Re: about ip6tables and dns
Pascal Hambourg wrote:
Hello,
luis a écrit :
#1
how can i drop all the packets in my network from port 22 ?
Could you be more accurate ?
Locally received, locally generated or forwarded packets ?
From source port 22 or to destination port 22 ?
TCP or UDP ?
here is my radvd config
interface eth0
{
AdvSendAdvert on;
prefix 2001:db8::c859:1/64
{
};
};
2001:db8::c859:1/64 does not look like a valid /64 prefix : there are
non-zero bits in the host part ::c859:1. The /64 prefix in this
address is 2001:db8::/64.
ok 2001:db8::/64. fixed
:)
my ipv6 network have lots of ipv6 address rigth now
example
IP6TABLES -A INPUT -s 2001:db8::cdb2:6293:fe3c:571c
--------------->thats my computer -p tcp --dport 22 -j ACCEPT
What do you mean by "that's my computer" ? Is this the host on which
the rule is created ? If so, the -s option will match only loopback
packets.
Also, --dport means "to destination port", not "from (source) port".
And you drop packets with DROP, not ACCEPT.
IP6TABLES -A INPUT -s 2001:db8::c859:1/64 -p tcp --dport 22 -j DROP
Same remark as with radvd, 2001:db8::c859:1/64 is not a valid /64 prefix.
What do you want to do *exactly* ?
well exactly i want to allow only the computer
2001:db8::cdb2:6293:fe3c:571c to ssh to the server 2001:db8::c859:1
Now the question #2
is there a way to fuse radvd and dns or make they to work as one
for example
i have my 2001:db8::cdb2:6293:fe3c:571c witch is automatically set
by radvd
now how can the same server add to dns server the names A4 OR AAAA to
the dns server , is there a way to do that , i think must exist that
because ipv6 is kinda big , :)
What is A4 ? I don't know this DNS record type. I know the A6 type,
but it is now deprecated.
I am not sure I understand your question. Radvd is used for stateless
autoconfiguration by sending the network prefix ; so, unlike a DHCP
server, radvd does not know about the generated host addresses and
cannot do DNS dynamic update. Maybe the host which receives the prefix
can do this, but I don't know how to achieve this. Why don't you just
add static AAAA and reverse PTR records in the DNS server, as the same
prefix and MAC address will always produce the same IPv6 address ?
God Point
well imagina that i have more than 200 computers
do you know what means add 200 ipv6 computers on my /var/named config ?
i get old doing that
i think there might me another way because if we have plans to get ipv6
as the new global generation
there mus be a way to assign a static way to update dns--v6
or how the new companys or domains are going register manually the big
dns database ipv4 to v6 ?
just talking delibery
if there is no avaliable a way to do that i think the creators of ipv6
must think about that posivility.
because it would be kida freaky add all that by hand :)
Best regards
Luis
--
---------------
UONET
----------------
DEBIAN
L I N U X
The Choice
of my
Generation
------------------------------------------------------------------------
.~.
/V\
/( )\
^^-^^
Luis A. Rondon Paz
Admin intranet CNT
itachi@cnt.uo.edu.cu
icq #132736035
P. Box 113
P. Zone 1
Santiago de cuba
Cuba
Phone(53)022-633011--702
------------------------------------------------------------------------
--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
Reply to: