: # etc/init.d/radvd start You should now be able to ping the router from another PC. Note that unlike our link-local addresses, we don't need to specify the network interface: $ ping6 2001:0db8::1a All of the computers on the same switch as your IPv6 router should have new addresses in the 2001:0db8::/64 range. You can look these up and go on a ping6 frenzy. A default gateway (for connecting to other networks) is the IPv6 address of your router: # ip -6 route add default via 2001:db8::1a Of course it's less work to configure it in radvd.conf and have it advertised automatically by adding these lines: route ::/0 { }; Then when you run ip -6 route show you'll see this: default via 2001:db8::1a dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 0 What if you don't want radvd blasting IPv6 addresses all over your network? No worries, for you can limit its clients by listing their IPv6 link-local addresses like this: interface eth0 { AdvSendAdvert on; prefix 2001:db8::/64 { AdvOnLink on; AdvAutonomous on; }; route ::/0 { }; clients { fe80::20d:b9ff:fe05:25b4; fe80::20b:6aff:feef:7e8d; fe80::221:97ff:feed:ef01; }; }; Mind your braces and semi-colons!