Gene Heskett wrote:
> But that opens yet another container of worms. If I arbitrarily assign
> ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> what if I have an address clash with someone on a satellite circuit in
> Ulan Bator. How is that resolved, by unroutable address blocks such as
> 192.168.xx.xx is now?
Sort of.
IPv6 has a concept of "scope" that says: this address space is
purely local. This address space is global. This address space
is for a link.
If you fire up 'ip -6 address' on a stock Debian machine with
IPv6 enabled (which is the default these days), you will see
something like this:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen
1000
inet6 2001:570:1c07:ff7:d63d:7eff:fe93:e318/64 scope
global
valid_lft forever preferred_lft forever
inet6 fe80::a2d3:c1ff:ce24:b122/64 scope link
valid_lft forever preferred_lft forever
Your loopback interface has one address with scope host: it's only on
this machine. The eth0 has two addresses: one is scope global,
and can be used for routing to your machine from the outside
world, and one is scope link, and should only be used to talk to
your local network. IPv6 routers should never forward those
packets.
If you don't get an address block from your ISP, you won't have
a scope global address.
> What I've read so far has not addressed this serious security concern. Or
> even mentioned it. If in the future all addressing is by dhcpd6, how do
> the other machines on my local net, advertise their presence to the
> other machines on my local net. So I can still ssh -Y vna.coyote.den for
> instance, if I can ever make ssh work to a win-10-home edition box.
> Thats a rarely used hookup at best. Presently the hosts file duplicated
> on all machines fill's this requirement.
Most IPv6 boxes don't use dhcpd6; they use SLAAC: stateless
automatic address configuration. But you're asking about local
naming, and that's done the same way on IPv4 and 6: zeroconf,
aka Rendezvous, Bonjour or Avahi.
Try (installing avahi-utils if needed)_ avahi-browse-domains -a
-dsr-
