Re: Do you disable IPV6? - Fedora Workstation
On 30.12.2020 05:58, Chris Adams wrote: You cannot have NAT without the exact same state tracking and ALGs of a stateful firewall. guess why it is easier to break through NAT than through a stateful firewall ... smime.p7s Description: S/MIME Cryptographic Signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 29.12.2020 15:32, Chris Adams wrote: Once upon a time, Neal Becker said: Let me say up front I'm not very knowledgeable about v6 yet. One reason I don't want to enable it is the exact flip side of the address scarcity of v4. Because of that, external connections are nat'd. That seems to me to offer an additional layer of protection for devices on my network, they don't have externally routeable addresses. I think that is not true if I turn on v6. Is this correct? There is no NAT for IPv6, but that's a feature. indeed, there is no need for NAT, but you can have it, if you want see RFC 4193, the pendant to RFC 1918 ... NAT doesn't really add any security; this is wrong, the best security at all for which you don't have to do anything is included with NAT or how can you access my PC with e.g. 10.0.8.15? NAT is a combination of two things: a stateful firewall this is wrong, NAT is not a stateful firewall; or in other words your two sentences disagree or you really mean by "NAT doesn't really add any security" that a stateful firewall doesn't have any security and is useless ... smime.p7s Description: S/MIME Cryptographic Signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 29.12.2020 07:10, Ed Greshko wrote: On 29/12/2020 12:44, Tim via users wrote: The key issue is "need." I'm unaware of anything, so far, that actually needed IPv6. As yet, I think everything is still accessible through IPv4 (which is probably why my ISP is dragging their heels on making IPv6 work). When I first configured the tunnel I didn't "need" it either. But since the tunnel was free I figured it was a good opportunity experiment with it and learn about IPv6. and the most important, this is a good thing to make things IPv6 compatible; the only device which has disabled IPv6 is my printer as it can't be configured with a fixed IPv6 - only with SLAAC, which I don't use; by the way Google's Android hasn't learnt to deal with stateful DHCPv6 yet ... either IPv6 will be used as the only internet protocol in the future or it is used only be freaks now? smime.p7s Description: S/MIME Cryptographic Signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
Once upon a time, Tim via users said: > On Tue, 2020-12-29 at 08:32 -0600, Chris Adams wrote: > > There is no NAT for IPv6, but that's a feature. NAT doesn't really > > add any security; NAT is a combination of two things: a stateful > > firewall (which gives you the protection) and a packet mangler (which > > causes no end of problems). You can still have a stateful firewall > > with IPv6, you just don't need the packet mangler anymore. > > That's the first time I've ever seen anyone say a stateful firewall is > a part of NAT. Sure, systems may have both, but I wouldn't call one > part of the other. I've certainly used systems with NAT, going back to > Win98SE days, that had no firewall. Anything that does IPv4 NAT is performing the functions of a stateful firewall, plus packet mangling. You may not have control of the firewall, but it is inherently there. You cannot have NAT without the exact same state tracking and ALGs of a stateful firewall. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On Tue, 2020-12-29 at 08:32 -0600, Chris Adams wrote: > There is no NAT for IPv6, but that's a feature. NAT doesn't really > add any security; NAT is a combination of two things: a stateful > firewall (which gives you the protection) and a packet mangler (which > causes no end of problems). You can still have a stateful firewall > with IPv6, you just don't need the packet mangler anymore. That's the first time I've ever seen anyone say a stateful firewall is a part of NAT. Sure, systems may have both, but I wouldn't call one part of the other. I've certainly used systems with NAT, going back to Win98SE days, that had no firewall. The fact that NAT doesn't know what to do with surprise incoming connections doesn't make it a firewall, just unconfigured networking. While that brokenness may be beneficial to many people, it's not something to rely on. I've seen modem-routers that (un)helpfully forwarded all unexpected incoming network attempts to a PC behind NAT. It was their attempt at un-breaking the many communication protocols that instant messaging and gaming used that didn't work well through NAT. Quite how it was going to determine which of your PCs to forward it through to I don't know. -- uname -rsvp Linux 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 30/12/2020 06:26, Roberto Ragusa wrote: On 12/29/20 7:10 AM, Ed Greshko wrote: On 29/12/2020 12:44, Tim via users wrote: The key issue is "need." I'm unaware of anything, so far, that actually needed IPv6. As yet, I think everything is still accessible through IPv4 (which is probably why my ISP is dragging their heels on making IPv6 work). When I first configured the tunnel I didn't "need" it either. But since the tunnel was free I figured it was a good opportunity experiment with it and learn about IPv6. Same for me here. And in some cases I've seen cloud based services (e.g. videoconferences) use IPv6 to reach the cloud provider datacenters. IPv6 direct reachability in that case could have skipped a middle box bridging two NATted machines, or maybe a different routing may have lowered the latency. Hard to tell, but if the software opted for IPv6 there could have been a preference (maybe as simple as a faster ping test). Chances are network admins have configured their systems according to RFC 3484. See "man gai.conf". By default IPv6 is preferred over IPv4 Fedora. The rfc itself (https://www.ietf.org/rfc/rfc3484.txt) has some good examples of how admins may adjust preferences. --- The key to getting good answers is to ask good questions. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 12/29/20 7:10 AM, Ed Greshko wrote: On 29/12/2020 12:44, Tim via users wrote: The key issue is "need." I'm unaware of anything, so far, that actually needed IPv6. As yet, I think everything is still accessible through IPv4 (which is probably why my ISP is dragging their heels on making IPv6 work). When I first configured the tunnel I didn't "need" it either. But since the tunnel was free I figured it was a good opportunity experiment with it and learn about IPv6. Same for me here. And in some cases I've seen cloud based services (e.g. videoconferences) use IPv6 to reach the cloud provider datacenters. IPv6 direct reachability in that case could have skipped a middle box bridging two NATted machines, or maybe a different routing may have lowered the latency. Hard to tell, but if the software opted for IPv6 there could have been a preference (maybe as simple as a faster ping test). Regards. -- Roberto Ragusamail at robertoragusa.it ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
(top-posted to match the original OP) Unless you are explicitly configuring more-public addresses on your IPv6 connections, your upstream gateway machine, router or switch should be providing link-local addresses to anything local. All switches are required not to forward link-local addresses upstream, giving you the NAT-like isolation that you desire. -- John Mellor On 2020-12-29 8:53 a.m., Neal Becker wrote: Let me say up front I'm not very knowledgeable about v6 yet. One reason I don't want to enable it is the exact flip side of the address scarcity of v4. Because of that, external connections are nat'd. That seems to me to offer an additional layer of protection for devices on my network, they don't have externally routeable addresses. I think that is not true if I turn on v6. Is this correct? On Tue, Dec 29, 2020 at 6:24 AM John Mellor <mailto:john.mel...@gmail.com>> wrote: On 2020-12-28 7:51 p.m., Jorge Fábregas wrote: > Is there a known application/service that might *misbehave* because it > expects a an ipv6 stack these days? The Fedora IP stack used to stall for several seconds in several previous releases. The normal workaround for that was to disable IPv6, causing pretty massive speedups. That problem went away at about Fedora 32 or 31. IPv4 has an address-space capacity issue, and is effectively dead. The allocated IPv4 address space remains tight in North America, and completely exhausted in most other parts of the world. In my case, while my internal network remains IPv4 since I use older switches, while my upstream is IPv6. The only machine that has to be IPv6 internally is my HP printer. My ISP does not have anywhere near enough IPv4 addresses to support its large customer base, so they were forced to upgrade most of their network to IPv6. Their v4-to-v6 translation and vice-versa works pretty transparently. I haven't noticed any issues for a couple of years now. One interesting and nice side-effect of IPv6 is that I get a lot less drive-by shooting trying to attack my network. I used to get about 3 port-scanning attempts/day, and now I go weeks without an intrusion-detection hit. I don't think the bad guys have figured out how to attack IPv6 addresses yet. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
Once upon a time, Neal Becker said: > Let me say up front I'm not very knowledgeable about v6 yet. One reason I > don't want to enable it is the exact flip side of the address scarcity of > v4. Because of that, external connections are nat'd. That seems to me to > offer an additional layer of protection for devices on my network, they > don't have externally routeable addresses. I think that is not true if I > turn on v6. Is this correct? There is no NAT for IPv6, but that's a feature. NAT doesn't really add any security; NAT is a combination of two things: a stateful firewall (which gives you the protection) and a packet mangler (which causes no end of problems). You can still have a stateful firewall with IPv6, you just don't need the packet mangler anymore. Returning to end-to-end addressing is nice - for example, I can open up SSH on my home firewall and connect to home systems from my cell phone (because both my home and cell Internet providers have native IPv6). No more silly port mappings and having to remember which port is mapped to which device. On business networks, the death of NAT is way overdue - my company has VPN tunnels to a bunch of customer networks, and we're forever running into the same NAT networks (10.0.0.0, 192.168.1.0, etc.). If everybody would just get on the IPv6 train, address conflicts would be gone. NAT just gives the feeling of security, when it's just the firewall part that is the actual security layer. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
Let me say up front I'm not very knowledgeable about v6 yet. One reason I don't want to enable it is the exact flip side of the address scarcity of v4. Because of that, external connections are nat'd. That seems to me to offer an additional layer of protection for devices on my network, they don't have externally routeable addresses. I think that is not true if I turn on v6. Is this correct? On Tue, Dec 29, 2020 at 6:24 AM John Mellor wrote: > On 2020-12-28 7:51 p.m., Jorge Fábregas wrote: > > Is there a known application/service that might *misbehave* because it > > expects a an ipv6 stack these days? > > The Fedora IP stack used to stall for several seconds in several > previous releases. The normal workaround for that was to disable IPv6, > causing pretty massive speedups. That problem went away at about Fedora > 32 or 31. > > IPv4 has an address-space capacity issue, and is effectively dead. The > allocated IPv4 address space remains tight in North America, and > completely exhausted in most other parts of the world. In my case, > while my internal network remains IPv4 since I use older switches, while > my upstream is IPv6. The only machine that has to be IPv6 internally is > my HP printer. My ISP does not have anywhere near enough IPv4 addresses > to support its large customer base, so they were forced to upgrade most > of their network to IPv6. Their v4-to-v6 translation and vice-versa > works pretty transparently. I haven't noticed any issues for a couple > of years now. > > One interesting and nice side-effect of IPv6 is that I get a lot less > drive-by shooting trying to attack my network. I used to get about 3 > port-scanning attempts/day, and now I go weeks without an > intrusion-detection hit. I don't think the bad guys have figured out > how to attack IPv6 addresses yet. > > -- > > John Mellor > > > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > -- *Those who don't understand recursion are doomed to repeat it* ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 2020-12-28 7:51 p.m., Jorge Fábregas wrote: Is there a known application/service that might *misbehave* because it expects a an ipv6 stack these days? The Fedora IP stack used to stall for several seconds in several previous releases. The normal workaround for that was to disable IPv6, causing pretty massive speedups. That problem went away at about Fedora 32 or 31. IPv4 has an address-space capacity issue, and is effectively dead. The allocated IPv4 address space remains tight in North America, and completely exhausted in most other parts of the world. In my case, while my internal network remains IPv4 since I use older switches, while my upstream is IPv6. The only machine that has to be IPv6 internally is my HP printer. My ISP does not have anywhere near enough IPv4 addresses to support its large customer base, so they were forced to upgrade most of their network to IPv6. Their v4-to-v6 translation and vice-versa works pretty transparently. I haven't noticed any issues for a couple of years now. One interesting and nice side-effect of IPv6 is that I get a lot less drive-by shooting trying to attack my network. I used to get about 3 port-scanning attempts/day, and now I go weeks without an intrusion-detection hit. I don't think the bad guys have figured out how to attack IPv6 addresses yet. -- John Mellor ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On Tue, 2020-12-29 at 14:10 +0800, Ed Greshko wrote: > When I first configured the tunnel I didn't "need" it either. But > since the tunnel was free I figured it was a good opportunity > experiment with it and learn about IPv6. Fair enough. I've been putting off learning the quirks of IPv6. Yet another set of numbers to learn about. -- uname -rsvp Linux 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 29/12/2020 12:44, Tim via users wrote: The key issue is "need." I'm unaware of anything, so far, that actually needed IPv6. As yet, I think everything is still accessible through IPv4 (which is probably why my ISP is dragging their heels on making IPv6 work). When I first configured the tunnel I didn't "need" it either. But since the tunnel was free I figured it was a good opportunity experiment with it and learn about IPv6. --- The key to getting good answers is to ask good questions. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
Tim: >> To use IPv6 web services I'd need an IPv4 - IPv6 tunnel that's >> hosted outside of my ISP. I don't have a need for that, so I'm not >> going to pay for one. Ed Greshko: > Hurricane Electric tunnels are free. > > https://www.tunnelbroker.net/ The key issue is "need." I'm unaware of anything, so far, that actually needed IPv6. As yet, I think everything is still accessible through IPv4 (which is probably why my ISP is dragging their heels on making IPv6 work). -- uname -rsvp Linux 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On 29/12/2020 10:19, Tim via users wrote: To use IPv6 web services I'd need an IPv4 - IPv6 tunnel that's hosted outside of my ISP. I don't have a need for that, so I'm not going to pay for one. Hurricane Electric tunnels are free. https://www.tunnelbroker.net/ And they have a server in Sydney, NSW, AU216.218.142.50 I have both native IPv6 assigned by my ISP as well as using an IPv4-IPv6 tunnel on a laptop for testing purposes. --- The key to getting good answers is to ask good questions. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On Mon, 2020-12-28 at 20:51 -0400, Jorge Fábregas wrote: > For a while (for a more than 10 Fedora releases) I used to disable > IPv6 because I don't use it. It's been a while since I don't but I'm > about to disable it again on my new installation. > > Is there a known application/service that might *misbehave* because > it expects a an ipv6 stack these days? In my case, the biggest consideration is: Does the ISP carry IPv6 traffic? Mine didn't (and I'm using the biggest ISP in the country). But having everything *else* in my LAN with working IPv6 meant that they often tried to use IPv6 by default, and things would stall at every connection attempt outside of my LAN. To use IPv6 web services I'd need an IPv4 - IPv6 tunnel that's hosted outside of my ISP. I don't have a need for that, so I'm not going to pay for one. So, I switch off IPv6 features on everything that lets me: The PC's network interface, my DNS server, web browsers, audio streamers. -- uname -rsvp Linux 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
On Mon, 28 Dec 2020 20:51:46 -0400 Jorge Fábregas wrote: > Is there a known application/service that might *misbehave* because it > expects a an ipv6 stack these days? I always disable it because I'm convinced it confuses comcast :-). The only thing I've ever noticed are occasional log errors about fedora ntp servers, one of which might only have an ipv6 address (that's my guess anyway). ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do you disable IPV6? - Fedora Workstation
Hi, For a while (for a more than 10 Fedora releases) I used to disable IPv6 because I don't use it. It's been a while since I don't but I'm about to disable it again on my new installation. Is there a known application/service that might *misbehave* because it expects a an ipv6 stack these days? Thanks. -- Jorge ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How to disable IPv6 configuration properly?
Hi, El 01/03/16 a las 20:15, Peter Boy escribió: Now I’m wondering what I may have overlooked or missed? Try this: https://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df Fernando. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
How to disable IPv6 configuration properly?
Hi all, for some reason I’ve to temporarily deactivate IPv6 interface configuration on a F22 server box. According to documentation (or at least as I understood) it could be done either by adding IPV6INIT=no IPV6_AUTOCONF=no to /etc/sysconfig/network-scripts/ifcfg-eth0 or NETWORKING_IPV6=no IPV6_AUTOCONF=no to /etc/sysconfig/network I tried both, executed "nmcli c reload", "systemctl restart NetworkManager", even rebooted the system. No change in network configuration. In ifconfig I have a local link address as well as a global address as advertised by the router and autoconfig based on mac address. All those options are documented in usr/share/doc/initscripts/sysconfig.txt, so I guess these are still valid options. Now I’m wondering what I may have overlooked or missed? Any hint appreciated. Peter — Dr. Peter Boy Universität Bremen Mary-Sommerville-Str. 5 28359 Bremen Germany p...@zes.uni-bremen.de www.zes.uni-bremen.de Are you looking for a web content management system for scientific research organizations? Have a look at http://www.scientificcms.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
On 01/25/2013 05:45 PM, Wolfgang S. Rupprecht wrote: Robert Moskowitz writes: On 01/24/2013 10:22 PM, Chris Adams wrote: Once upon a time, Tom Horsley said: My system at work seems to take a long time to start the network. I have this suspicion it is waiting for an IPv6 DHCP server to respond (which won't happen). It looks like the F18 install writes out ifcfg-* files with "DHCPV6C=yes", which should probably not be set by default, especially since so few environments (even IPv6 environments) will have a IPv6 DHCP server. Comment out that line or set it to "no" and it should fix the slowdown. RA will be more common. That is what I have. +1 Belts and suspenders: check both. The ISP's that give you IPv6 addresses (Comcast for one) will also use dhcp to give you a whole 64-bit network of addresses via DHCP-PD. My ISP gave me a /48 allocation :) I'm curious how many of the people that are disabling their IPv6 actually have painless access to IPv6 and are ignoring it. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Am 26.01.2013 07:52, schrieb Wolfgang S. Rupprecht: > I've never felt the need for one of these routers to be between my > internal ethernet and the dsl or cable modem. The software on them > usually sucks and the CPU is usually underpowered compared to a desktop > machine running with two ethernets. no problem if your system is not windows and always up to date if your OS is windows or even more worse MacOSX it would be pretty dumb connect it diretly to the net signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Tom Horsley writes: > On Fri, 25 Jan 2013 14:45:29 -0800 > Wolfgang S. Rupprecht wrote: >> The ISP's that give you IPv6 addresses (Comcast for one) will also use >> dhcp to give you a whole 64-bit network of addresses via DHCP-PD. > > Yea, but unless the router you have comcast's cable modem > plugged into supports v6, it doesn't really matter what comcast does. Many routers can be updated with firmware from openwrt / ddwrt etc. I've never felt the need for one of these routers to be between my internal ethernet and the dsl or cable modem. The software on them usually sucks and the CPU is usually underpowered compared to a desktop machine running with two ethernets. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
On 1/25/2013 6:13 PM, Tom Horsley wrote: > On Fri, 25 Jan 2013 14:45:29 -0800 > Wolfgang S. Rupprecht wrote: > >> The ISP's that give you IPv6 addresses (Comcast for one) will also use >> dhcp to give you a whole 64-bit network of addresses via DHCP-PD. > > Yea, but unless the router you have comcast's cable modem > plugged into supports v6, it doesn't really matter what comcast does. > My cable modem, I own my own, that is connected to my router, I own my own, are both more than five years old. Both of them are connected to Comcast, which supports IPV6. So? If /you/ have a problem you have some other problem. I dislike FUD. Really dislike FUD. -- David -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Once upon a time, Wolfgang S. Rupprecht said: > The ISP's that give you IPv6 addresses (Comcast for one) will also use > dhcp to give you a whole 64-bit network of addresses via DHCP-PD. That's typically to a router though, not a host. > I'm curious how many of the people that are disabling their IPv6 > actually have painless access to IPv6 and are ignoring it. I have IPv6 at my home, but with the more common config using RAs. If I don't disable the DHCPV6C option in the ifcfg-eth0 file, bringing up an interface with "traditional" network scripts (e.g. ifup) takes 66 seconds. With DHCPV6C=no, it takes 3 seconds (DHCP for IPv4). Given the very small percentage of environments that are using DHCPv6 today, adding over a minute per interface startup to the default config is wrong. Oddly, it appears that nothing is taking the DNS information from the RAs and adding it to /etc/resolv.conf. IIRC that used to work with ifup (but maybe I'm remembering wrong). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
On Fri, 25 Jan 2013 14:45:29 -0800 Wolfgang S. Rupprecht wrote: > The ISP's that give you IPv6 addresses (Comcast for one) will also use > dhcp to give you a whole 64-bit network of addresses via DHCP-PD. Yea, but unless the router you have comcast's cable modem plugged into supports v6, it doesn't really matter what comcast does. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Robert Moskowitz writes: > On 01/24/2013 10:22 PM, Chris Adams wrote: >> Once upon a time, Tom Horsley said: >>> My system at work seems to take a long time to start >>> the network. I have this suspicion it is waiting for >>> an IPv6 DHCP server to respond (which won't happen). >> It looks like the F18 install writes out ifcfg-* files with >> "DHCPV6C=yes", which should probably not be set by default, especially >> since so few environments (even IPv6 environments) will have a IPv6 DHCP >> server. Comment out that line or set it to "no" and it should fix the >> slowdown. > > RA will be more common. That is what I have. +1 Belts and suspenders: check both. The ISP's that give you IPv6 addresses (Comcast for one) will also use dhcp to give you a whole 64-bit network of addresses via DHCP-PD. I'm curious how many of the people that are disabling their IPv6 actually have painless access to IPv6 and are ignoring it. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
On 01/24/2013 10:22 PM, Chris Adams wrote: Once upon a time, Tom Horsley said: My system at work seems to take a long time to start the network. I have this suspicion it is waiting for an IPv6 DHCP server to respond (which won't happen). It looks like the F18 install writes out ifcfg-* files with "DHCPV6C=yes", which should probably not be set by default, especially since so few environments (even IPv6 environments) will have a IPv6 DHCP server. Comment out that line or set it to "no" and it should fix the slowdown. RA will be more common. That is what I have. I've filed this in Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=903907 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
On Thu, 24 Jan 2013 21:22:39 -0600 Chris Adams wrote: > It looks like the F18 install writes out ifcfg-* files with > "DHCPV6C=yes", which should probably not be set by default, especially > since so few environments (even IPv6 environments) will have a IPv6 DHCP > server. Comment out that line or set it to "no" and it should fix the > slowdown. Thanks! That's what I was looking for. I don't want to utterly eradicate IPV6, I just want it to stop looking for a V6 address. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Am 25.01.2013 10:35, schrieb Frank Elsner: > On Fri, 25 Jan 2013 04:18:18 +0100 Reindl Harald wrote: >> >> >> Am 25.01.2013 01:51, schrieb Tom Horsley: >>> My system at work seems to take a long time to start >>> the network. I have this suspicion it is waiting for >>> an IPv6 DHCP server to respond (which won't happen). >>> >>> Would putting IPV6INIT=no in the ifcfg-em1 file >>> make this stop trying to use IPv6, or is there some >>> other way (this is with good old network, not >>> NetworkManager) >> >> add "ipv6.disable=1" to the kernel params and IPv6 is completly off >> > > Isn't it > net.ipv6.conf.all.disable_ipv6=1 ??? > > I've done it this way. Works mine is a kernel param yours is a sysctl.conf setting there is a big difference between both starting where you config them, so please do not bring up sysctl params when one speaks about kernel params without a hint which is understandable for beginners too and not only people like me which knowing both well i had all this sysctl-crap if you look in the archive but services was still listening on "::" and with the kernel param ipv6 is REALLY completly disabled signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
On Fri, 25 Jan 2013 04:18:18 +0100 Reindl Harald wrote: > > > Am 25.01.2013 01:51, schrieb Tom Horsley: > > My system at work seems to take a long time to start > > the network. I have this suspicion it is waiting for > > an IPv6 DHCP server to respond (which won't happen). > > > > Would putting IPV6INIT=no in the ifcfg-em1 file > > make this stop trying to use IPv6, or is there some > > other way (this is with good old network, not > > NetworkManager) > > add "ipv6.disable=1" to the kernel params and IPv6 is completly off > Isn't it net.ipv6.conf.all.disable_ipv6=1 ??? I've done it this way. Works. Just curious, Frank Elsner -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Once upon a time, Tom Horsley said: > My system at work seems to take a long time to start > the network. I have this suspicion it is waiting for > an IPv6 DHCP server to respond (which won't happen). It looks like the F18 install writes out ifcfg-* files with "DHCPV6C=yes", which should probably not be set by default, especially since so few environments (even IPv6 environments) will have a IPv6 DHCP server. Comment out that line or set it to "no" and it should fix the slowdown. I've filed this in Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=903907 -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Am 25.01.2013 01:51, schrieb Tom Horsley: > My system at work seems to take a long time to start > the network. I have this suspicion it is waiting for > an IPv6 DHCP server to respond (which won't happen). > > Would putting IPV6INIT=no in the ifcfg-em1 file > make this stop trying to use IPv6, or is there some > other way (this is with good old network, not > NetworkManager) add "ipv6.disable=1" to the kernel params and IPv6 is completly off signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Tom Horsley wrote: My system at work seems to take a long time to start the network. I have this suspicion it is waiting for an IPv6 DHCP server to respond (which won't happen). Would putting IPV6INIT=no in the ifcfg-em1 file make this stop trying to use IPv6, or is there some other way (this is with good old network, not NetworkManager). Doubt it makes a difference, don't see one with my dhcp up or not. Try jt unless someone has a good reason why it should be up -- Bill Davidsen "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
disable IPv6?
My system at work seems to take a long time to start the network. I have this suspicion it is waiting for an IPv6 DHCP server to respond (which won't happen). Would putting IPV6INIT=no in the ifcfg-em1 file make this stop trying to use IPv6, or is there some other way (this is with good old network, not NetworkManager). -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: kernel 3.2 / 2.6.42 disable ipv6
Am 08.02.2012 10:33, schrieb Reindl Harald: > > > Am 08.02.2012 10:28, schrieb Rich Boyce: >> Hi, >> >> On 07/02/12 21:43, Reindl Harald wrote: >>> why is this ignored in the latest kernels? >> >> I don't know, but... >> >>> i do not like to see any ipv6-configuration/IP as long the WAN >>> is ipv4 only and this may be a long time >> >> ... this is how I do it (Fedora 16): >> >> sysctl -w net.ipv6.conf.all.disable_ipv6=1 >> echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf >> >> The first command disables it immediately, the second after a reboot. > > thanks, this works! > "systcl -p" makes changes in /etc/sysctl.conf active immediately > > well, my /etc/sysctl.conf is growing and growing :-) hm - but it seems not to work perfectly "sysctl.conf" is applyied not at the first begin of the boot-process so it seems samba as example is starting while the option is not set, restart it after boot hash fnished removes the ipv6-listening [root@rh:~]$ netstat -l | grep smb tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1123/smbd tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1123/smbd tcp0 0 :::445 :::* LISTEN 1123/smbd tcp0 0 :::139 :::* LISTEN 1123/smbd [root@rh:~]$ service smb restart Redirecting to /bin/systemctl restart smb.service [root@rh:~]$ netstat -l | grep smb tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN 5430/smbd tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 5430/smbd signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: kernel 3.2 / 2.6.42 disable ipv6
Am 08.02.2012 10:28, schrieb Rich Boyce: > Hi, > > On 07/02/12 21:43, Reindl Harald wrote: >> why is this ignored in the latest kernels? > > I don't know, but... > >> i do not like to see any ipv6-configuration/IP as long the WAN >> is ipv4 only and this may be a long time > > ... this is how I do it (Fedora 16): > > sysctl -w net.ipv6.conf.all.disable_ipv6=1 > echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf > > The first command disables it immediately, the second after a reboot. thanks, this works! "systcl -p" makes changes in /etc/sysctl.conf active immediately well, my /etc/sysctl.conf is growing and growing :-) signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: kernel 3.2 / 2.6.42 disable ipv6
Hi, On 07/02/12 21:43, Reindl Harald wrote: > why is this ignored in the latest kernels? I don't know, but... > i do not like to see any ipv6-configuration/IP as long the WAN > is ipv4 only and this may be a long time ... this is how I do it (Fedora 16): sysctl -w net.ipv6.conf.all.disable_ipv6=1 echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf The first command disables it immediately, the second after a reboot. HTH, Rich -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
kernel 3.2 / 2.6.42 disable ipv6
why is this ignored in the latest kernels? i do not like to see any ipv6-configuration/IP as long the WAN is ipv4 only and this may be a long time [root@srv-rhsoft:~]$ uname -r 2.6.42.3-1.fc15.x86_64 #1 SMP Fri Feb 3 18:53:22 UTC 2012 [root@srv-rhsoft:~]$ cat /etc/modprobe.d/disable-ipv6.conf options ipv6 disable=1 options net-pf-10 disable=1 [root@srv-rhsoft:~]$ ifconfig eth0 eth0 Link encap:Ethernet Hardware Adresse 3C:D9:2B:65:95:9F inet6 Adresse: fe80::3ed9:2bff:fe65:959f/64 Gültigkeitsbereich:Verbindung UP BROADCAST RUNNING PROMISC MTU:1500 Metric:1 RX packets:60360 errors:0 dropped:0 overruns:0 frame:0 TX packets:51227 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:14755533 (14.0 MiB) TX bytes:18462073 (17.6 MiB) Interrupt:20 Speicher:fe70-fe72 signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org