Mike Wright wrote:
Anybody need a good laugh at somebody else's expense?
I screwed up a dns address and pointed it to China (1.something) instead of
unrouteable (10.something). A very *short* time later I was suddenly some sort
of server for whomever in the world was looking for .CN, much of which was ipv6
advertisements, and to add insult to injury I found that I was trying resolve them.
Since this had become a major bandwidth consumer and no doubt confused a lot of
routers around the world I'm pretty sure both the US spies and their CN
counterparts got their eyes onto me. Panicked laughter here :/
In my desperate attempts to track down the source of the problem I started to
tear down anything ipv6. Seems I've have managed to do so quite well.
I have 4 machines that won't speak ipv6. modprobe ipv6 works on each of them,
lsmod shows that they all have the ipv6 module installed.
Using iproute2: "ip addr list" shows only "inet" addresses but no "inet6"
addresses. Any attempt to "ip addr add dev ethX ipv6-addr" returns a
"permission denied" regardless of user.
I don't remember any ON/OFF switch for ipv6. (CRS)
Does anybody out there have any idea how to bring IPv6 back to life on these
machines or perhaps any insight into just what the resident idiot may have done?
Thanks, Mike Wright (befuddled)
I've been doing a lot of IPv6 stuff and am happy to say I haven't seen that.
However, I would suggest taking a long look at your firewall with either a
firewall tool or ip6tables. After that use tcpdump to capture packets at a NIC,
bridge, or gateway as you find best, and look at what is coming in and going
out, or not going out. The method is to find the packets, then look for them at
the next place you expect them to be, until you find the problem.
I presume you have a firewall of some kind for IPv6, that's where you set the
INPUT first rule to DROP. That's a pretty good off switch. If you're throwing
all your systems directly on the net without a firewall, I have no easy OFF switch.
Bill Davidsen <firstname.lastname@example.org>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
users mailing list
To unsubscribe or change subscription options:
Have a question? Ask away: http://ask.fedoraproject.org