diff options
Diffstat (limited to 'README.dbk')
-rw-r--r-- | README.dbk | 49 |
1 files changed, 44 insertions, 5 deletions
@@ -175,13 +175,52 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- </section> <section> - <title>Hints (Chapter is To-do)</title> + <title>IPv6/IPv4 Precedence</title> - <para>Note on ubuntu. One needs to enable prefer-family in /etc/wgetrc. after this e.g. "wget -O /dev/null - http://ftp.se.debian.org" should connect to the IPv6 addrs of that server. Alternative: change presedence of ULAs in - /etc/gai.conf</para> + <para>With (EKU)buntu and eventually with RedHat, you will notice that your browser does not show the IPv6 version of a web + site that is multi-homed when using ULA addresses for your IPv6 Internet connection. The reason for this is an add on to the + RFC 3484 rules that is compiled into the (EKU)buntu libc. The pre-installed <filename>/etc/gai.conf</filename> file will + give you a hint on this.</para> - <para>Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more privacy</para> + <para>In short: the getaddrinfo() library function rates a private IPv4 address higher than the ULA IPv6 address when + choosing the transport protocol for a new Internet connection if this add on to the RFC 3484 rules is compiled in. For this + reason, you may want to change the precedence rules within <filename>/etc/gai.conf</filename>.</para> + + <note> + <para>The getaddrinfo() library function manages lists of label, precedence, and scope4 type entries. If the + <filename>/etc/gai.conf</filename> file does not provide a single entry for a particular type, the compiled-in list is + used. For this reason, you cannot uncomment a single entry to overwrite the default. You need to uncomment all entries of + a particular type for this. The <quote>label</quote> lines compare source addresses, the precedence lines compare + <quote>destination</quote> addresses.</para> + </note> + + <procedure> + <title>Change IPv6 Precedence</title> + + <step> + <para>Open the <filename>/etc/gai.conf</filename> file as root user, e.g. by executing <userinput>sudo nano + /etc/gai.conf</userinput>.</para> + </step> + + <step> + <para>Remove the leading hash character from the 8 lines starting with <quote>#label</quote>.</para> + </step> + + <step> + <para>Re-add the hash character to the line stating <quote>#label fc00::/7 6</quote>.</para> + </step> + + <step> + <para>Save the file.</para> + </step> + + <step> + <para>Restart your browser and re-try to browse to a multi-homed web site.</para> + </step> + </procedure> + + <para>The above procedure removes the difference between standard IPv6 source addresses and ULA type private IPv6 source + addresses. Anything else is unchanged.</para> </section> <section id="motivation"> |