Re: [GLLUG] Systemd on Debian
On Saturday, 23 May 2020 12:43:29 BST Andy Smith via GLLUG wrote: > Hello, > > On Sat, May 23, 2020 at 10:07:24AM +0100, James Courtier-Dutton via GLLUG wrote: > > On Sat, 23 May 2020, 09:07 Chris Bell via GLLUG, > > > > > > wrote: > > > I am trying to assign IPv4 and IPv6, with named local IP > > > addresses to individual networks for local access only, > > > > I am curious. Why do you think ipv6 link local address is useful for what > > you are trying to use it for? > > The above is the only reference to "local" that I find and I didn't > take it as meaning strictly link-local. They could just be global > scope addresses that are only used internally. But in case it was > wanted to use addresses that cannot be globally routed, there is the > Unique Local Address range which is intended to be like RFC1918 but > for IPv6: > > https://en.wikipedia.org/wiki/Unique_local_address > > So in that case OP should pick some random block within fc00::/7. > > But if OP has been assigned some stable prefix by the tunnel broker > then I would think it is perfectly fine to use a subnet of that for > internal addressing, with appropriate firewalling. > > Perhaps there is a desire to keep the same internal addresses even > if the tunnel broker supplier were to change. > > Cheers, > Andy In fact I have an assigned IPv6 address via the HE tunnel, I may at some time get an assigned IPv6 address from my ISP, and I am using fdxx::/8 with the correctly generated bits to make a 48bit prefix for local use (fcxx::/8 is officially not yet in use). I am trying to enhance my shorewall(6) firewall without breaking it, and prepare an upgraded one for future use. Out of interest, a relative has a brand new BT domestic FTTC connection which came with a dynamic IPv4 address and an IPv6 address with TTL 10 years, but the Hub6 tells me that it does not have IPv6 DNS. -- Chris Bell Website http://chrisbell.org.uk -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Systemd on Debian
Hello, On Sat, May 23, 2020 at 09:07:01AM +0100, Chris Bell via GLLUG wrote: > with the correct prefix used for sending and receiving. In case it helps, I am often in the situation where a host has a general purpose v6 address and several "service addresses" that are only used as listening addresses for different services on the host. I don't like outgoing packets to source from one of those service addresses, but the default Linux behaviour is to use the last added address on the interface as a source address. There are two easy ways to influence this. One way is to add the desired source address with a longer prefix, e.g. /128. If all others are shorter prefix than this, e.g. /64s then the /128 will be preferred. The way I like better is to add the service addresses with a preferred_lft of 0 like: # ip addr add 2001:db8::1/64 dev $IFACE preferred_lft 0 That would then show up as "deprecated" in the "ip -6 addr" list, which prevents it being used for any source address nut doesn't interfere with it receiving packets addressed to it. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Systemd on Debian
Hello, On Sat, May 23, 2020 at 10:07:24AM +0100, James Courtier-Dutton via GLLUG wrote: > On Sat, 23 May 2020, 09:07 Chris Bell via GLLUG, > wrote: > > I am trying to assign IPv4 and IPv6, with named local IP > > addresses to individual networks for local access only, > I am curious. Why do you think ipv6 link local address is useful for what > you are trying to use it for? The above is the only reference to "local" that I find and I didn't take it as meaning strictly link-local. They could just be global scope addresses that are only used internally. But in case it was wanted to use addresses that cannot be globally routed, there is the Unique Local Address range which is intended to be like RFC1918 but for IPv6: https://en.wikipedia.org/wiki/Unique_local_address So in that case OP should pick some random block within fc00::/7. But if OP has been assigned some stable prefix by the tunnel broker then I would think it is perfectly fine to use a subnet of that for internal addressing, with appropriate firewalling. Perhaps there is a desire to keep the same internal addresses even if the tunnel broker supplier were to change. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Systemd on Debian
On Sat, 23 May 2020, 09:07 Chris Bell via GLLUG, wrote: > On Friday, 22 May 2020 19:56:33 BST Andy Smith via GLLUG wrote: > > Thanks for the reply. Yes that is what I expected. I am trying to assign > IPv4 > and IPv6, with named local IP addresses to individual networks for local > access only, and global addresses for grouped networks, all with the > correct > prefix used for sending and receiving. This is slightly complicated > because I > also need to tunnel IPv6 in IPv4 until my ISP wakes up and provides the > IPv6 > promised several years ago, while making provision for it to appear at any > time. > > - > Hi, I am curious. Why do you think ipv6 link local address is useful for what you are trying to use it for? Ipv6 link local addresses are pretty useless things. Good for neighbour discovery, but not much else. Kind regards James -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Systemd on Debian
On Friday, 22 May 2020 19:56:33 BST Andy Smith via GLLUG wrote: > Hi, > > On Fri, May 22, 2020 at 04:57:15PM +0100, Chris Bell via GLLUG wrote: > > Systemd attempts to rule the world of Debian Buster. > > The usual way to define your network in Debian is still ifupdown as > configured by /etc/network/interfaces so it seems to me that you are > the one choosing to use systemd-networkd for ruling your world. > > > man systemd.network says > > […] > > > [ADDRESS] SECTION OPTIONS > > > >Label= > > > >An address label. > > > > > > > > but there is no indication whether that should be a numerical reference or > > a text string label such as DMZ. > > It can (and for compat should) be a text string; it is the direct > equivalent of "ip address … label …". If you look in man ip-address: > > label NAME > Each address may be tagged with a label string. In order to > preserve compatibility with Linux-2.0 net aliases, this > string must coincide with the name of the device or must be > prefixed with the device name followed by colon. > > An IPv6label on the other hand is a completely different thing. It > is a source address selection mechanism, like /etc/gai.conf but in > the kernel. It's an interface to ip addrlabel which as you'll note > is at a sompletely different command level to "ip address …". So the > man page for that in iputils terms is man ip-addrlabel. > > Cheers, > Andy Thanks for the reply. Yes that is what I expected. I am trying to assign IPv4 and IPv6, with named local IP addresses to individual networks for local access only, and global addresses for grouped networks, all with the correct prefix used for sending and receiving. This is slightly complicated because I also need to tunnel IPv6 in IPv4 until my ISP wakes up and provides the IPv6 promised several years ago, while making provision for it to appear at any time. -- Chris Bell Website http://chrisbell.org.uk -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug