[colug-432] IPv6 adventures
Rob Funk
rfunk at funknet.net
Mon Aug 31 10:45:27 EDT 2015
R P Herrold wrote:
> The IPv6 address calculator tool I mentioned was:
> ipv6calc
> for more easily building PTR records
> http://www.deepspace6.net/projects/ipv6calc.html
That reminds me: Someone needs to send that to Time-Warner, because
their IPv6 reverse-lookup is completely broken.
> Probably multiple units thinking they are the 'authortative'
> radvd. On the clients a ip6tables rule pair like this may
> help:
>
> -A FORWARD -p ipv6-icmp --icmpv6-type
> router-advertisement -s fe80::202:b3ff:feda:5e8b -j ACCEPT
> -A FORWARD -p ipv6-icmp --icmpv6-type
> router-advertisement -j DROP
>
> for all but wanted radvd's.
As far as I know I don't have any radvd on my network, though I assume
there's one on the T-W side. Maybe their radvd plus my dhcp is the
problem?
> [We intentionally use the Link-Local side, not the Global scoped
> source, to reduce the likelihood of successful 'spoofing' from
> external 'forgers' -- ^fe packets do not properly cross router
> boundries] The log files on the radvd's should be settable to a
> debug level to show the MAC addresses of the clients they are
> servicing
I get an "Invalid argument" error when I try to ping or ssh to the
link-local address of one machine from the other.
> TCPDUMP should also know how to display only that packet type.
> Write an ! host rule for known radvd's and see what other MAC
> addresses are talking that ICMP packet type. The 'man' page
> for my local version suggests crafting such rules is left as
> an exercise of the reader ;)
Hmmm.....
More information about the colug-432
mailing list