Re: problem configuring squeeze
Eugen Leitl <eugen@leitl.org> writes:
> What worked for me (from /etc/network/interfaces ):
>
> # WAN IPv6 from 2a01:4f8:7d:300::/56
> iface eth0 inet6 static
> address 2a01:4f8:7d:300::2
> gateway 2a01:4f8:7d:300::1
> netmask 64
> # Disable autoconf
> post-up echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
> post-up echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
> post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
> post-up echo 0 > /proc/sys/net/ipv6/conf/default/autoconf
> post-up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
> post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
Doing
pre-up sysctl -w net.ipv6.conf.$IFACE.accept_ra=0
or, if you want to keep the RA genereated default route:
pre-up sysctl -w net.ipv6.conf.$IFACE.autoconf=0
should be more than enough. Either way, you do need to do this
*pre*-up, as the kernel otherwise will send a router solicit message and
may receive an answer before the post-up commands are run.
>> > Kernel IPv6 routing table
>> > Destination Next Hop Flag Met Ref Use If
>> > 2a01:198:200::/64 :: UAe 256 0 3 eth0
>> > 2a01:4f8:7d:300::/56 :: U 256 0 1 eth0
>>
>> IMO the prefix length for any local prefix should always be /64. The
>> purpose of a /56 prefix is to be divided into multiple /64 prefixes.
Yes.
And the whole /56 should also be terminated in a null route by doing
something like
ip route add unreachable 2a01:4f8:7d:300::/56
or you may cause a routing loop which can be used to DoS your upstream
link.
Bjørn
Reply to: