Re: ipv6 problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mike Wright wrote:

Hi all,

Anybody need a good laugh at somebody else's expense?

I screwed up a dns address and pointed it to China (1.something) instead of
unrouteable (10.something).  A very *short* time later I was suddenly some sort
of server for whomever in the world was looking for .CN, much of which was ipv6
advertisements, and to add insult to injury I found that I was trying resolve them.

Since this had become a major bandwidth consumer and no doubt confused a lot of
routers around the world I'm pretty sure both the US spies and their CN
counterparts got their eyes onto me.  Panicked laughter here :/

In my desperate attempts to track down the source of the problem I started to
tear down anything ipv6.  Seems I've have managed to do so quite well.

I have 4 machines that won't speak ipv6.  modprobe ipv6 works on each of them,
lsmod shows that they all have the ipv6 module installed.

Using iproute2:  "ip addr list"  shows only "inet" addresses but no "inet6"
addresses.  Any attempt to "ip addr add dev ethX ipv6-addr" returns a
"permission denied" regardless of user.

I don't remember any ON/OFF switch for ipv6.  (CRS)

Does anybody out there have any idea how to bring IPv6 back to life on these
machines or perhaps any insight into just what the resident idiot may have done?

Thanks, Mike Wright (befuddled)
I've been doing a lot of IPv6 stuff and am happy to say I haven't seen that. However, I would suggest taking a long look at your firewall with either a firewall tool or ip6tables. After that use tcpdump to capture packets at a NIC, bridge, or gateway as you find best, and look at what is coming in and going out, or not going out. The method is to find the packets, then look for them at the next place you expect them to be, until you find the problem.
I presume you have a firewall of some kind for IPv6, that's where you set the INPUT first rule to DROP. That's a pretty good off switch. If you're throwing all your systems directly on the net without a firewall, I have no easy OFF switch. 

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux