[GLLUG] Using IPv6 addresses with Debian

Chris Bell chrisbell at chrisbell.org.uk
Fri Mar 12 10:04:07 UTC 2021

> In fact I want to be able to use the addresses as source addresses under
> specific conditions, such as local or global use. This has been working for
> some time, and RADVD is configured to specify which to use. Given a choice
> of prefix the one chosen should automatically be the one which has the
> nearest to the destination prefix.

There are valid reasons for a single interface to have more than one current 
source prefix, including multi-homed sites with connections provided by more 
than one ISP for reliability (perhaps one preferred if available for cost 
reasons) and when using site-local addresses.

RFC3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
defines fe80::/64 as link local, still current
defines fec0::/10 as site local, now deprecated by

RFC 4291 IP Version 6 Addressing Architecture


RFC4193 Unique Local IPv6 Unicast Addresses
defines fc00::/7 as site local, although fd00::/8 is the only one currently in 
use, (October 2005, and has no current amendments)

RFC6724 Default Address Selection for Internet Protocol Version 6 (IPv6)
specifies how the correct address should be selected

The Shorewall(6) firewall system is designed to cope with these possibilities 
and can be used to enforce the way different addresses may be used.

I have been receiving SMTP to my RaspberryPi email gateway using exim and 
spamassassin, and the gateway could only access my RaspberryPi hubbed host 
mail server, again running exim and spamassassin, using my site local network 
addresses, and the gateway managed to block huge numbers of direct attacks.

Chris Bell
Website http://chrisbell.org.uk

More information about the GLLUG mailing list