FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-04-2012, 09:58 PM
Mike Wright
 
Default ipv6 problem

Hi all,

Anybody need a good laugh at somebody else's expense?

I screwed up a dns address and pointed it to China (1.something) instead
of unrouteable (10.something). A very *short* time later I was suddenly
some sort of server for whomever in the world was looking for .CN, much
of which was ipv6 advertisements, and to add insult to injury I found
that I was trying resolve them.


Since this had become a major bandwidth consumer and no doubt confused a
lot of routers around the world I'm pretty sure both the US spies and
their CN counterparts got their eyes onto me. Panicked laughter here :/


In my desperate attempts to track down the source of the problem I
started to tear down anything ipv6. Seems I've have managed to do so
quite well.


I have 4 machines that won't speak ipv6. modprobe ipv6 works on each of
them, lsmod shows that they all have the ipv6 module installed.


Using iproute2: "ip addr list" shows only "inet" addresses but no
"inet6" addresses. Any attempt to "ip addr add dev ethX ipv6-addr"
returns a "permission denied" regardless of user.


I don't remember any ON/OFF switch for ipv6. (CRS)

Does anybody out there have any idea how to bring IPv6 back to life on
these machines or perhaps any insight into just what the resident idiot
may have done?


Thanks, Mike Wright (befuddled)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-05-2012, 02:15 AM
Bill Davidsen
 
Default ipv6 problem

Mike Wright wrote:

Hi all,

Anybody need a good laugh at somebody else's expense?

I screwed up a dns address and pointed it to China (1.something) instead of
unrouteable (10.something). A very *short* time later I was suddenly some sort
of server for whomever in the world was looking for .CN, much of which was ipv6
advertisements, and to add insult to injury I found that I was trying resolve them.

Since this had become a major bandwidth consumer and no doubt confused a lot of
routers around the world I'm pretty sure both the US spies and their CN
counterparts got their eyes onto me. Panicked laughter here :/

In my desperate attempts to track down the source of the problem I started to
tear down anything ipv6. Seems I've have managed to do so quite well.

I have 4 machines that won't speak ipv6. modprobe ipv6 works on each of them,
lsmod shows that they all have the ipv6 module installed.

Using iproute2: "ip addr list" shows only "inet" addresses but no "inet6"
addresses. Any attempt to "ip addr add dev ethX ipv6-addr" returns a
"permission denied" regardless of user.

I don't remember any ON/OFF switch for ipv6. (CRS)

Does anybody out there have any idea how to bring IPv6 back to life on these
machines or perhaps any insight into just what the resident idiot may have done?

Thanks, Mike Wright (befuddled)


I've been doing a lot of IPv6 stuff and am happy to say I haven't seen that.
However, I would suggest taking a long look at your firewall with either a
firewall tool or ip6tables. After that use tcpdump to capture packets at a NIC,
bridge, or gateway as you find best, and look at what is coming in and going
out, or not going out. The method is to find the packets, then look for them at
the next place you expect them to be, until you find the problem.


I presume you have a firewall of some kind for IPv6, that's where you set the
INPUT first rule to DROP. That's a pretty good off switch. If you're throwing
all your systems directly on the net without a firewall, I have no easy OFF switch.


--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 12:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org