Hi David, (comments inline) On Feb 6, 2016, at 1:28 PM, David Kerr <da...@kerr.net> wrote:
> Thanks Lonnie, my tests are returning success and I'm beginning to figure > things out. Discovered that VMware Fusion supports IPv6 only for bridged > connections, not NAT, which is fine by me. Yes, this makes sense, behind NAT you have a different network, since IPv6 is routed a valid /64 prefix from your /60 (Prefix Delegation) would be required. AstLinux does not act as a Prefix Delegation server (as your ISP does) so any additional networks connected downstream from your LAN networks (physical or virtual) would require manually setting IPv6 prefixes from your /60 pool and an added IPv6 route on your AstLinux box to find that prefix. > Interestingly if I "ping google.com" from the AstLinux box it is routed to > google's IPv6 address, but if I ping from an inside client than it is routed > to the IPv4 address -- then I discovered the "ping6" command which does force > IPv6 and it worked. > > Xfinity's speedtest was interesting too. Shows that IPv6 is slightly slower > than IPv4. Possibly because of larger packet headers? Possibly, there may be other reasons as well. Nothing to worry about. My IPv6 was noted as faster and I use a IPv4 tunnel ! go figure... http://results.speedtest.xfinity.com/result/1205871944.png http://results.speedtest.xfinity.com/result/1205876104.png (the distance is puzzling unless it is the fiber distance) BTW, I pay for a 50/10 Mbps connection. > I do think it would be helpful to see the assigned IPv6 address on the web > interface status page both the EXTIF and the network part (first 64 bits) of > the INTIF. Its interesting that the network part of EXTIF > (2001:aaaa:bbbb:cccc) is not the same as the network part of INTIF > (2601:xxxx:yyyy:zzzz) for some reason I thought they would be the same. No they would not be the same, your EXTIF and INTIF are on different IPv6 networks. Just as EXTIF and INTIF are on different IPv4 networks. Getting this NAT'ed vs. routed in your head does take some time. :-) > Now, how should IPv6 work on my internal network? Specifically DNS. > If I "ping Davids-iPad" then it works (DHCP assigned IPv4 address, name set > on my iPad). > But if I "ping6 Davids-iPad" then... > ping6: getaddrinfo -- nodename nor servname provided, or not known > But if I "ping6 2601:xxxx:yyyy:zzzz:oh you get the idea" (address found from > test-ip6.com) > Then it works. DNS has 'A' records for IPv4 addresses and 'AAAA' records for IPv6 addresses. DNS lookups over IPv4 can be used to retrieve IPv6 addresses. "ping6 foo" says do a DNS lookup for a AAAA record for "foo" before doing the ping. The Network -> DNS Hosts sub-tab does support IPv6 addresses. > So how do I make my IPv6 addresses discoverable by DNS? Some more reading to > do I think. > > Thanks > David Lonnie > > > > > On Sat, Feb 6, 2016 at 8:31 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > Hi David, > > Excellent. > > This is the obligatory IPv6 test site, you should get 10/10 from any HTTP > browser if it supports IPv6 ... > http://test-ipv6.com > > Speed test site that does both IPv4 and IPv6 (requires flash, so use Chrome) > http://speedtest.xfinity.com/ > > The Status tab does not show any IPv6 info in the top section, not sure if > that would be helpful. > > Looks like you are in business. Here is a nice overview of IPv6... > > IPv6 Basics > http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/ipv6/ipv6srnd/basics.pdf > > BTW, personally I prefer "ip a" instead of "ifconfig". > > Lonnie > > > On Feb 5, 2016, at 10:35 PM, David Kerr <da...@kerr.net> wrote: > > > Okay, got some learning to do. I've rebooted with IPv6 enabled. My iMac > > is now assigned an IPv6 address, interestingly it seems to have been > > assigned two addresses (on the wired ethernet, I have WiFi turned off). As > > for the AstLinux box, status page is not showing my assigned IPv6 address, > > only my IPv4 address. Firewall states however shows quite a few v6 > > addresses in lieu of the v4 address and the system log is showing that the > > firewall is blocking some v6 traffic. > > > > Meanwhile at the command line, output from ifconfig shows... > > eth0 assigned two IPv6 addresses, one marked /128 Scope:Global the other > > /64 Scope:Link > > br1 (eth1/eth2 bridged) also assigned two IPv6 addresses, one marked /64 > > Scope:Global the other /64 Scope:Link > > eth1 and eth2 both have one IPv6 address, both /64 Scope:Link > > eth1's IPv6 address is identical to one of the br1 interface's IPv6 address > > lo interface has ::1/128 Scope:Host which I assume is the v6 equivalent to > > 127.0.0.1 > > > > So I think I'm in business. Now to start reading up on IPv6. > > > > Should the web interface status page be updated to display the IPv6 > > addresses of EXTIF and INTIF ? > > > > David. > > > > > > > > > > > > > > > > On Fri, Feb 5, 2016 at 9:26 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > > wrote: > > David, > > > > With DHCPv6 and "Prefix Delegation" you leave the "IPv6/nn:" filed blank > > (actually, it will be ignored). "IPv6/nn:" is only used for static > > addressing. > > > > There is a lot to learn about IPv6, not rocket science, but a lot of > > details that any self-respecting geek should know. :-) > > > > Lonnie > > > > > > On Feb 5, 2016, at 8:10 AM, David Kerr <da...@kerr.net> wrote: > > > > > Okay, cool. Something to play with over the weekend. For IP Autoconfig > > > on the internal LANs.... do I leave the field after it blank, or do I > > > have to enter something akin to IPv4's 192.168.x.y ? Forgive me is that > > > is a dumb question, but I am not at all familiar with IPv6 yet. > > > > > > Thanks > > > David > > > > > > On Fri, Feb 5, 2016 at 9:00 AM, Lonnie Abelbeck > > > <li...@lonnie.abelbeck.com> wrote: > > > Hi David, > > > > > > We recently added DHCPv6 client support (which Comcast requires), so if > > > you built an image recently you should have it: > > > > > > *If* you wanted to enable IPv6: > > > -- > > > Network tab -> IP Version: [ IPv4 & IPv6 ] > > > > > > Network tab -> Connection Type: [ DHCP/DHCPv6 ] > > > > > > Network tab -> Internal Interfaces: -> IPv6 Autoconfig: [ enabled ] for > > > any internal LAN that you want IPv6 Enabled using "Prefix Delegation" > > > > > > Network tab -> External DHCPv6 Client Settings: (the defaults should be > > > fine) > > > -- > > > > > > > Which now begs the question whether I should enable it on my AstLinux > > > > box which is what is ordinarily connected to the cable modem. If I do > > > > enable it, what affect does it have.... will systems on my local LAN be > > > > issued IPv6 addresses as well as IPv4? Are there any security or > > > > firewall implications? Is there any benefit? > > > > > > > > > Do you need IPv6 enabled now ? most likely no. > > > > > > Will enabling IPv6 have any security or firewall implications ? most > > > likely no, a lot of effort has been made to make dual-stack IPv4/IPv6 > > > seamless. But never say never. > > > > > > Should you enable it ? your call, but I would think you do, if not only > > > to learn about IPv6. Worst case the "Network tab -> IP Version:" master > > > switch can disable IPv6 if needed. > > > > > > Personally, I have had IPv6 enabled for well over 5 years using Hurricane > > > Electric's https://www.tunnelbroker.net . Looking forward to getting > > > "native" IPv6 support from my ISP some day. > > > > > > One thing to remember is IPv6 is 'routed' so you are protected by > > > iptables's stateful inspection and not by NAT. You don't port-forward to > > > internal devices, but rather you selectively route IPv6 to internal > > > devices. > > > > > > If you currently have firewall rules limiting kids "screen time" make > > > sure they are not IPv4-only rules. The time-schedule-host-block plugin > > > should also work with IPv6. Most all modern devices today will try to > > > support IPv6 if available. > > > > > > Lonnie > > > > > > > > > On Feb 4, 2016, at 9:13 PM, David Kerr <da...@kerr.net> wrote: > > > > > > > Yesterday I connected my MacBook directly to my cable modem as I was > > > > testing whether AstLinux impacted speedtest results having just been > > > > upgraded to Comcast higher speed service -- answer no, or if it does it > > > > is negligible. > > > > > > > > However I happened to notice in Network Settings that in addition to > > > > the regular IPv4 address, DHCP had also returned a IPv6 address. This > > > > is the first time I have noticed this and I suppose it means that > > > > Comcast now supports IPv6 > > > > > > > > Which now begs the question whether I should enable it on my AstLinux > > > > box which is what is ordinarily connected to the cable modem. If I do > > > > enable it, what affect does it have.... will systems on my local LAN be > > > > issued IPv6 addresses as well as IPv4? Are there any security or > > > > firewall implications? Is there any benefit? > > > > > > > > Anyone done this and/or have advice? > > > > > > > > Thanks > > > > David > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
