From 96cf4ea8b822559b7710eadb5eed531b31b1c595 Mon Sep 17 00:00:00 2001 From: sven-ola Date: Wed, 6 Oct 2010 13:45:25 +0000 Subject: doc: iopv6 precedence git-svn-id: https://map66.svn.sourceforge.net/svnroot/map66@8 3484d885-4da6-438d-b19d-107d078dd756 --- Makefile | 2 +- README.dbk | 49 ++++++++++++++++++++++++++++++++++++++++++++----- README.txt | 44 +++++++++++++++++++++++++++++++++++++------- 3 files changed, 82 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index f7704aa..dbfc552 100644 --- a/Makefile +++ b/Makefile @@ -30,5 +30,5 @@ README.txt: README.dbk xmlto text README.dbk README.html: README.dbk - xmlto xhtml README.dbk + xmlto xhtml-nochunks README.dbk diff --git a/README.dbk b/README.dbk index 7fc6aff..3e8ff18 100644 --- a/README.dbk +++ b/README.dbk @@ -175,13 +175,52 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-
- Hints (Chapter is To-do) + IPv6/IPv4 Precedence - Note on ubuntu. One needs to enable prefer-family in /etc/wgetrc. after this e.g. "wget -O /dev/null - http://ftp.se.debian.org" should connect to the IPv6 addrs of that server. Alternative: change presedence of ULAs in - /etc/gai.conf + With (EKU)buntu and eventually with RedHat, you will notice that your browser does not show the IPv6 version of a web + site that is multi-homed when using ULA addresses for your IPv6 Internet connection. The reason for this is an add on to the + RFC 3484 rules that is compiled into the (EKU)buntu libc. The pre-installed /etc/gai.conf file will + give you a hint on this. - Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more privacy + In short: the getaddrinfo() library function rates a private IPv4 address higher than the ULA IPv6 address when + choosing the transport protocol for a new Internet connection if this add on to the RFC 3484 rules is compiled in. For this + reason, you may want to change the precedence rules within /etc/gai.conf. + + + The getaddrinfo() library function manages lists of label, precedence, and scope4 type entries. If the + /etc/gai.conf file does not provide a single entry for a particular type, the compiled-in list is + used. For this reason, you cannot uncomment a single entry to overwrite the default. You need to uncomment all entries of + a particular type for this. The label lines compare source addresses, the precedence lines compare + destination addresses. + + + + Change IPv6 Precedence + + + Open the /etc/gai.conf file as root user, e.g. by executing sudo nano + /etc/gai.conf. + + + + Remove the leading hash character from the 8 lines starting with #label. + + + + Re-add the hash character to the line stating #label fc00::/7 6. + + + + Save the file. + + + + Restart your browser and re-try to browse to a multi-homed web site. + + + + The above procedure removes the difference between standard IPv6 source addresses and ULA type private IPv6 source + addresses. Anything else is unchanged.
diff --git a/README.txt b/README.txt index 2e2eaf0..57abc4a 100644 --- a/README.txt +++ b/README.txt @@ -17,7 +17,7 @@ Configuration Brief Version Detailed Version -Hints (Chapter is To-do) +IPv6/IPv4 Precedence Motivation These files implement a Linux netfilter target that changes the IPv6 address of @@ -186,14 +186,44 @@ address, you will get the answer packet back via the 6-to-4 interface. If the above address mapping is configured, you ping one IPv6 address and get the answer from another IPv6 address... -Hints (Chapter is To-do) +IPv6/IPv4 Precedence -Note on ubuntu. One needs to enable prefer-family in /etc/wgetrc. after this -e.g. "wget -O /dev/null http://ftp.se.debian.org" should connect to the IPv6 -addrs of that server. Alternative: change presedence of ULAs in /etc/gai.conf +With (EKU)buntu and eventually with RedHat, you will notice that your browser +does not show the IPv6 version of a web site that is multi-homed when using ULA +addresses for your IPv6 Internet connection. The reason for this is an add on +to the RFC 3484 rules that is compiled into the (EKU)buntu libc. The +pre-installed /etc/gai.conf file will give you a hint on this. -Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more -privacy +In short: the getaddrinfo() library function rates a private IPv4 address +higher than the ULA IPv6 address when choosing the transport protocol for a new +Internet connection if this add on to the RFC 3484 rules is compiled in. For +this reason, you may want to change the precedence rules within /etc/gai.conf. + +Note + +The getaddrinfo() library function manages lists of label, precedence, and +scope4 type entries. If the /etc/gai.conf file does not provide a single entry +for a particular type, the compiled-in list is used. For this reason, you +cannot uncomment a single entry to overwrite the default. You need to uncomment +all entries of a particular type for this. The “label” lines compare source +addresses, the precedence lines compare “destination” addresses. + +Procedure 1. Change IPv6 Precedence + + 1. Open the /etc/gai.conf file as root user, e.g. by executing sudo nano /etc/ + gai.conf. + + 2. Remove the leading hash character from the 8 lines starting with “#label”. + + 3. Re-add the hash character to the line stating “#label fc00::/7 6”. + + 4. Save the file. + + 5. Restart your browser and re-try to browse to a multi-homed web site. + +The above procedure removes the difference between standard IPv6 source +addresses and ULA type private IPv6 source addresses. Anything else is +unchanged. Motivation -- cgit v1.2.3