On Sat, Sep 10, 2016 at 10:04 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
On Sat, Sep 10, 2016 at 9:10 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
The learning curve is not that steep. Just do it.
Per, past time for me to try this.
My ISP is Comcast and they are said to have good IPv6.
I have a Netgear R6900 router.
I have a Leap 42.2 test machine cat5 connected to it.
Hi Greg,
soonds good.
I just went into the router's advanced settings and told it to auto-detect IPv6 (previously disabled). It says I now have a WAN and LAN IPv6 address for the router (shockingly easily done).
Yast says I have IPv6 enabled (since install I assume).
ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?)
Could you post output from "ip addr"? Anyway, having multiple IPv6 addresses is normal and just one of those new things you will get used to. a) a link-local address, fe80:: b) a public ipv6 address.
I have 3 total. 2 global, 1 link local
sudo ifconfig root's password: Sorry, try again. root's password: eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link
Right, so your /64 prefix is 2601:c0:8105:82f0 -
2601:c0:8105:82f0:3de5:c309:46c3:20c3 - random address, for privacy reasons. 2601:c0:8105:82f0:325a:3aff:fe54:de1 - address derived from the interface MAC address.
Great
What does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? I expect it is "1", which is "assign random address". A "2" would be "assign and prefer random address". We used to default to "2", but it was changed, not sure why.
Mine is 2. Default Leap 42.2 install.
Next point your browser to http://test-ipv6.com/
9 green, 1 red
The red test was large packets. It says I have an issue with MTU.
Hmm, your mtu is 1500, not sure what the problem might be.
I'll worry about that in a separate thread. Obviously could be anywhere in the network hops.
So now every hacker in the world knows my info and I have no idea if I have a firewall in place!
I tried pinging both of your addresses, no response.
good
You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default:
ip6tables --list -n
sudo /usr/sbin/ip6tables --list -n root's password: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination So. I'm 100% blocked from incoming sockets on IPv6?
A part from the firewall, you're now on IPv6, and your machine will prefer that over IPv4 when you visit IPv6 enabled sites, do lookups on IPv6-enabled DNSes etc. etc.
Very cool. And way easier than I could have possibly imagined. Now I need to repeat the process for my laptop at my house and open a couple firewall holes to let me remote into that test machine.
-- Per Jessen, Zürich (24.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland.
Thanks for an interesting exercise, Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org