Okay, got some learning to do. I've rebooted with IPv6 enabled. My iMac
is now assigned an IPv6 address, interestingly it seems to have been
assigned two addresses (on the wired ethernet, I have WiFi turned off). As
for the AstLinux box, status page is not showing my assigned IPv6 address,
only my IPv4 address. Firewall states however shows quite a few v6
addresses in lieu of the v4 address and the system log is showing that the
firewall is blocking some v6 traffic.
Meanwhile at the command line, output from ifconfig shows...
eth0 assigned two IPv6 addresses, one marked /128 Scope:Global the other
/64 Scope:Link
br1 (eth1/eth2 bridged) also assigned two IPv6 addresses, one marked /64
Scope:Global the other /64 Scope:Link
eth1 and eth2 both have one IPv6 address, both /64 Scope:Link
eth1's IPv6 address is identical to one of the br1 interface's IPv6 address
lo interface has ::1/128 Scope:Host which I assume is the v6 equivalent to
127.0.0.1
So I think I'm in business. Now to start reading up on IPv6.
Should the web interface status page be updated to display the IPv6
addresses of EXTIF and INTIF ?
David.
On Fri, Feb 5, 2016 at 9:26 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com>
wrote:
> David,
>
> With DHCPv6 and "Prefix Delegation" you leave the "IPv6/nn:" filed blank
> (actually, it will be ignored). "IPv6/nn:" is only used for static
> addressing.
>
> There is a lot to learn about IPv6, not rocket science, but a lot of
> details that any self-respecting geek should know. :-)
>
> Lonnie
>
>
> On Feb 5, 2016, at 8:10 AM, David Kerr <da...@kerr.net> wrote:
>
> > Okay, cool. Something to play with over the weekend. For IP Autoconfig
> on the internal LANs.... do I leave the field after it blank, or do I have
> to enter something akin to IPv4's 192.168.x.y ? Forgive me is that is a
> dumb question, but I am not at all familiar with IPv6 yet.
> >
> > Thanks
> > David
> >
> > On Fri, Feb 5, 2016 at 9:00 AM, Lonnie Abelbeck <
> li...@lonnie.abelbeck.com> wrote:
> > Hi David,
> >
> > We recently added DHCPv6 client support (which Comcast requires), so if
> you built an image recently you should have it:
> >
> > *If* you wanted to enable IPv6:
> > --
> > Network tab -> IP Version: [ IPv4 & IPv6 ]
> >
> > Network tab -> Connection Type: [ DHCP/DHCPv6 ]
> >
> > Network tab -> Internal Interfaces: -> IPv6 Autoconfig: [ enabled ] for
> any internal LAN that you want IPv6 Enabled using "Prefix Delegation"
> >
> > Network tab -> External DHCPv6 Client Settings: (the defaults should be
> fine)
> > --
> >
> > > Which now begs the question whether I should enable it on my AstLinux
> box which is what is ordinarily connected to the cable modem. If I do
> enable it, what affect does it have.... will systems on my local LAN be
> issued IPv6 addresses as well as IPv4? Are there any security or firewall
> implications? Is there any benefit?
> >
> >
> > Do you need IPv6 enabled now ? most likely no.
> >
> > Will enabling IPv6 have any security or firewall implications ? most
> likely no, a lot of effort has been made to make dual-stack IPv4/IPv6
> seamless. But never say never.
> >
> > Should you enable it ? your call, but I would think you do, if not only
> to learn about IPv6. Worst case the "Network tab -> IP Version:" master
> switch can disable IPv6 if needed.
> >
> > Personally, I have had IPv6 enabled for well over 5 years using
> Hurricane Electric's https://www.tunnelbroker.net . Looking forward to
> getting "native" IPv6 support from my ISP some day.
> >
> > One thing to remember is IPv6 is 'routed' so you are protected by
> iptables's stateful inspection and not by NAT. You don't port-forward to
> internal devices, but rather you selectively route IPv6 to internal devices.
> >
> > If you currently have firewall rules limiting kids "screen time" make
> sure they are not IPv4-only rules. The time-schedule-host-block plugin
> should also work with IPv6. Most all modern devices today will try to
> support IPv6 if available.
> >
> > Lonnie
> >
> >
> > On Feb 4, 2016, at 9:13 PM, David Kerr <da...@kerr.net> wrote:
> >
> > > Yesterday I connected my MacBook directly to my cable modem as I was
> testing whether AstLinux impacted speedtest results having just been
> upgraded to Comcast higher speed service -- answer no, or if it does it is
> negligible.
> > >
> > > However I happened to notice in Network Settings that in addition to
> the regular IPv4 address, DHCP had also returned a IPv6 address. This is
> the first time I have noticed this and I suppose it means that Comcast now
> supports IPv6
> > >
> > > Which now begs the question whether I should enable it on my AstLinux
> box which is what is ordinarily connected to the cable modem. If I do
> enable it, what affect does it have.... will systems on my local LAN be
> issued IPv6 addresses as well as IPv4? Are there any security or firewall
> implications? Is there any benefit?
> > >
> > > Anyone done this and/or have advice?
> > >
> > > Thanks
> > > David
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Site24x7 APM Insight: Get Deep Visibility into Application Performance
> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> > Monitor end-to-end web transactions and take corrective actions now
> > Troubleshoot faster and improve end-user experience. Signup Now!
> > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> > _______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
> >
> >
> ------------------------------------------------------------------------------
> > Site24x7 APM Insight: Get Deep Visibility into Application Performance
> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> > Monitor end-to-end web transactions and take corrective actions now
> > Troubleshoot faster and improve end-user experience. Signup Now!
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
