[GLLUG] Using IPv6 addresses with Debian
Chris Bell
chrisbell at chrisbell.org.uk
Fri Mar 12 10:04:07 UTC 2021
>
> In fact I want to be able to use the addresses as source addresses under
> specific conditions, such as local or global use. This has been working for
> some time, and RADVD is configured to specify which to use. Given a choice
> of prefix the one chosen should automatically be the one which has the
> nearest to the destination prefix.
There are valid reasons for a single interface to have more than one current
source prefix, including multi-homed sites with connections provided by more
than one ISP for reliability (perhaps one preferred if available for cost
reasons) and when using site-local addresses.
RFC3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
defines fe80::/64 as link local, still current
defines fec0::/10 as site local, now deprecated by
RFC 4291 IP Version 6 Addressing Architecture
but
RFC4193 Unique Local IPv6 Unicast Addresses
defines fc00::/7 as site local, although fd00::/8 is the only one currently in
use, (October 2005, and has no current amendments)
RFC6724 Default Address Selection for Internet Protocol Version 6 (IPv6)
specifies how the correct address should be selected
The Shorewall(6) firewall system is designed to cope with these possibilities
and can be used to enforce the way different addresses may be used.
I have been receiving SMTP to my RaspberryPi email gateway using exim and
spamassassin, and the gateway could only access my RaspberryPi hubbed host
mail server, again running exim and spamassassin, using my site local network
addresses, and the gateway managed to block huge numbers of direct attacks.
--
Chris Bell
Website http://chrisbell.org.uk
More information about the GLLUG
mailing list