[colug-432] IPv6 adventures

Jim Wildman jim at rossberry.com
Mon Aug 31 11:41:26 EDT 2015 

and also...

Do not set SIXXS tunnels to autostart.  It is forbidden in the ToC and they will put you in
a penalty box if say, a VM gets stuck in a reboot loop...

Just saying...

On Mon, 31 Aug 2015, Rob Funk wrote:

> R P Herrold wrote:
>> The IPv6 address calculator tool I mentioned was:
>> 	ipv6calc
>> for more easily building PTR records
>> 	http://www.deepspace6.net/projects/ipv6calc.html
>
> That reminds me: Someone needs to send that to Time-Warner, because
> their IPv6 reverse-lookup is completely broken.
>
>> Probably multiple units thinking they are the 'authortative'
>> radvd.  On the clients a ip6tables rule pair like this may
>> help:
>>
>> -A FORWARD -p ipv6-icmp --icmpv6-type
>> 	router-advertisement -s fe80::202:b3ff:feda:5e8b -j ACCEPT
>> -A FORWARD -p ipv6-icmp --icmpv6-type
>> 	router-advertisement -j DROP
>>
>> for all but wanted radvd's.
>
> As far as I know I don't have any radvd on my network, though I assume
> there's one on the T-W side. Maybe their radvd plus my dhcp is the
> problem?
>
>>   [We intentionally use the Link-Local side, not the Global scoped
>>   source, to reduce the likelihood of successful 'spoofing' from
>>   external 'forgers' -- ^fe packets do not properly cross router
>>   boundries] The log files on the radvd's should be settable to a
>>   debug level to show the MAC addresses of the clients they are
>>   servicing
>
> I get an "Invalid argument" error when I try to ping or ssh to the
> link-local address of one machine from the other.
>
>> TCPDUMP should also know how to display only that packet type.
>> Write an ! host rule for known radvd's and see what other MAC
>> addresses are talking that ICMP packet type.  The 'man' page
>> for my local version suggests crafting such rules is left as
>> an exercise of the reader ;)
>
> Hmmm.....
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>

----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE       jim at rossberry.com http://www.rossberry.net
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine

More information about the colug-432 mailing list