Re: IPv4 v IPv6
On Mon 17 Jun 2019 at 10:38:27 (-0400), Gene Heskett wrote:
> On Monday 17 June 2019 05:59:52 am Jonathan Dowland wrote:
> > On Mon, Jun 17, 2019 at 10:05:11AM +0100, mick crane wrote:
> > >Without knowing anything about it I'm wondering if I should request
> > > an IPv6 range from my ISP to use locally.
> >
> > You don't need a global IPv6 address allocation in order to have local
> > IPv6 addresses. Much like 127.0.0.0/8 (etc.) for IPv4 there are
> > reserved ranges.
> >
> > If you want to have globally-accessible IPv6 addresses for machine(s)
> > in your home, then you would need to request a range from your ISP (if
> > they aren't already assigning you one). But I would start with
> > learning a bit more about it first, and experimenting in the local
> > range if that helps.
> >
> > >A network card have IPv4 and IPv6 addresses that are different, not
> > >the same address in different notation ?
> >
> > That's right.
> >
> > >Then with firewalling do you need to specify both IPv4 and IPv6
> > > ranges ?
> >
> > Yes, generally, anywhere you may have specified an IPv4 address or
> > range you would need to rethink or add IPv6 equivalents.
>
> But that opens yet another container of worms. If I arbitrarily assign
> ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> what if I have an address clash with someone on a satellite circuit in
> Ulan Bator. How is that resolved, by unroutable address blocks such as
> 192.168.xx.xx is now?
Seems a good reason not to bother setting up ipv6 local addresses
until we (you and I) understand it and ever see ipv6 on this side
of the modem. I'm not holding my breath.
> What I've read so far has not addressed this serious security concern. Or
> even mentioned it. If in the future all addressing is by dhcpd6, how do
> the other machines on my local net, advertise their presence to the
> other machines on my local net. So I can still ssh -Y vna.coyote.den for
> instance, if I can ever make ssh work to a win-10-home edition box.
> Thats a rarely used hookup at best. Presently the hosts file duplicated
> on all machines fill's this requirement.
>
> These are the questions I'll need to address if and when ipv6 shows up on
> my side of the router. And the wiki pages I've read, haven't discussed
> it.
Well, ipv6 does show up on the hosts (as seen by $ ip a) even if
there's nothing on the LAN, and I've found it useful enough to
script it, even though I've been ticked off here for doing it.
It makes a useful way of bypassing the router when transferring huge
quantities between wireless devices (typically laptops) that can sit
close to each other: I just connect them with a Cat5 cable, and the
OS does the rest automatically after a short wait. It works with a
wired PC too (though it obviously becomes isolated from the LAN in
the meantime) just by unpluging the LAN cable temporarily.
The trick I use is:
Mywiredifname=$(ip -o link show | sed -e '/^[0-9]\+: [^e]/d;s/[0-9]\+: \([^:]\+\): .*/\1/;')
in .bashrc, which discovers the local wired interface name (assuming
it starts with 'e'), and the bash function:
function wired6 {
ping6 -c 1 -W 1 ff02::1%"$Mywiredifname"
local Neighbour=$(ip -6 -o neighbour | grep -e REACHABLE | sed -e 's/^\([^ ]\+\) .*/\1/;')
if [ -n "$Neighbour" ] ; then
printf '%s\n' "$Neighbour"
else
printf '%s\n' "Unconnected"
return 1
fi
if ! ping6 -c 1 -W 1 "$Neighbour%$Mywiredifname" ; then
printf '%s\n' "Unconnected"
return 1
fi
if [ -z "$1" ] ; then
date && ssh -X "$Neighbour%$Mywiredifname"
else
"$My_clever_scp_function" "$USER@[$Neighbour%$Mywiredifname]" "$@"
fi
}
$ wired6 at one end will login as me to the machine at the other
end, and $ wired6 files … will transfer files to it instead.
$My_clever_scp_function is just a "smart" version of scp.
Apologies to those that don't like using link addresses like that.
Cheers,
David.
Reply to: