On 2020-02-22 06:10, Samuel Sieb wrote: > On 2/21/20 12:15 PM, home user wrote: >> (On 2020-0221 10:51pm, Ed wrote) >> > BTW, if you do an "ip -6 add show eno1" >> > do the numbers a358:d643 appear in the output? >> >> -bash.1[~]: ip -6 add show eno1 >> 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP >> group default qlen 1000 >> inet6 2001:558:6040:5d:9d66:dfa1:a358:d643/128 scope global dynamic >> noprefixroute >> valid_lft 342949sec preferred_lft 342949sec >> inet6 fe80::3285:a9ff:fe97:537e/64 scope link noprefixroute >> valid_lft forever preferred_lft forever >> -bash.2[~]: >> >> So the answer is yes. > > I don't know what the significance of the "a358:d643" part is, although it's > probably related to the first "2001" indicating that you have IPV6 over a > tunnel.
I asked about that number since some folks are skittish about revealing their actual IP addresses. And, no, I don't think a tunnel is involved. Comcast owns 2001:558:6040::/48 My IPv6 address is 2001:b030:112f::140e and, in fact, 2001:b030:112f:0000::/56 belongs to me. I also have a test system which does have a 6in4 tunnel via Hurricane Electric. With the segment 2001:470:67:cce::/64 I gleaned his IPv6 address and, as we all know, there isn't much a need for NAT with IPv6. My network is behind a router based firewall and I do have to configure rules to allow access as the default is "deny". Based on "probing" his IPv6 address while various things were being done yesterday it was apparent that there was no router FW. > > >> (Ed (11:26pm)) >> > We shall see how he answers (if he does) my question on "ip add". >> > I have my own good reason to suspect he actually is directly connected. >> Are Ed and I correct? What is the significance/importance of this? > > Unlike most people, you *are* directly connected to the internet, so would do > well to have basic security enabled. Keep the firewall on. :-) > You're not running anything other than cups that's remotely connectable, so > there's not really anything to even check for hacking attempts, since there's > nothing to break into. (cups should be blocked by default by the firewall.) Actually, when it comes to cupsd... Host is up. PORT STATE SERVICE 631/tcp filtered ipp So, yes, he is covered there as well. FWIW, I have an additional system fully open to the Internet but configured as an IPv6 only system. I use a public NAT64/DNS64 service for access to non-IPv6. Owing to the number of IPv6 addresses, I assume, it has never been probed by the ssh script kiddies. -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
