Matthew Cengia <[email protected]> wrote:
> How can I prevent these other interfaces obtaining IPv6 addresses if
> these are being auto-configured via route advertisements etc.? Assuming
> that's achievable reliably, I agree this is probably the best way to
> ensure my primary FR: keeping my downstream IPv4 networks secure.
Let's see if this clarifies the situation.
My machine has native IPv6 from Internode. ppp0 is the ADSL link (it's a
Traverse Technologies Solos card). DHCPv6 prefix delegation is used to obtain
a /56 block of IPv6 addresses and to assign a /64 block to the eth0 interface.
I then have radvd configured to send router advertisements out eth0; this
entails that every machine on the LAN accessible from eth0 will receive a
publicly routable IPv6 address, with my primary host as the gateway.
radvd.conf looks like this:
interface eth0
{
AdvSendAdvert on;
prefix ::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
Apologies for the indentation - let's fix that.
Now obviously, if there were an eth1 interface it wouldn't receive an IPv6
address unless I configured it to do so. Even if I did that, I would have to
add an entry to radvd.conf before machines connected to eth1 would start
receiving v6 addresses.
In case you're interested, in /etc/wide-dhcpv6/dhcp6c.conf is as follows:
interface ppp0 {
send ia-pd 0;
# script "/etc/wide-dhcpv6/dhcp6c-script";
};
id-assoc pd {
prefix-interface eth0 {
sla-id 0;
sla-len 8;
ifid 2;
};
};
We receive a /56 block from the ISP and assign a /64 to eth0 (with all 0 bits
in the network part of the address, i.e., bits 56-64). We then have a host
address with 2 as the last digit, and the rest 0 (for historical reasons - I
used to have another machine ending in ::1) which served as the router back
then.
Putting this together we have eth0 with 2001:44b8:412f:6e00::2 and ppp0 with a
link local address, and a default route which is in fact the host at the other
end of the PPP link (it's point-to-point, after all).
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
