[colug-432] splatWRT
William Hooper
whooperhsd at gmail.com
Fri Sep 12 19:25:05 EDT 2014
On Wed, Sep 3, 2014 at 10:42 AM, Rick Troth <rmt at casita.net> wrote:
> [snip]
>
> Still have a lot to learn about dynamic IPv6. The router seems to be
> handing out (semi?) random addresses (first 48 bits being consistent and
> the following 16 bits being per-interface, as noted). All of them get out
> and are properly end-to-end visible. For "client" systems (laptop, desktop,
> tablet, phone), some consumers will appreciate the variations. (The world
> still thinks there is security in obscurity.) But for "server" systems, I
> gotta figure out how to nail down the assignments. Can't get away from the
> brokered tunnel until I can set server addrs permanently.
>
> -- R; <><
>
I've been playing with the 6rd addresses that CenturyLink hands out that
have the same dynamic problem. Some resources I found that might be
helpful:
At http://blog.dupondje.be/?p=17 I found the ip6tables syntax so that you
don't have to change your firewall rules on the router when the prefix
changes (also works on my Asus router with merlin firmware):
ip6tables -I INPUT -d ::a3a3:beff:fe89:93af/::ffff:ffff:ffff:ffff -j ACCEPT
Hurricane Electric provides free Dynamic DNS that allows for Dynamic A and
AAAA records (unfortunately my normal DDNS provider doesn't support dynamic
AAAA):
https://dns.he.net/
I haven't decided what mechanism to us to update the AAAA records yet, but
found this script that helps out with the IPv6 "Privacy Extensions" causing
the wrong address to be used to do the update via curl:
http://askubuntu.com/questions/48735/make-curl-download-using-non-privacy-extension-ipv6-address
--
William Hooper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140912/94906900/attachment.html
More information about the colug-432
mailing list