Linux IPv6 HOWTO Author:Peter Bieringer pb@bieringer.de ĶªÌ: ³¯±Ó¼C expns@yahoo.com Revision Release 0.31 2002-09-29 Revised by: PB ½Ķ¤é´Á: 2002-10-14 , 2002-11-19 ²Ä¤G¦¸×¥¿ _________________________________________________________________ Linux IPv6 HOWTO ªº¥Ø¦a¬O¦^µª¦b Linux §@·~¨t²Î¤W³]©wIPv6ªº°ò¥»/¶i¶¥°Ý ÃD.³o¥÷HOWTO¬°¥Î¤á¦bLinux§@·~¨t²Î¤W¦w¸Ë,³]©w©M¨Ï¥ÎIPv6´£¨Ñ¨¬°÷ªº¸ê°T. _________________________________________________________________ 1. ·§z * 1.1 ª©¥» * 1.2 ª©Åv,³\¥i»P¨ä¥¦ * 1.3 Ãö©ó§@ªÌ * 1.4 Ápô * 1.5 Ãþ§O * 1.6 ª©¥», ¾ú¥v©M¥´ºâ * 1.7 ¾ú¥v * 1.8 ¥þ³¡¾ú¥v * 1.9 ¥´ºâ * 1.10 ½Ķ * 1.11 ¼w»y * 1.12 ¨ä¥¦ªº»y¨t * 1.13 ªiÄõª© * 1.14 ¤¤Ä¶ª© * 1.15 §Þ³N¤è± * 1.16 ¥N½X«Ê¸Ë * 1.17 ²£¥ÍSGML * 1.18 2HTMLª©¦¡ªº¦b½u¥Ø¿ý(linking/anchors) * 1.19 ±M¥Îªº¶± * 1.20 ¦³¦h¤ÖÓÃö©ó Linux©MIPv6 HOWTOªºÅܰʪ©¥»? * 1.21 Linux IPv6 FAQ/HOWTO (¹L®Éªº) * 1.22 IPv6 & Linux - HowTo (¥¿¦bºûÅ@·í¤¤) * 1.23 Linux IPv6 HOWTO (²{¦b³o¥÷HOWTO) * 1.24 Long code line wrapping signal char * 1.25 Placeholders (¦û¦ì²Å) * 1.26 Commands in the shell(shell ¸Ìªº©R¥O) * 1.27 ¨Ï¥Î³oÓHOWTOªº¥²»Ý±ø¥ó 2. ¤°»ò¬OIPv6? * 2.1 IPv6¦bLinux§@·~¨t²Î¤Wªº¾ú¥v * 2.2 ¶}©l * 2.3 ¨ä¶¡ * 2.4 ²{¦b * 2.5 ±N¨Ó * 2.6 IPv6 ªº¦a§}·|¬O¤°»ò¼Ë ? * 2.7 FAQ(°ò¦) 3. ¦a§}ªºÃþ«¬ * 3.1 ¨S¦³«eºóªº¦a§} * 3.2 ºô¸ô³¡¤À,¤]¥s°µ«eºó * 3.3 ¦a§}Ãþ«¬(¥D¾÷) * 3.4 ¸ô¥Ñªº«eºóªø«× 4. ·Ç³ÆIPv6ªº¹B¦æ¨t²Î * 4.1 IPv6-ready kernel * 4.2 IPv6-ready ºô¸ô³]©w¤u¨ã * 4.3 IPv6-ready ´ú¸Õ/½Õ¦¡ µ{¦¡ * 4.4 IPv6-ready programs(¯à©MIPv6¨ó¦P¤u§@ªºµ{¦¡) * 4.5 IPv6-ready «È¤áºÝµ{¦¡ (selection) * 4.6 IPv6-ready server µ{¦¡ 5. ³]©winterfaces(¬É±) * 5.1 ¤£¦Pªººô¸ô³]³Æ * 5.2 Bringing interfaces up/down(³]©w¬É±ªº¶}/Ãö) 6. ³]©wIPv6¦a§} * 6.1 ¦C¦L·í«eªºIPv6¦a§} * 6.2 ¼W¥[¤@ÓIPv6¦a§} * 6.3 ²¾°£IPv6¦a§} 7. ³]©wIPv6¸ô¥Ñ * 7.1 ¦C¦L²{¦³ªº¸ô¥Ñ * 7.2 ³]©wIPv6¸ô¥Ñ³q¹L¹h¹D * 7.3 ²¾°£ IPv6¸ô¥Ñ³q¹L¹h¹D * 7.4 ¼W¥[IPv6¸ô¥Ñ¦Üinterface(¬É±) * 7.5 ±qinterface(¬É±)²¾°£IPv6¸ô¥Ñ * 7.6 FAQ for IPv6 routes(IPv6 ¸ô¥Ñªº¸g±`°Ýµª) 8. Neighbor Discovery(µo²{ªÚ¾F) * 8.1 Displaying neighbors using "ip" (¥Î"ip"©R¥O¦C¦LªÚ¾F) * 8.2 ¥Î "ip" ¹ïªÚ¾Fªº¦C¦Lªí¶i¦æ³B²z 9. Configuring IPv6-in-IPv4 tunnels(³]©w¹E¹D) * 9.1 ¹E¹DªºÃþ«¬ * 9.2 ¦C¦L²{¦sªºtunnels(¹E¹D) * 9.3 Setup of point-to-point tunnel(³]©wÂI¹ïÂIªº¹E¹D) * 9.4 Setup of 6to4 tunnels (³]©w IPv6¦ÜIPv4ªº¹E¹D) 10. ³]©w IPv4-in-IPv6 ¹E¹D 11. ®Ö¤ß³]©w in /proc-filesystem * 11.1 «ç¼Ë¶i¤J /proc-filesystem * 11.2 /proc-filesystems ¸Ìªº¼ÆÈÃþ«¬. * 11.3 Entries in /proc/sys/net/ipv6/ * 11.4 IPv6-related entries in /proc/sys/net/ipv4/ * 11.5 IPv6-related entries in /proc/net/ 12. Netlink-Interface to kernel 13. ºô¸ô debugging * 13.1 Server socket binding(¸j©w) * 13.2 Using "netstat" for server socket binding check * 13.3 Examples for tcpdump packet dumps 14. Support for persistent IPv6 configuration in Linux distributions(¦b¤£¦Pªºµo ¦æª©¤¤³]©wIPv6) * 14.1 Red Hat Linux and "clones"(¤p¬õ´U©M¥¦ªº§Ì¥S®X©f) * 14.2 Mandrake(°Ò¼wµÜ§J)Linux * 14.3 SuSE(Ĭ¿A´µ)Linux * 14.4 Debian(}¤ñ¦w)Linux 15. ¨¾¤õÀð * 15.1 ¨Ï¥Î netfilter6¨¾¤õÀð * 15.2 §ó¦hªº¸ê°T: * 15.3 ·Ç³Æ * 15.4 ¨Ï¥Î¤èªk * 15.5 ¨Ï¥Îip6tables 16. ¦w¥þ * 16.1 Access limitations * 16.2 IPv6¦w¥þ¼f®Ö * 16.3 Security auditing using IPv6-enabled netcat(¨Ï¥Î¾AÀ³IPv6 ªºnetcat) * 16.4 Security auditing using IPv6-enabled nmap * 16.5 Security auditing using IPv6-enabled strobe * 16.6 ¼f®Öµ²ªG 17. Encryption and Authentication(¥[±K©M»{ÃÒ) * 17.1 ¥Îªk 18. ½u¤W´ú¸Õ¤u¨ã 19. ¨ä¥¦¸ê°T * 19.1 ½u¤W¸ê°T * 19.2 §ó¦hªº¸ê°T * 19.3 ³q«H½×¾Â 20. ¾ú¥v _________________________________________________________________ 1. ·§z 1.1 ª©¥» Revision Release 0.31 2002-09-29 Revised by: PB See revision history for more Revision Release 0.30 2002-09-27 Revised by: PB See revision history for more Revision Release 0.29 2002-09-18 Revised by: PB 1.2 ª©Åv,³\¥i»P¨ä¥¦ ª©Åv©Ò¦³: Peter Bieringer Copyright Written and Copyright (C) 2001-2002 by Peter Bieringer 1.1.2. License This Linux IPv6 HOWTO is published under GNU GPL version 2: The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems. Copyright (C) 2001-2002 Peter Bieringer This documentation is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 1.3 Ãö©ó§@ªÌ §@ªÌ±µÄ² Internet/IPv6 ªº¾ú¥v 1993: ¥Ñ©ó¨Ï¥Îe-mail©M·s»D²Õ¶}©l±µÄ²Internet. 1996: ¨üÁÜ©ó¤@ÓIPv6ªº½Òµ{. ¥]¬A¤FLinux¦³ÃöªºIPv6. 1997: ¶}©l¼g¦bLinux¸Ì¦w¸Ë,³]©w©M¨Ï¥ÎIPv6ªº«ü«n. 2001: ¶}©l¼g³oÓ·sªºHOWTO. 1.4 Ápô ¥i¥H³q¹Le-mail pb@bieringer.de¤Îº¶ [1]http://www.bieringer.de/pb/ ¥L ²{¦b¦í¦bMunich [northern part of Schwabing] / Bavaria / Germany (south) / Europe (middle) / Earth (surface/mainland). 1.5 Ãþ§O ¦b"Networking/Protocols"¸Ì. 1.6 ª©¥», ¾ú¥v©M¥´ºâ ¦b³Ì¤WÀY´£¹L¤F. 1.7 ¾ú¥v ¥Dnªº¾ú¥v 2001-11-30: ¶}©l³]©w·sªºHOWTO 2002-01-02: §¹¦¨¤F¤@ÂI,µoªí¤F²Ä¤@³¹¸` (version 0.10). 2002-01-14: §¹¦¨¤F§ó¦h,¥[¤Fµû½×,µoªí¤F©Ò¦³ªº¤º®e(version 0.14). 2002-08-16: ªiÄõª©ªºÂ½Ä¶¥¿¦b¶i¦æ. 2002-10-14: ¤¤Ä¶ª©Â½Ä¶è¶}©l. 1.8 ¥þ³¡¾ú¥v See revision history at the end of this document. 1.9 ¥´ºâ ¸É¯Êº|.§¹¦¨¤º®eªºÀ˵ø. 1.10 ½Ķ ¥¦Ì¥]§tURL,ª©¥»¸¹,ì§@ªºª©Åv. 1.11 ¼w»y ¥¦ªºª©¥»¥Ñ§Ú¦Û¤v§¹¦¨(¼w»y¬O§Úªº¥À»y)¦bª©¥»¨C¤ë³£¦³Åܤƪº®ÉÔ¬O¤£·|§¹¦¨ ªº. ¨Ã¥B§ÚÁÙn¦³ªÅ¶¢ªº®É¶¡,¦pªG±z¦³®É¶¡,¤£§«¸Õ¤@¸Õ,¤j¤j¤è¤è¦a¨Ó±µºÞ§a. 1.12 ¨ä¥¦ªº»y¨t ¤@¯ë±¡ªp¤U,½Ðµ¥¨ì¤@Ó¤ë¥H¤WµLÅܰʪº®ÉÔ¶i¦æ½Ķ, version0.27 ¬O³Ìªñªº. 1.13 ªiÄõª© ¦Û±q 2002-08-16 Lukasz Jokiel Lukasz.Jokiel@klonex.com.pl¶}©l,¨ì²{¦b. ¥Lªº°_©lª©¬O 0.27 1.14 ¤¤Ä¶ª© ±q 2002-10-14 °_, ¤¤Ä¶ª©ªºÂ½Ä¶§¹¦¨¤F³¡¥÷¤º®e, °_©lª©¬O 0.31 1.15 §Þ³N¤è± HOWTOªºì©l§Î¦¡¬O ¦bLinux Red Hat7.3¨½¥Î LyX version 1.2.0 ¼gªº,®æ¦¡ ¬OSGML. http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/ ¸Ì¥i¥H¨ú±o. 1.16 ¥N½X«Ê¸Ë ¥N½X«Ê¸Ë¬O¥Ñ¦Û¤v¼gªº¤u¨ã"lyxcodelinewrapper.pl" ¨Ó§¹¦¨. ±z¥i¥H ¦bhttp://cvsview.tldp.org/index.cgi/LDP/users/ ¸Ì¨ú±o 1.17 ²£¥ÍSGML ¬O¥ÎLyXªº¿é¥X¥\¯à¹ê²{. ¤]¦³¤@¨Ç¬O¥Î©T©wªº¥N½X.(°Ñ ·Óhttp://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/) Export of LyX table does not create proper "colspan" tags - tool for fixing: "sgmllyxtabletagfix.pl" (fixed since LyX 1.2.0) LyX sometimes uses special left/right entities for quotes instead the normal one, which will still exist in generated HTML. Some browsers don't parse this very well (known: Opera 6 TP 2 or Konqueror) - tool for fixing: "sgmllyxquotefix.pl" 1.18 2HTMLª©¦¡ªº¦b½u¥Ø¿ý(linking/anchors) ¥D¯Á¤Þ ¤@¯ë¨Ó»¡,¬O³Q±ÀÂ˪º 1.19 ±M¥Îªº¶± ¦]¬°HTMLª©¦¡¬O¥ÑSGML¥Í¦¨, HTMLªº¤å¥ó¦W¬OÀH¾÷ªº, ¤@¨Ç¦WºÙ³Q©w¦º.³o¬O¦³ ¥Îªº,¨Ã¦b¥H«á¤£·|§ïÅÜ. ¦pªG±z»{¬°§Úº|¤Ftag, ½ÐÅý§Úª¾¹D,§Ú·|¥[¶i¥hªº. 1.20 ¦³¦h¤ÖÓÃö©ó Linux©MIPv6 HOWTOªºÅܰʪ©¥»? ¥[¤W³oÓ, ¦³¤TÓ©O. ©êºp,¬O¦³ÂI¤Ó¦h. 1.21 Linux IPv6 FAQ/HOWTO (¹L®Éªº) ²Ä¤@ Eric Osborne ©Ò¼g. ¥s°µ Linux IPv6 FAQ/HOWTO(http://www.linuxhq.com/IPv6/). ¦³½Öª¾¹D¥¦ªºªì©l¤é´Á,½Ð ¨Óe-mail§i¶D§Ú, ¥Î¨Ó¼g¾ú¥vªº. 1.22 IPv6 & Linux - HowTo (¥¿¦bºûÅ@·í¤¤) ¨º¸Ì¦³¤@Ó§Ú(Peter Bieringer)¼gªº²Ä¤Gª©, ¥s°µ IPv6 & Linux - HowTo(http://www.bieringer.de/linux/IPv6/), ®æ¦¡¬O¯ÂHTML, 1997¦~4¤ë¶} ©l, ¨Ã¦b¦P¦~7¤ëµo¦æ¤F²Ä¤@Ó^¤åª©, §Ú·|Ä~ÄòºûÅ@¥¦. ¦ý¥¦·|³QºCºC¦a®e¦X ¶i²{¦b±zŪªº³o¥÷HOWTO·í¤¤. 1.23 Linux IPv6 HOWTO (²{¦b³o¥÷HOWTO) ¥Ñ©óIPv6 & Linux - HowTo(http://www.bieringer.de/linux/IPv6/) ¬O¥Î ¯ÂHTML¼gªº, »P Linux ¤åÀÉp¹º(www.linuxdoc.org)¤£Ý®e. §Ú(Peter Bieringer)±µ¨ì¤F¤@Ó±N IPv6 & Linux - HowTo ¼g¦¨SGML®æ¦¡ªº½Ð¨D. ¦]¬°±N n°±¤î¼gHOWTO(±N¨ÓªºIPv6 & Linux - HowTo), ¨ÃÀHµÛIPv6¶V¨Ó¶V¼Ð·Ç¤Æ, §Ú ¨M©w¼g¤@Ó·sªº¦b¥¼¨Ó´X¦~¥e¥Dn¦a¦ìªº¤ñ¸û§ó«ù¤[ªºª©¥», ¥]¬A¤F°ò¥»ªº©M°ª ¯Åªºª©¥». °ÊºAªº¸ê°T¨ÌµM·|¦b±N¨Óªº¤é¤l¸Ì²K¥[¨ì²Ä¤GÓHOWTO¸Ì¥h(IPv6 & Linux - HowTo).http://www.bieringer.de/linux/IPv6/ 1.24 Long code line wrapping signal char "?"³oÓ¯S®íªº¦r²Å¬OÅý½s½X¦bPDF ©M PS ¤å¥ó¤¤Åã±o§ó¦n¬Ý. 1.25 Placeholders (¦û¦ì²Å) ±z¥i¥H±`±`¦b¨Ò¤l¤¤¬Ý¨ì¦p¤Uªº¤º®e: < myipaddress > ¦b±zªº¨t²Î©R¥O¦æ©Îscripts¸Ì·|³Q¬ÛÀ³ªº¤º®e©Ò¨ú¥N(·íµM¬O±N "< >" ¥h±¼ °Õ), µ²ªGÅܦ¨³o¼Ë: 1.2.3.4 1.26 Commands in the shell(shell ¸Ìªº©R¥O) ¥i°õ¦æªº©R¥O(«Droot¥Î¤á),¥Ñ "$" ¶}ÀY, ¦p: $ whoami ¥i°õ¦æªº©R¥O(root¥Î¤á),¥Ñ "#" ¶}ÀY, ¦p: # whoami 1.27 ¨Ï¥Î³oÓHOWTOªº¥²»Ý±ø¥ó Ó¤H©Òn¥²³Æªº±ø¥ó. ±z¥²»Ý¼ô±x¥DnªºUNIX¤u¨ã,¦pgrep, awk, find, ... , ©M¥¦Ìªº¤@¯ë¥Îªk. ª¾¹D¤@¨Çºô¸ô²z½× ±znª¾¹Dlayers, protocls, addresses , cables ,plugs, µ¥. ¦pªG±zè¶i¤J ³oÓ»â°ì, ³oÓ³sµ²¦³§U©ó±z: [2] http://www.linuxports.com/howto/intro_to_networking/ ³]©wIPv4ªº¸gÅç ±z¥²»Ý¦³©ú½TªºIPv4ªº³]©w¸gÅç.¤£µM,±z±N¤£ª¾¹D¦p¦ó¶i¦æ¤U¥h. Domain Name System (DNS °ÊºA¦WºÙ¨ÍªA¨t²Î)ªº¸gÅç ±z³Ì¤Önª¾¹D¦p¦ó¨Ï¥Îtcpdump, ¥¦§i¶D±zªº¬O¤°»ò. ¤£µM,¹ï±z¨Ó»¡µM«×¬Û·í ¤j. Linux §@·~¨t²ÎªºÝ®eµwÅé ±z¥²»Ý¦³¹ê»Úªº¾Þ§@¸gÅç, ¨Ã¥B¤£n¦b¬ÝHOWTOªº®ÉÔ¨ì³B¥´½WºÎ. :) 2. ¤°»ò¬OIPv6? IPv6¬O·sªº²Ä¤T¼h¶Ç¿é¨óij(°Ñ ¦Òhttp://www.linuxports.com/howto/intro_to_networking/c4412.htm#PAGE10 3HTML),¥¦±N¥Î¨Ó¨ú¥NIPv4(¤]¥s°µIP). IPv4¬O«Ü¦¥H«e³]pªº,²{¦b¹ïIPv4´£¨Ñ§ó¦hªº¦a§}©M©Ê¯à¤è±¦³µÛ§ó°ªªºn¨D. ¦bIPv6¤¤¥DnªºÅܲ¬O«·s³]p¤F³øÀY. ¥]¬A±N¦a§}¦ìªº¤j¤p±q32 bits ¼W¥[¨ì 128 bits. ¦]¬°²Ä¤T¼h¶Ç¿é¥Dnt³dend-to-end(ºÝ¹ïºÝ)°ò©ó¦a§}ªº¼Æ¾Ú¥]¸ô ¥Ñ. ¥¦¥²»Ý¥]§t·sªºIPv6¦a§}(¨Ó·½©M¥Ø¼Ð),³oÂI´N¹³IPv4¤@¼Ë. ¤U±³oÓ³sµ²´£¨Ñ¤F§ó¦h¦³ÃöIPv6ªº¸ê°T, ©MRFC ªº¨Òªíµ¥µ¥: http://www.switch.ch/lan/ipv6/references.html 2.1 IPv6¦bLinux§@·~¨t²Î¤Wªº¾ú¥v ±Nn°µªº: §ó¦nªº®É¶¡±Æ¦C, §ó¦hªº¤º®e... 2.2 ¶}©l ²Ä¤@¦¸±N»PIPv6¦³Ãöªº¥N½X¥[¤J Linux kernel 2.1.8 ªº¤u§@¬O¥ÑPedro Roque ¦b1996¦~11¤ë§¹¦¨ªº. ¥¦°ò©óBSD API: ______________________________________________________________ diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h linux/include/linux/in6.h --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 @@ -0,0 +1,99 @@ +/* + * Types and definitions for AF_INET6 + * Linux INET6 implementation + * + * Authors: + * Pedro Roque <******> + * + * Source: + * IPv6 Program Interfaces for BSD Systems + * <draft-ietf-ipngwg-bsd-api-05.txt> ______________________________________________________________ ¥H¤Wªº¥N½X¨Ó¦Ûpatch-2.1.8 (e-mail ¦a§}¦b½Æ»s&¶K¤W®Éº|±¼¤F) 2.3 ¨ä¶¡ ¦]¬°¯Ê¤Ö¤H¤â, ¦b®Ö¤ß¥[¤JIPv6ªºp¹º¤£¯à«ö·Ó°Q½×ªº©Î·sªºRFCs°õ¦æ. ¦b2000¦~ªº10¤ë, ¤@Ó¥s°µUSAGI(http://www.linux-ipv6.org/)ªºp¹º¦b¤é¥» ¥¿¦¡±Ò°Ê. ¥Ø¼Ð¬O°õ¦æ©Ò¦³¤£¨£¤Fªº, ÀÁ²Lªº(IPv6 support in Linux)p¹º. p¹ººòÀH KAME project (http://www.kame.net/) ªº¸}¨B. ¨Ì¾Ú vanilla Linux ®Ö¤ß·½¥N½X¶i¦æ¹E¨Bªº§ï°Ê. 2.4 ²{¦b ¤£©¯ªº¬O USAGI ªº patch(¸É¤B)«Ü¤j, Linux networking ºûÅ@¤HûµLªk±N¥¦¥] §t¶i²{¦bLinux 2.4.x ¨t¦Cªº·½¥N½X·í¤¤¥h. ¦]¦¹2.4.x ¥¢¥h¤F¤@¨Ç(¦h¼Æ)¬A®i ©Ê, ¨Ã¥B¤£¤ä«ù©Ò¦³·í«eªº³]p©MRFCs. ³o¾ÉP¤F¥¦©M¨ä¥¦§@·~¨t²Î·|²£¥Í¤@¨Ç ¨ó¦P°ÝÃD. 2.5 ±N¨Ó USAGI ²{¦b¥¿¦b±N·í«eªº¬A®i¥[¤J¨ì Linux 2.5.x ®Ö¤ß·í¤¤. §Æ±æ2.6.x ¨t¦C®Ö¤ß¯à¦³¤@Ó¯u¥¿©M³Ì·sªºIPv6¥\¯à. 2.6 IPv6 ªº¦a§}·|¬O¤°»ò¼Ë ? è¤~´£¹L, IPv6 ªº¦a§}¦³128 bits ªø. ³o¼Ëªº bits ¥i¥H²£¥Í39Ó¤Q¶i¦r¼Æ ¦r: ______________________________________________________________ 2^128-1: 340282366920938463463374607431768211455 ______________________________________________________________ ³o¼Ëªº¦a§}«ÜÃø°O±o¦í. IPv6ªº¦a§}¬O³v¦ì©w¦ìªº(´N¹³IPv4, ¦ý³oÓÆ[ÂI¤£¬O ¤½»{ªº). ©Ò¥H¤Q¤»¶i¨î¯à§ó¦n¦a¥Nªí³o¨Ç¼Æ¦r, 4 bits(¤]¥s°µ"nibble")ªí²{ ¬°¼Æ¦r(0-9)©Î¦r²Å a-f(10-15). ³oºØ®æ¦¡±NIPv6ªº¦a§}ªø«×ÁY´î¨ìÓ32¦r²Å. ______________________________________________________________ 2^128-1: 0xffffffffffffffffffffffffffffffff ______________________________________________________________ ³oºØªí²{§Î¦¡¤´µM«Ü¤£¤è«K. (¥i¯à²V²c©Î¿òº|³æÓ¤Q¤»¶i¨î¼Æ¦r), ©Ò¥HIPv6ªº ³]pªÌ±N¦a§}§Î¦¡©w¬°¨C16bit´N¥Î":"°Ï¤À¶}¨Ó. ¶}ÀYªº"0x"(¦bµ{¦¡³]p·í¤¤ ¥Î¨Óªí¥Ü¤Q¤»¶i¨î¼ÆÈ)³Q²¾°£¤F: ______________________________________________________________ 2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ______________________________________________________________ ¤@Ó¦³®Äªº¦a§}(µy«á½Ð¬Ý¦a§}Ãþ«¬)¦p¤U: ______________________________________________________________ 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 ______________________________________________________________ ¬°¤F²¤Æ, ¨CÓ16bit¶}ÀYªº0¥i¥H³Q¬Ù²¤: ______________________________________________________________ 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 -> 3ffe:ffff:100:f101:210:a4ff:fee3:9566 ______________________________________________________________ ³sÄòªº¨Ã¥B¼ÆȬ°0ªº16bit¦a§}¬q¥i¥H¥Î"::"ªí¥Ü. ¦ý¬O¤@ÓIPv6¦a§}·í¤¤¥u¯à ¥X²{¤@¦¸, ¤£µM³oºØ¤èªk«O«ù¤£¤F¦h¤[. ______________________________________________________________ 3ffe:ffff:100:f101:0:0:0:1 -> 3ffe:ffff:100:f101::1 ______________________________________________________________ ²¤Æ±o³ÌµuªºIPv6 localhost¦a§}: ______________________________________________________________ 0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 ______________________________________________________________ ³oºØ¤èªk¤]¥s°µ compact (base85 coded) representation defined RFC 1924 / A IPv6ºò´ê¦a§}ªí¥Üªk(©w©ó1996), ¦ý¨S¦³´£°_¹L, ¨Ò¦p: ______________________________________________________________ # ipv6calc --addr_to_base85 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 Itu&-ZQ82s>J%s99FJXT ______________________________________________________________ ¸ê°T: ipv6calc ¬O¤@ÓIPv6¦a§}®æ¦¡ªºpºâ©MÂà´«ªºp¹º, ±z¥i¥H¦b³o¸Ì§ä¨ì: http://www.bieringer.de/linux/IPv6/ipv6calc/ 2.7 FAQ(°ò¦) ¬°¤°»ò¥sIPv6,¦Ó¤£¯à¦¨¬°IPv4¤§«áªºIPv5 ? ¦b¥ô¦óIPÀY, «e4bits ¬O¬°¨óijª©¥»¸¹©Ò«O¯dªº. ©Ò¥H²z½×¤W¤@Ó¨óijªºª©¥»¸¹ ¦b0©M15¤§¶¡¬O¦³®Äªº: * 4 ¤v¸g¬°IPv4©Ò¨Ï¥Î. * 5 ¬° Stream ¨óij©Ò«O¯d(STP, RFC 1819 http://rfc.net/rfc1819.html ¨S¦³¤½¶}¹L) IPv4¤§«á¥i¥Îªºª©¥»¸¹¬O6, ¦]¦¹ IPv6 ´N³o¼Ë¥¹¥Í¤F! IPv6 ¦a§}: ¬°¤°»ò·|¦³³o»òªøªºbits ¦b³]pIPv4ªº®ÉÔ,¤HÌ»{¬°32bitªºªø«×¨¬°÷¥þ¥@¬É¨Ï¥Î. ¬Ý¤@¬Ý³o¨Ç¦~, 32bit ´N²{¦b©M¥¼¨Ó´X¦~¨Ó»¡¬O¨¬°÷ªº. µM¦Ó, 32bits ¤£¯à¦b±N¨Óº¡¨¬¥þ²y¦U ºØºô¸ô³]³Æ¹ïIP¦a§}ªº»Ý¨D. ·Q¤@·Q±N¨Ón³sµ²ºô¸ôªº²¾°Ê¹q¸Ü, ¨T¨®(¥]¬A¹q ¤lÁ`±±¨t²Î), ¯NÄÑ¥]¾÷,¦B½c, ·Ó©ú¶}Ãö... ©Ò¥H³]pªÌ±Ä¥Î¤F128bits, ¬O¤µ¤ÑIPv4 ¤j¤p(2^96)»Pªø«×ªº4¿. ¹ê»Ú¨Ï¥Îªº¤j¤p¥i¯à¤ñ¥¦¬Ý°_¨ÓªºÁÙn¤p. ¦]¬°²{¦bªº©w¸q¦a§}³]p, 64bits ¥Î©óinterface identifiers(¬É±¼ÐÃÑ). ¥t¥~64bits¥Î©ó¸ô¥Ñ. ±H©ó²{¦bÄY®æ ªº¼h¼Æ¶°¦X(/48, /35, ...), IPv6 ©Ò¯à´£¨Ñªº¦a§}ªÅ¶¡ÁÙ¬O¥i¯à¤£°÷, §Æ±æ³o ºØ±¡ªp¤£n¦b©¹«áªº´X¦~¸Ìµo¥Í. IPv6 ¦a§}: ¬°¤°»ò¦b·sªº³]p¸Ìbits³o»ò¤p? ÁöµM, (¥i¯à)¦³¨Ç¤H(¦bInternet¸Ì)¦Ò¼{IPv8©MIPv6, ³]pµL½×±q±µ¨ü©M°õ¦æ³£ ¬O¨º»òªº»»»·. ¦b¦¹¨ä¶¡128bit¹ï©ó³øÀY©M¼Æ¾Ú¶Ç¿é¨Ó»¡¬O³Ì¨Îªº¿ï¾Ü. ¦Ò¼{¨ì¦bIPv4¨½©MIPv6¨½ªº³Ì¤j/³Ì¤p¶Ç¿é³æ¦ì(MTU,¥¦Ì¤À§O¬O576byte ©M 1280 byte), IPv4 ªº³øÀY¬O20 byte(³Ì¤pÈ,¥i¥H³q¹L½Õ¸`IPv4ªº¿ï¶µ¼W¤j ¨ì60byte), IPv6 ªº³øÀY¬O48 byte(©T©w¤£Åܪº), ³øÀY¤À§O¥e¥¦ÌMTUªº3.4% ©M3.8%, ³o·N¬NµÛ³øÀY¦û¤F«Ü¤j¤@³¡¤À¶}¾P. §ó¤jbitsªº¦a§}»Ýn§ó¤jªº³øÀY, ¦]¦Ó¦û¾Ú§ó¤jªº¶}¾P. ¦P¼Ë,ÅU¤Î¨ìMTU¥¿±`³sµ²ªº³Ì¤jÈ(¹³²{¦bªº¥H¤Óºô): 1500byte(°£¤F¯S§Oªº¦C ¤l:9k byte À³¥Î¦b Jumbo frames ·í¤¤). ³Ì²×,¦pªGn¶Ç¿é¦b²Ä¤T¼h¼Æ¾Ú¥]¤¤ ¥e10%©Î20%³øÀY, ³o¼ËªºIP¦a§}¦b³]p¤W¤]´N¨S¦³·N¸q¤F. 3. ¦a§}ªºÃþ«¬ 3.1 ¨S¦³«eºóªº¦a§} Localhost ¦a§} ³o¬O¤@Ó¯S§O¬°loopback interface(¦^°e¬É±©ÎÀô¶)©w¸qªº¦a§}, ´N¹³IPv4ªº "127.0.0.1" ¹ï©óIPv6 localhost address ¬O: ______________________________________________________________ 0000:0000:0000:0000:0000:0000:0000:0001 ______________________________________________________________ ©ÎÁY´î¦¨ ______________________________________________________________ ::1 ______________________________________________________________ ³oÓ¦a§}ªº¼Æ¾Ú¥]±N¥¦·í§@host(¥D¾÷)µo°eªº¨Ó·½©M¥Ø¼Ð. ¥¼«ü©úªº¦a§} ³o¬O¤@Ó¦bIPv4·í¤¤ªí¥Ü "©Ò¦³" ©Î"0.0.0.0". ¹ï©óIPv6¬°: ______________________________________________________________ 0000:0000:0000:0000:0000:0000:0000:0000 ______________________________________________________________ ©ÎªÌ¬O: ______________________________________________________________ :: ______________________________________________________________ ³o¨Ç¦a§}¤j¦h ¥Î¦b/Åã¥Ü socket ®¹¸j(¨ì©Ò¦³IPv6¦a§})©Î¸ô¥Ñªí·í¤¤. ª`·N:¥¼»¡©úªº¦a§}¤£¯à·í¦¨¥Ø¼Ð¦a§}¨Ó¨Ï¥Î. ´Ó¤J¤FIPv4¦a§}ªºIPv6¦a§} ¥¦¥]§t¤F¨âÓ¦a§}¨ä¤¤¤@Ó¬°IPv4¦a§}. IPv4¬M®gIPv6¦a§} IPv4-only IPv6-compatible ¬O¥ÑIPv6«á¥x²£¥Íªº¦³®É ¥Î©ó©ÎÅã¥Ü sockets . ¥¦¥u®¹¸jIPv4¦a§}. ³o¨Ç¦a§}³Q©w¸q¬°¾Ö¦³ªø«×¬°96ªº«eºó¯S®í¦a§}(a.b.c.d ¬OIPv4¦a§}): ______________________________________________________________ 0:0:0:0:0:ffff:a.b.c.d/96 ______________________________________________________________ ©ÎªÌ¨Ï¥ÎÁY¼g§Î¦¡ ______________________________________________________________ ::ffff:a.b.c.d/96 ______________________________________________________________ ³o¨Ç¦a§}¤]¥Î©ó¦Û°Ê¹E¹D, ¤w¸g³Q6to4tunneling¨ú¥N. 3.2 ºô¸ô³¡¤À,¤]¥s°µ«eºó ³]pªÌ©w¸q¨Ã¹w¯d¤F¤@³¡¥÷ªÅ¶¡¥H«K©ó±N¨Ó¹J¨ì¹³²{¦b³o¼Ëªº»Ý¨D. RFC 2373 [July 1998] / IP Version 6 Addressing Architecture (http://rfc.net/rfc2373.html) ©w¸q¤F²{¦bªº¦a§}³]p, ¦ý¤w¸g¦³¤F·sªº¯ó®× (ftp://ftp.ietf.org/internet-drafts/)draft-ietf-ipngwg-addr-arch-*.txt Åý§Ų́Ӭݤ@¤U¤£¦Pªº«eºó©w¸q(©M¦a§}Ãþ«¬): ³sµ²¥»¦a¦a§}ªºÃþ«¬ ³o¨Ç¦a§}¤£¹ï¥~¬É(Internet)³s±µ¦³®Ä. ¥H³o¨Ç¦a§}¬°¥Ø¼Ðªº¼Æ¾Ú¥]¤£·|³q¹L¸ô ¥Ñ¾¹. ³oºØ³sµ²¥Î©ó¥H¤U±¡§Î: * ¦P¨ä¥¦¥ô·N¤@Ó¤]¨Ï¥Î³oÓ³sµ²ªº¤H¶i¦æ³q°T. * ¦P¨ä¥¦¥ô·N¤@Ó¾Ö¦³¯S®í¦a§}ªº³sµ²¶i¦æ³q°T.(¨Ò¦p´M§ä¸ô¥Ñ) ¥¦Ìªº¦a§}¥Ñ¥H¤U³o¨Ç¶}ÀY("x"¬O¥ô·Nªº¤Q¤»¶i¨î¦r²Å,¤@¯ë¬O"0") ______________________________________________________________ fe8x: <- ¥Ø«e¥u¦³³oÓ¦b¥Î. fe9x: feax: febx: ______________________________________________________________ ¤@Ó¶}ÀY¬°¥H¤W³o¨Ç«eºóªº¦a§}, ¥ÑIPv6¨S¦³¦b¬É±«ü©wIP¦a§}ªº®ÉԳХß. ¥Ø«e¥u¦³fe80¦b¨Ï¥Î. ¥»¦a¯¸ÂIªº¦a§}©w¸q ³o¨Ç¦a§}©MIPv4¬Û¦ü(http://rfc.net/rfc1918.html RFC 1918 / Address Allocation for Private Internets) ¥¦ªºÀu¶Õ: ¥u¥Î16bits ´N¥i¥H©w¸q65536 Ó¤lºô.¦PIPv4ªº10.0.0.0/8¬Û¦ü. ¥t¤@ÓÀu¶Õ:¦bIPv6ªº¬É±¤W¥i¥H©w¸q¦hÓIP¦a§}, ¦b¤w¦³¥»¦a¯¸ÂI¦a§}ªº°ò¦ ¤WÁÙ¥i¥H¥[¤W¤@Óglobal(¥þ§½)¦a§}. ¥¦Ìªº¦a§}¥Ñ¥H¤U³o¨Ç¶}ÀY("x"¬O¥ô·Nªº¤Q¤»¶i¨î¦r²Å,¤@¯ë¬O"0") ______________________________________________________________ fecx: <- ¤j¦h¼Æ¨Ï¥Î³oÓ fedx: feex: fefx: ______________________________________________________________ Global(¥þ§½)¦a§}Ãþ«¬ "(Aggregatable) global unicast"¥i»E¦Xªº¥þ§½°ß¤@¦a§}. ¤µ¤Ñ,¥u¦³¤@Ó¥þ§½¦a§}Ãþ«¬ªº©w¸q(²Ä¤@Ó³]p,¤]¬O¦h¦~¥H¨Ó¤@ª½¨Ï¥Îªº¥s°µ "provider based," [3]RFC 1884 / IP Version 6 Addressing Architecture [obsolete]) ±z¯à¦b¦´Áªº®Ö¤ß·½¥N½X¤¤§ä¨ì¤@¨Ç. ¥¦Ìªº¦a§}¥Ñ¥H¤U³o¨Ç¶}ÀY("x"¬O¥ô·Nªº¤Q¤»¶i¨î¦r²Å,¤@¯ë¬O"0") ______________________________________________________________ 2xxx: 3xxx: ______________________________________________________________ ª`·N: «eºó"aggregatable" ³Q·í«eªº¯ó®×©ß±ó¤F. ¤U±¦³¤@¨Ç§ó¦³·N¸qªº¤lÃþ «¬©w¸q: 6bone test addresses ³o¨Ç¬O³Ìªì©w¸q©M¨Ï¥Îªº¥þ§½¦a§}. ¥¦Ìªº¶}ÀY¬O ______________________________________________________________ 3ffe: ______________________________________________________________ ¨Ò¤l ______________________________________________________________ 3ffe:ffff:100:f102::1 ______________________________________________________________ ¤@ÓµL°ß¤@¥þ§½¤Æªº¯S§O6bone¨Ò¤l ______________________________________________________________ 3ffe:ffff:100:f102::1 ______________________________________________________________ ³o¨Ç¥Dn³£¬O¨Ò¤l, ¦]¬°¦pªG¨Ï¥Î¯u¹êªº¦a§},¥i¯à·|¦³¨Ç¤H±N¥¦«þ¨©&¶K¤W ¨ì ¥L̦ۤvªº°t¸m¤¤¥h. ±q¦Ó¤£ª`·N¦a½Æ»s¤F¥þ§½°ß¤@¦a§}, ³o¼Ë·|¾ÉPì¨Ó¾Ö¦³ ³oÓ¦a§}ªº¥D¾÷²£¥Í¤@¨Ç°ÝÃD(¤ñ¦p,½Ð¨Dªº¦^À³¥]¤£·|³Qµo°e.) ±z¥i¥H±q³o¨Ç «eºó·í¤¤¥Ó½Ð¤@Ó, ¬Ý³o¸Ì: "¦p¦ó¥[¤J6bone" ¤]¦³¤@¨Ç¦b tunnel brokers ¥L ̵o§G¥Î©ó´ú¸Õ6bone ªº¦a§}«eºó. 6to4 ¦a§} ³o¨Ç¦a§}¬O¬°¯S§Otunneling¾÷¨î³]pªº. [4][RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds ©M [5]RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers], µ¹IPv4¦a§}©M¥i¯àªº¤lºô½s½X¨Ã¥HÃþ¦ü¤U±ªº§Î¦¡ ¶}ÀY: ______________________________________________________________ 2002: ______________________________________________________________ ¨Ò¤l,«·s¹ï192.168.1.1/5½s½X: ______________________________________________________________ 2002:c0a8:0101:5::1 ______________________________________________________________ ³oÓshell©R¥O±NÀ°§U±z¥Î¤@ÓIPv4¦a§}²£¥Í³o¼Ëªº¦a§}: ______________________________________________________________ ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 | tr "." " "` $sla ______________________________________________________________ °Ñ·Ótunneling using 6to4 and information about 6to4 relay routers. ±q¤À¯Å¸ô¥Ñ¤À°t¨ìªº¦a§} ³o¨Ç¦a§}¤À°tµ¹InternetªA°È¨Ñ°Ó(ISP)¨Ã¥B¦³Ãþ¦ü¦p¤Uªº¶}ÀY: ______________________________________________________________ 2001: ______________________________________________________________ ¥DISP(¾Ö¦³°©·Fºô¸ô)ªº«eºó¬O¥Ñlocal registries¤À°tªº, ¨Ã¥B²{¦b¥L̤À°t ªº«eºóªø«×¬°35. ¥DISPs³q±`¤À°tµ¹¤U¯ÅISPsªº«eºóªø«×¬°48. Multicast addresses(¦hÂI¶Ç°eªº¦a§}) Multicast addresses À³¥Î©óªA°È·í¤¤. ¥¦ÌÁ`¬O¦³¦P¤U±¬ÛÃþ¦üªº¶}ÀY(xx¬O½d³òÈ) ______________________________________________________________ ffxy: ______________________________________________________________ ¥¦Ì¦³µÛ¤£¦Pªº½d³ò©MÃþ«¬: Multicast scopes(¦hÂI¶Ç¹F°e½d³ò) Multicast scope ¬O¥Î¨Ó©w¸qµo°e¹êÅ骺multicast ¼Æ¾Ú¥]¦³®Ä³Ì»·¶Ç¿éȪº°Ñ ¼Æ. ³q±`,¤U±ªº½d³ò¤w¸g³Q©w¸q: * ffx1: ¥»¦a¸`ÂI, ¼Æ¾Ú¥]¤£·|Â÷¶}¸`ÂI. * ffx2: ¥»¦a³sµ², ¼Æ¾Ú¥]¤£·|³Q¸ô¥Ñ,©Ò¥H¥¦Ì¤£·|Â÷¶}³oÓ¯S§Oªº³sµ². * ffx5: ¥»¦a¯¸ÂI, ¼Æ¾Ú¥]¤£·|Â÷¶}¯¸ÂI. * ffx8: ¥»¦a²Õ´, ¼Æ¾Ú¥]¤£·|Â÷¶}²Õ´(°õ¦æ°_¨Ó¤£¨º»ò®e©ö,¥²¶·¨Ì¾a¸ô¥Ñ ¨óij) * ffxe: ¥þ§½½d³ò. * ¨ä¥¦ªº³£³Q«O¯d Multicast(¦hÂI¶Ç°e)Ãþ«¬ ³\¦hÃþ«¬³£¤w¸g©w¸q/«O¯d(²Ó¸`½Ð°Ñ·Ó [6]RFC 2373 / IP Version 6 Addressing Architecture). ³o¸Ì¦³¤@¨Ç¨Ò¤l: * ©Ò¦³¸`ÂI¦a§}: ID=1h, ©Ò¦³¥»¦a¸`ÂI¥D¾÷ªº¦a§}(ff01:0:0:0:0:0:0:1) ©Î ¤w³s±µ¦nªº¦a§}(ff02:0:0:0:0:0:0:1). * ©Ò¦³¸ô¥Ñ¦a§}:ID=2h,©Ò¦³¥»¦a¸`ÂIªº¸ô¥Ñ¦a§}(ff01:0:0:0:0:0:0:2), ¤w ³s±µªº(ff02:0:0:0:0:0:0:2), ©Î¥»¦a¯¸ÂI(ff05:0:0:0:0:0:0:2). Solicited node link-local multicast address(¥»¦a¦h¼½½Ð¨Dªº¸`ÂI¦a§}) ¦bneighborhood discovery(¦h¼½µo²{)¤¤·í¦¨¥Ø¼Ð¦a§}¨Ï¥Îªº¯S§O¦h¼½¦a§}. »PIPv4¤£¦P,ARP(¦a§}¸ÑªR¨óij)±N¤£¦bIPv6¤¤¨Ï¥Î. ¨Ò¤l: ______________________________________________________________ ff02::1:ff00:1234 ______________________________________________________________ ¨Ï¥Î«eºóªí¥Ü¥¦¬O¤@Ó¥»¦a¦h¼½¦a§}, «áºó¥Ñ¥Ø¼Ð¦a§}²£¥Í. ³oÓ¨Ò¤l·í¤¤±N¦³ ¤@Ӽƾڥ]µo©¹"fe80::1234", ¦ý¬Oºô¸ô°ï´Ì¨Ã¤£ª¾¹D²Ä¤G¼hªºMAC(¦h´CÅé³q ¸ô). ¥¦±N¤W³¡¥÷ªº104 bits §ó§ï¬° "ff02:0:0:0:0:1:ff00::/104" ¤U³¡¤À24 bits ¤£ÅÜ. ²{¦b³oÓ¦a§}¥Hon-link(¦b½u)ªº§Î¦¡´M§ä¬ÛÀ³ªº¸`ÂI(³oÓ¸`ÂIÀ³ ·íµo°e¤F¥]§t¦³²Ä¤G¼h MAC ¦a§}ªº¦^À³¥]) Anycast addresses(ÀH¼½¦a§}) Anycast addresses¬O¤@Ó¯S§Oªº¦a§}, ¥¦¥Î©ó¾FªñªºDNS©ÎDHCPªA°È, ©Î¥Î©ó¬Û ¦üªºdynamic groups(°ÊºA²Õ¸s). ¦a§}±q unicast address (³æ¼½¦a §}aggregatable global or site-local at the moment)ªÅ¶¡¤¤¨ú±o. ÀH¼½¦a§} ªº¾÷¨î(±q«È¤áºÝªºÆ[ÂI¨Ó¬Ý)¥Ñ°ÊºA¸ô¥Ñ¨óij±±¨î. ª`·N:ÀH¼½¦a§}¤£¯à¦¨¬°§@¬°¨Ó·½¦a§}, ¥¦¥²»Ý¥H¥Ø¼Ð¦a§}ªº¨¥÷¥X²{. Subnet-router Anycast addresses(¤lºô¸ôÀH¼½¸ô¥Ñ¾¹) ¤@ÓSubnet-router Anycast addressesªº¨Ò¤l. °²³]¤@Ó¤À°t¤F¦p¤UIPv6¦a§} ªº¸`ÂI: ______________________________________________________________ 3ffe:ffff:100:f101:210:a4ff:fee3:9566/64 <- ¸`ÂIªº¦a§} ______________________________________________________________ Subnet-router±N¨Ï¥Î¨S¦³«áºóªº¦a§} (least significant 64 bits): ______________________________________________________________ 3ffe:ffff:100:f101::/64 <- subnet-router anycast address ______________________________________________________________ 3.3 ¦a§}Ãþ«¬(¥D¾÷) ¦]¬°¦Û°Êªº°t»s/ÀH¾÷¤À°t,¦b·í«eªº¦a§}Ãþ«¬¤¤¥D¾÷¨Ï¥Î§ó§Cªº 64 bits¦a§}. ¦]¦¹¨CÓsubnet(¤lºô)¥i¥H¾Ö¦³¤j¶qªº¦a§}. ¥D¾÷ªº¦a§}¤À°t¥i¥H¦³¦p¤U´XºØ§Î¦¡: ¦Û°Ê¤À°t(also known as stateless) ¦b¦Û°Ê¤À°t·í¤¤,¥D¾÷ªº¦a§}¥Ñ¬É±ªºMAC¦a§}¨M©w. ¨Ï¥ÎEUI-64¤èªk,«ü©w¤@ ÓIPv6 ¦a§}. ¦pªG¨S¦³¥i¥ÎªºMAC(¦p:µêÀÀ³]³Æ), ´N¥Î¨ä¥¦ªº¥N´À(¦pIPv4¦a§} ©Îª«²z¬É±ªºMAC¦a§}) ¦A¬Ý¤@¤U«e±ªº¨Ò¤l: ______________________________________________________________ 3ffe:ffff:100:f101:210:a4ff:fee3:9566 ______________________________________________________________ ³o¸Ì: ______________________________________________________________ 210:a4ff:fee3:9566 ______________________________________________________________ ¥D¾÷¦a§}¥ÑNICªºMAC¦a§}¨M©w: ______________________________________________________________ 00:10:A4:E3:95:66 ______________________________________________________________ ¥Î [7]IEEE-Tutorial EUI-64 §@¬°EUI-48 ªº¼ÐÃѲÅ. ¦Û°Ê¤À°t±a¨ÓªºÁô¨p°ÝÃD ¦]¬°¦Û°Ê¤À°tªº¬O°ß¤@¦a§},«È¤áºÝ¦b¤£³q¹L¥ô¦ó¥N²zªº±¡ªp¤U®e©ö³Q¸òÂÜ. ³o ¬OÓ¤½»{ªº°ÝÃD,¥¦ªº¸Ñ¨M¤èªk¬O:privacy extension,©w¸q©ó [8]RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6 ³o ¸Ì¤]¦³¤@Ó¯ó®×: [9]draft-ietf-ipngwg-temp-addresses-*.txt ¨Ï¥Î¤£¦PªºÀR ºA¼ÆÈ, ¨C¦¸²£¥Í¤@Ó·sªº«áºó. ª`·N: ¥u¹ïclient ªº³s±µ¦³®Ä, ¹ï©óservers ¨S¦³¤°»ò¥Î³B. ¤â°Ê³]©w ¹ï©óservers¨Ó»¡, ¤j·§«Ü®e©ö°O°_²³æªº¦a§}. ¦P®É¤]¥i¥H¦V¥¦ªº¬É±²K¥[¤@ ÓIPv6¦a§}: ______________________________________________________________ 3ffe:ffff:100:f101::1 ______________________________________________________________ ¤â°Ê³]©wªº«áºó¬°"::1",¨Ò¤l·í¤¤³Ì«nªº²Ä6 bits³]©w¬°"0", ¥¦¬°anycast addresses(¥ô·N¶Ç°e¦a§})«O¯d (the universal/local bit of the automatically generated identifier). 3.4 ¸ô¥Ñªº«eºóªø«× ¦b¦´Á³]p¶¥¯Å,¨Ï¥Î§¹¥þ¤ÀÂ÷ªº¸ô¥Ñ¤À¯Å¨Ó³Ì¤j¼h«×¦aÁY¤p¸ô¥Ñªí. ½×ÃÒªº¤è ªk¬O¨Ï¥Î·í«eIPv4ªº®Ö¤ß¸ô¥Ñ¼Æ¥Ø(> 104 thousand in May 2001) ´î¤ÖµwÅé°O ¾ÐÅ骺»Ý¨D¨Ó±±¨î¸ô¥Ñªí©M³t«×(¸û¤ÖªºÓ¼Æ¨Ï¬d§ä³t«×¥[§Ö). «eºóªø«×(¤]¥s°µ¤lºô¸ô¾B¸n) ¦PIPv4¬Û¦ü, ºô¸ô²£¥Í¥i¸ô¥Ñªº¸ô®|. ¦]¬°128 bits¼Ð·Çªºnetmasks ¬Ý°_¨Ó¤£ «ç»ò¼Ë. ³]pªÌÉų¤FIPv4ªº·®æ: Classless Inter Domain Routing (CIDR [10]RFC 1519 / Classless Inter-Domain Routing) ¥¦Ì¬O¥Î©óIP¦a§}¸ô¥Ñ ªºbits¸¹½X. ¤]¥s°µ"/" ¨Ò¤l: ______________________________________________________________ 3ffe:ffff:100:1:2:3:4:5/48 ______________________________________________________________ ¥¦Ì¥i¥H³QÂX®i¦¨: ______________________________________________________________ ºô¸ô: 3ffe:ffff:0100:0000:0000:0000:0000:0000 ______________________________________________________________ ______________________________________________________________ ¤lºô¸ô¾B¸n: ffff:ffff:ffff:0000:0000:0000:0000:0000 ______________________________________________________________ Matching a route(¸ô¥Ñ¤Ç°t) ¦b¤@¯ë±¡ªp¤U(no QoS), ¦b¸ô¥Ñªí¸Ì¬d§ä¤@Ó«nªº¦a§}¼ÆÈ·N¨ýµÛ¸ô¥Ñ«eºóªº ªø«×¥²»Ý¥ý¤Ç°t. ¨Ò¤l, ¦pªG¸ô¥Ñªí¹³¤U±¨º¼Ë(²M³æ¥¼§¹¥þ¨Ò¥X): ______________________________________________________________ 3ffe:ffff:100::/48 :: U 1 0 0 sit1 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 ______________________________________________________________ IPv6ªº¥Ø¼Ð¦a§}±N³Q¤U±ªº³]³Æ¸ô¥Ñ: ______________________________________________________________ 3ffe:ffff:100:1:2:3:4:5/48 -> routed through device sit1 3ffe:ffff:200:1:2:3:4:5/48 -> routed through device tun6to4 ______________________________________________________________ 4. ·Ç³ÆIPv6ªº¹B¦æ¨t²Î 4.1 IPv6-ready kernel ²{¦bªºLinuxµo¦æª©ªº®Ö¤ß³£¨ã³Æ¤F¹B¦æIPv6ªº±ø¥ó. IPv6¥\¯à³Q½sĶ¦¨¤@Ó¥i ¸ü¤J¼Ò²Õ. ¦b¤@¯ë±¡ªp¤U¼Ò²Õ¤£·|¦b¶}¾÷ªº®ÉԦ۰ʸü¤J. °Ñ·Ó§ó·sªº¸ê°T: [11]IPv6+Linux-Status-Distribution À˹î²{¦bªº¨t²Î¬O§_¤ä«ùIPv6 ª`·N±zªº/proc-file-system.¥²»Ý¦³¦p¤Uªºµ²ºc: ______________________________________________________________ /proc/net/if_inet6 ______________________________________________________________ ¤@Ó²³æªº´ú¸Õ: ______________________________________________________________ # test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" ______________________________________________________________ ¦pªG¥¢±Ñ, ªí©ú¼Ò²Õ¨S¦³¸ü¤J. ¸ÕµÛ¸ü¤J¼Ò²Õ °õ¦æ¸ü¤J¼Ò²Õªº©R¥O: ______________________________________________________________ # modprobe ipv6 ______________________________________________________________ ¦pªG¦¨¥\, ¼Ò²Õ·|¦b¦Cªí¤¤Åã¥Ü,°õ¦æ¦p¤U©R¥O: ______________________________________________________________ # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" ______________________________________________________________ Åý¼Ò²Õ¦Û°Ê¸ü¤J ¼Ò²Õ¬O¥i¥H¦Û°Ê¸ü¤Jªº,¥un¦b®Ö¤ß¼Ò²Õ³]©w¤å¥ó( /etc/modules.conf ©Î /etc/conf.modules)¤¤¥[¤J: ______________________________________________________________ alias net-pf-10 ipv6 # automatically load IPv6 module on demand ______________________________________________________________ ¤]¥i¥HÃö±¼IPv6¼Ò²Õªº¦Û°Ê¸ü¤J: ______________________________________________________________ alias net-pf-10 off # disable automatically load of IPv6 module on demand ______________________________________________________________ ½sĶ¦³ IPv6 ¥\¯àªº®Ö¤ß ¦pªG¥H¤W¨âÓµ²ªG³£ÃÒ¹ê¤F®Ö¤ß¤£¨ã¦³IPv6¥\¯à, ±z¥i¥H¦³¦p¤U¿ï¾Ü: * ¤É¯Å¦¨¥~¥]¸Ë¦³IPv6¤ä«ù»¡©úªºLinuxµo¦æª©(±ÀÂË·s¤â¨Ï¥Î)¦A¬Ý¤@¤U³o¸Ì: [12]IPv6+Linux-Status-Distribution * ½sĶ¤@Ó·sªºvanilla®Ö¤ß(¦pªG±zª¾¹D¸Ó«ç»ò¿ï¾Ü,·|¤ñ¸û²³æ). * «·s½sĶ±z²{¦b¾Ö¦³ªºµo¦æª©®Ö¤ß(¤£¤Ó®e©ö). * ±N®Ö¤ß¦P USAGI ªºÂX®i¤@°_½sĶ. ¦pªG±z¨M©w½sĶ¤@Ó®Ö¤ß,±z¥²»ÝŪ¹L [13]Linux Kernel HOWTO. ¥H¤Î³o¤è±ªº ¸gÅç. ª`·N:±z¥²»Ý¨Ï¥Î®Ö¤ß2.4.x¨t¦C©Î§ó°ª. ¦]¬°IPv6¹ï2.2.x¨t¦C¯Ê¤Ö¬ÛÀ³ªº¤ä«ù. ¨Ã¥B»ÝnICMPv6 ©M 6to4 ¤ä«ùªº¸É¤B.(¸É¤B¥i¥H¦b [14]kernel series 2.2.x IPv6 patches§ä¨ì). ±N®Ö¤ß¦P USAGI ªºÂX®i¤@°_½sĶ. ¥u±ÀÂ˼ô±x®Ö¤ß½sĶ©MIPv6ªº¥Î¤á¨Ï¥Î. °Ñ·Ó: [15]USAGI project / FAQ. IPv6-ready network devices ¤£¬O©Ò¦³ªº³]³Æ³£¦³¯à¤O¶Ç¿éIPv6¼Æ¾Ú¥], ³o¸Ì¦³¤@Ó²{ª¬ªí: [16] IPv6+Linux-status-kernel.html#transport. ²{¶¥¬q¤£·|¤ä«ùIPv6ªº³sµ² * Serial Line IP (SLIP, [17]RFC 1055), should be better called now to SLIPv4, device named: slX * Parallel Line IP (PLIP), same like SLIP, device names: plipX * ISDN with encapsulation rawip, device names: isdnX ¦b±N¨Ó³£¤£·|¤ä«ùIPv6ªº³]³Æ * ISDN with encapsulation syncppp, device names: ipppX (design issue of the ipppd, will be merged into more general PPP layer in kernel series 2.5.x) 4.2 IPv6-ready ºô¸ô³]©w¤u¨ã §O§è¤Ó»·¤F, ¦pªG±z¦³¤@Ó¥¿¦b¹B¦æIPv6ªº®Ö¤ß,«ç»ò·|¨S¦³³]©wªº¤u¨ã©O? ¦w ¸Ë¥]¸Ì¦´N¦³´XÓ³o¼Ëªº¤u¨ã¤F. net-tools package net-tools package ¥]§t¤@¨Ç¤u¨ã¦p: ifconfig ,route. ³o¨Ç¥i¥H¥O±z¦b¬É± ¤W³]©wIPv6. ¦b©R¥O¦æ(shell) ¥Îifocnig -? ©Î route -? ¬d¬Ý½Ñ¦pIPv6 ©Î inet6.¦pªG¦³,«h»¡©ú¨ã³ÆIPv6³]©w¯à¤O. ¿é¤J¥H¤U©R¥O¶i¦æÀˬd: ______________________________________________________________ # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is ?IPv6-ready" ______________________________________________________________ ¤]¥i¥H¨Ï¥Îroute: ______________________________________________________________ # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" ______________________________________________________________ iproute package Alexey N. Kuznetsov (Linux ºô¸ô¥N½X²{¶¥¬qªººûÅ@ªÌ) ¼g¤F¤@Ótool-set¥i ¥H³q¹Lnetlink ³]³Æ¨Ó³]©wºô¸ô.¥¦¥i¥H¤ñnet-tool´£¨Ñ§ó¦hªº¥\¯à, ¦ý¨S¦³¦h ¤Ö¤åÀɨåB¥¦¤£¬O¬°Áx¤pªº¤H³]pªº. ______________________________________________________________ # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" ______________________________________________________________ ¦pªG¨S¦³§ä¨ì /sbin/ip ¨º»ò§Ú·¥¤O±ÀÂ˱z¦w¸Ëiproute package. * ¥i¥H¦b±zªºµo¦æª©¤¤§ä¨ì(¦pªG¦³ªº¸Ü) * ¦b [18]Original FTP source¤U¸ü¨Ã½sĶ¥¦. * ª½±µ¥i¥H¦w¸ËªºRPM¥]: [19]RPMfind/iproute (±ÀÂ˽sĶ SRPMS ) 4.3 IPv6-ready ´ú¸Õ/½Õ¦¡ µ{¦¡ ¦b¬°IPv6·Ç³Æ¦n¤F¨t²Î«á,±z¥i¥H¥ÎIPv6¶i¦æºô¸ô³q°T. º¥ý±z¥²»Ý¾Ç²ß¦p¦ó¥Î ¶å±´µ{¦¡¨ÓÀˬdIPv6¼Æ¾Ú¥]. ±j¯P±ÀÂ˳o¼Ë°µ,¦]¬° ¦bdebugging/troubleshooting ¤¤¦³§Q©ó§Ö³t¶EÂ_. IPv6 ping ³oÓµ{¦¡¤@¯ë¦biputils¥]¸Ì, ¥Î¨Ó´ú¸Õ²³æ¶Ç¿éµo°e ICMPv6 ¦^À³½Ð¨D¨Ãµ¥ «ÝICMPv6 ¦^À³¥]. ¥Îªk: ______________________________________________________________ # ping6 < hostwithipv6address > # ping6 < ipv6address > # ping6 [-I < device >] < link-local-ipv6address > ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # ping6 -c 1 ::1 PING ::1(::1) from ::1 : 56 data bytes 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec --- ::1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms ______________________________________________________________ ´£¥Ü ping6¥²»Ý¦³¾A·íªºrootÅv¤~¯à¨Ï¥Î, ¦pªG¤£¬Oroot²Õ¥Î¤á,¨Ï¥Î®É¥i¯à ²£¥Í°ÝÃD: 1.ping6 ¤£¦b¥Î¤áªº¸ô®|·í¤¤ (probably, because ping6 is generally stored in /usr/sbin -> add path (not really recommended) 2.ping6 ¤£¯à³Q¥¿½T°õ¦æ, ³q±`¨S¦³¾A·íªºÅv chmod u+s /usr/sbin/ping6 ¬°ping6«ü©w¬É± ¥Îlocal-addresses §@¬°ping6 ¥Ø¼Ð¥²»Ý«ü©w¤@Ӭɱ. §_«h®Ö¤ß±N¤£ª¾¹D¼Æ¾Ú ¥]µo©¹þÓ³]³Æ. ¦b¨S¦³«ü©wªº±¡ªp¤U·|¦³³o¼Ëªº¿é¥X: ______________________________________________________________ # ping6 fe80::212:34ff:fe12:3456 connect: Invalid argument ______________________________________________________________ ¬°ping6«ü©w¬É±ªºµ²ªG: ______________________________________________________________ # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from ?fe80::212:34ff:fe12:3478 eth0: 56 data bytes 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec --- fe80::2e0:18ff:fe90:9205 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip ?min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms ______________________________________________________________ Ping6 to multicast addresses(¦h¼½¦a§}) ¤@Óµo²{IPv6-active hosts ªº¤ñ¸û¦³½ìªº¾÷¨î: ______________________________________________________________ # ping6 -I eth0 ff02::1 PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 et h0: 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!) ______________________________________________________________ »PIPv4¤£¦Pªº¬O, ping ªº¦^À³¦b¼s¼½¦a§}¤¤¬O¥i¥H«Ì½ªªº,¥Ø«e¥u¦³IPv6¨¾¤õÀð ¥i¥H°µ¨ì. IPv6 traceroute6 ³oÓµ{¦¡¤@¯ë¦biputils¥]¸Ì, ©MIPv4ªºtracerouteµ{¦¡¬Û¦ü, ¦ý»P·í«eª©¥»¤£ ¦Pªº¬OIPv6¤£¯à¥¿½T¦a¨Ï¥ÎICMP echo-request. ¬Ý¤U±³oÓ¨Ò¤l: ______________________________________________________________ # traceroute6 www.6bone.net traceroute to 6bone.net (3ffe:b00:c18:1::10) from 3ffe:ffff:0000:f101::2, 30 ?hops max, 16 byte packets 1 localipv6gateway (3ffe:ffff:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms ______________________________________________________________ IPv6 tracepath6 ³oÓµ{¦¡¤@¯ë¦biputils¥]¸Ì, ¥¦¥Î¨Ó°lÂÜMTUªº¸ô®|.¬Ý¤U±ªº¨Ò¤l: ______________________________________________________________ # tracepath6 www.6bone.net 1?: [LOCALHOST] pmtu 1480 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms 2: 3ffe:b00:c18::5 267.864ms 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 3: 3ffe:3900:5::2 asymm 4 346.632ms 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms 6: 3ffe:3800::1:1 asymm 4 578.126ms !N Resume: pmtu 1280 ______________________________________________________________ IPv6 tcpdump ¦bLinux§@·~¨t²Î¤¤ tcpdump ¬O¥Dnªº¼Æ¾Ú¥]®·Àò¤u¨ã.IPv6¤ä«ù 3.6 ªºª©¥». tcpdump¥Î©ó°§C¼Æ¾Ú¥]Âø°Tªº°Ñ¼Æ: * icmp6: ¹LÂo¥»¦aICMPv6³q°T. * ip6: ¹LÂo¥»¦aIPv6³q°T.(¥]¬A ICMPv6) * proto ipv6: filters tunneled IPv6-in-IPv4 traffic * not port ssh: ¦b»·µ{SSH·|¸Ü¤¤¸T¤îSSH¼Æ¾Ú¥]ªºÅã¥Ü. to suppress displaying SSH packets for running tcpdump in a remote SSH session ¨Ï¥Î©R¥O¦æ°Ñ¼Æ¤]¥i¥H±q¤@Ӽƾڥ]¤¤®·Àò/¦C¦L¸ê°T. * "-s 512": ¼W¥[®·Àò©w¬°512 bytes. * "-vv": ¸Ô²Ó¦C¦L. * "-n": ¤£±N¦a§}Âà´«¦¨¦WºÙ,¦b¦WºÙªA°È¦³°ÝÃD®É¥i¥H¥Î¨ì. IPv6 ping to 3ffe:ffff:100:f101::1 native over a local link ______________________________________________________________ # tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 tcpdump: listening on eth0 3ffe:ffff:100:f101:2e0:18ff:fe90:9205 > 3ffe:ffff:100:f101::1: icmp6: echo ?request (len 64, hlim 64) 3ffe:ffff:100:f101::1 > 3ffe:ffff:100:f101:2e0:18ff:fe90:9205: icmp6: echo ?reply (len 64, hlim 64) ______________________________________________________________ IPv6 ping to 3ffe:ffff:100::1 routed through an IPv6-in-IPv4-tunnel 1.2.3.4©M5.6.7.8¬O¹E¹Dªº²×ÂI(³o¨Ç³£¬O¨Ò¤l). ______________________________________________________________ # tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 tcpdump: listening on ppp0 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request ?(len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len ?64, hlim 61) (ttl 23, id 29887, len 124) 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request ?(len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len ?64, hlim 61) (ttl 23, id 29919, len 124) ______________________________________________________________ 4.4 IPv6-ready programs(¯à©MIPv6¨ó¦P¤u§@ªºµ{¦¡) ¦b·í«eªºµo¦æª©¤¤¤w¸g¥]§t¤F¯à©MIPv6¨ó¦P¤u§@ªºµ{¦¡(ªA°ÈºÝ/«È¤áºÝ) °Ñ·Ó: [20]IPv6+Linux-Status-Distribution. ©ÎªÌÀˬd [21] http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html ¤@¨Ç¥i¥Îµ{¦¡ªº½u¯Á: [22]IPv6 & Linux - HowTo - Part 3©Î [23]IPv6 & Linux - HowTo - Part 4. 4.5 IPv6-ready «È¤áºÝµ{¦¡ (selection) ·Qn¶i¦æ¤U±ªº´ú¸Õ, ±zªº§@·~¨t²Î¥²»Ý¾Ö¦³IPv6¯à¤O. ¦³¨Ç¨Ò¤l¬O¯u¹ê¦a³sµ² ¤F6boneªº±¡ªp¤U°µªº. ÀˬdDNS¹ïIPv6¦a§}ªº¸ÑªR¯à¤O ¦]¬°³o´X¦~Domain Name System (DNS)¦w¥þªº¤£Â_¤É¯Å, ¥¦Ì¤¤ªº¤j³¡¥÷³£¨ã³Æ ¤F¹ïIPv6 ¦a§}Ãþ«¬AAAAªº¸ÑªR¯à¤O. (·sªºÃþ«¬A6 ¥u¦³BIND9©M§ó°ªªºª©¥»¤ä «ù)ÀˬdDNS¹ïIPv6¦a§}ªº¸ÑªR¯à¤O: ______________________________________________________________ # host -t AAAA www.join.uni-muenster.de ______________________________________________________________ ±N±o¨ì¤U±ªºµ²ªG: ______________________________________________________________ www.join.uni-muenster.de. is an alias for ns.join.uni-muenster.de. ns.join.uni-muenster.de. has AAAA address 3ffe:400:10:100:201:2ff:feb5:3806 ______________________________________________________________ IPv6-ready telnet clients IPv6-ready telnet «È¤áºÝ. ¹ï¥¦¶i¦æ¤@Ó²³æªº´ú¸Õ: ______________________________________________________________ $ telnet 3ffe:400:100::1 80 Trying 3ffe:400:100::1... Connected to 3ffe:400:100::1. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Sun, 16 Dec 2001 16:07:21 GMT Server: Apache/2.0.28 (Unix) Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT ETag: "3f02-a4d-b1b3e080" Accept-Ranges: bytes Content-Length: 2637 Connection: close Content-Type: text/html; charset=ISO-8859-1 Connection closed by foreign host. ______________________________________________________________ ¦pªGtelnet¥u¥X²{"cannot resolve hostname", »¡©ú§@·~¨t²ÎªºIPv6ÁÙ¥¼¿E¬¡. openssh openssh¤w¸g¤ä«ùIPv6, ¦ý¥²»Ý¹ï¥¦¥Î¥H¤Uªº°Ñ¼Æ¶i¦æ½sĶ«á¤~¯à¨Ï¥Î: * --without-ipv4-default: the client tries an IPv6 connect first automatically and fall back to IPv4 if not working * --with-ipv4-default: default connection is IPv4, IPv6 connection must be force like following example shows: ______________________________________________________________ $ ssh -6 ::1 user@::1's password: ****** [user@ipv6host user]$ ______________________________________________________________ ¦pªG±zªºssh¤£¯à¹ï -6 ¶i¦æ¤ÏÀ³, ¥i¯à§@·~¨t²ÎªºIPv6ÁÙ¥¼¿E¬¡,©Îsshªºª©¥» ¤Ó§C. ssh.com ¥L̪º«È¤á/ªA°ÈºÝµ{¦¡¬O§K¶Oªº. IPv6-ready web ¬yÄý¾¹ ¥Ø«e¤ä«ùIPv6ªºweb ¬yÄý¾¹¦Cªí: [24]IPv6+Linux-status-apps.html#HTTP. ³o¨Ç¬yÄý¾¹¤j³¡¥÷³£¦s¦b°ÝÃD: * ¦pªG proxy(¥N²z)¥u¤ä«ùIPv4, IPv6ªº½Ð¨D±N·|¥¢±Ñ. ¤èªk: ¤É¯Åproxy * Automatic proxy settings (*.pac) ¤£¯à¹ïIPv6ªº¤£¦P½Ð¨D¶i¦æ¾A·íªº³B ²z (written in Java-script and well hard coded in source like to be seen in Maxilla source code). ¤@¨Ç¦´Áªºª©¥»¤£¯à¹ïIPv6¦a§}¶i¦æ¥¿½Tªº¾Þ§@, ¦p: [25] http://[3ffe:400:100::1]/ ¤@Ó¤p´ú¸Õ,Åã¥Ü¦b¨S¦³¥N²zªº±¡ªp¤Uªº URL ©M ¬yÄý¾¹. URLs for testing ´ú¸ÕIPv6³Ì¤è«Kªº¤èªk¬O³X°Ý: [26]http://www.kame.net/. ¦pªG®üÀt¬O¬¡°Ê ªº, »¡©ú³s±µ¬O³q¹LIPv6¶i¦æªº, ¥¦¤£°Êªº¸Ü, »¡©ú³s±µ¬O³q¹LIPv4¶i¦æªº. 4.6 IPv6-ready server µ{¦¡ ¥]¬A:sshd, httpd, telnetd, 5. ³]©winterfaces(¬É±) 5.1 ¤£¦Pªººô¸ô³]³Æ ¤@Ó¸`ÂI¦s¦b¤£¦Pªººô¸ô³]³Æ, ¥i¥H¹ï¥¦Ì¶i¦æ¦p¤U¤ÀÃþ: * Physically bounded, like eth0, tr0 * Virtually existing, like ppp0, tun0, tap0, sit0, isdn0, ippp0 Physically bounded(ª«²z¸j©w) ¥]¬A Ethernet ©ÎªÌ Token-Ring ¥¦Ì¤£»Ýn¯S§Oªº³B²z. Virtually bounded(µêÀÀ¸j©w) »Ýn¯S§Oªº¤ä«ù. IPv6-in-IPv4 tunnel interfaces ³oÓinterfaces(¬É±)¤]ºÙ§@sitx, sit ¬O"Simple Internet Transition" ªº ÁY¼g. ¥¦¥i¥H±NIPv6ªº¼Æ¾Ú¥]¶ë¶iIPv4, ³q¹LIPv4¨ì¹F¥t¤@Ó¦aÂI. sit0 ¤£¯à¨Ï¥Î¦b±M¥Îªºtunnels ¤W. 5.1.2.2. PPP interfaces PPP interfaces ±qIPv6 enabled PPP daemon ¨º¸ÌÀò±o IPv6 ªº¯à¤O. 5.1.2.3. ISDN HDLC interfaces ¨ã¦³IP«Ê¸ËªºHDLC IPv6 ¯à¤O¥H¸g¥]§t¦b®Ö¤ß·í¤¤. 5.1.2.4. ISDN PPP interfaces ¥Ø«e¤£¤ä«ù ISDN PPP interfaces (ippp) aren't IPv6 enabled by kernel. Also there are also no plans to do that because in kernel 2.5.+ they will be replaced by a more generic ppp interface layer. 5.1.2.5. SLIP + PLIP ¥Ø«e¤£¤ä«ùLike mentioned earlier, this interfaces don't support IPv6 transport (sending is OK, but dispatching on receiving don't work). 5.1.2.6. Ether-tap device Ether-tap devices¨Ï¥Î¦Û°Êªº³]©w.¦b¨Ï¥Î¤§«e¥ý±N "ethertap" ¼Ò²Õ±¾¶i¨Ó. 5.1.2.7. tun devices ´N³s§Ú³£ÁÙ¨S¸Õ¹L©O! Currently not tested by me. 5.1.2.8. ATM 01/2002: vanillaªº®Ö¤ß¥Ø«e¤£¤ä«ù, USAGI ªºÂX®i¤ä«ùATM-IPv6 5.1.2.9. ¨ä¥¦ªº §Úº|±¼¤F¤°»ò? 5.2 Bringing interfaces up/down(³]©w¬É±ªº¶}/Ãö) ¨Ï¥Î "ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # ip link set dev <interface> up # ip link set dev <interface> down ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # ip link set dev eth0 up # ip link set dev eth0 down ______________________________________________________________ ¨Ï¥Î "ifconfig" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ifconfig <interface> up # /sbin/ifconfig <interface> down ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ifconfig eth0 up # /sbin/ifconfig eth0 down ______________________________________________________________ 6. ³]©wIPv6¦a§} 6.1 ¦C¦L·í«eªºIPv6¦a§} ¨Ï¥Î "ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 addr show dev <interface> ______________________________________________________________ ¨Ò¤l:¤@ÓÀRºAªº¥D¾÷¦a§} ______________________________________________________________ # /sbin/ip -6 addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_ fast qlen 100 inet6 fe80::210:a4ff:fee3:9566/10 scope link inet6 3ffe:ffff:0:f101::1/64 scope global inet6 fec0:0:0:f101::1/64 scope site ______________________________________________________________ ¦Û°Ê³]©wªº¦a§}©M¥¦ªº¦s¬¡®É¶¡: ______________________________________________________________ # /sbin/ip -6 addr show dev eth0 3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen ? 100 inet6 2002:d950:f5f8:f101:2e0:18ff:fe90:9205/64 scope global dynamic valid_lft 16sec preferred_lft 6sec inet6 3ffe:400:100:f101:2e0:18ff:fe90:9205/64 scope global dynamic valid_lft 2591997sec preferred_lft 604797sec inet6 fe80::2e0:18ff:fe90:9205/10 ? scope link ______________________________________________________________ ¨Ï¥Î "ifconfig" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ifconfig <interface> ______________________________________________________________ ¨Ò¤l, ¥¦¥u¦C¦LIPv6¦a§}: ______________________________________________________________ # /sbin/ifconfig eth0 |grep "inet6 addr:" inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link inet6 addr: 3ffe:ffff:0:f101::1/64 Scope:Global inet6 addr: fec0:0:0:f101::1/64 Scope:Site ______________________________________________________________ 6.2 ¼W¥[¤@ÓIPv6¦a§} ¨äì²z¦PIPv4ªº"IP ALIAS"(IP§O¦W)¬Û¦P ¨Ï¥Î "ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev <interface> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 addr add 3ffe:ffff:0:f101::1/64 dev eth0 ______________________________________________________________ ¨Ï¥Î "ifconfig" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ifconfig <interface> inet6 add <ipv6address>/<prefixlength> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ifconfig eth0 inet6 add 3ffe:ffff:0:f101::1/64 ______________________________________________________________ 6.3 ²¾°£IPv6¦a§} ³oÓ¤£±`¥Î, ¤£n¥Î¥¦²¾°£¤£¦s¦bªº¦a§}, ¤@¨Ç¦´Áªº®Ö¤ß·|¦]¬°¨ü¤£¤F¦Ó±¾ ±¼. ¨Ï¥Î "ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev <interface> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 addr del 3ffe:ffff:0:f101::1/64 dev eth0 ______________________________________________________________ ¨Ï¥Î "ifconfig" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ifconfig eth0 inet6 del 3ffe:ffff:0:f101::1/64 ______________________________________________________________ 7. ³]©wIPv6¸ô¥Ñ 7.1 ¦C¦L²{¦³ªº¸ô¥Ñ ¨Ï¥Î"ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 route show [dev <device>] ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 route show dev eth0 3ffe:ffff:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 default proto kernel metric 256 mtu 1500 advmss 1440 ______________________________________________________________ ¨Ï¥Î "route" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/route -A inet6 ______________________________________________________________ ¨Ò¤l:¦b¦P¤@Ӭɱ¤W¤£¦PªºIPv6¸ô¥Ñ. ______________________________________________________________ # /sbin/ip -6 route show dev eth0 # /sbin/route -A inet6 |grep -w "eth0" 3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global ? address fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local ? address ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast ? addresses ::/0 :: UDA 256 0 0 eth0 <- Automatic default route ______________________________________________________________ 7.2 ³]©wIPv6¸ô¥Ñ³q¹L¹h¹D ¨Ï¥Î"ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address> ? [dev <device>] ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1 ______________________________________________________________ ¨Ï¥Î "route" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw ? <ipv6address> [dev <device>] ______________________________________________________________ ¨Ò¤l:¬°·í«e©Ò¦³ªº(¥þ§½¦a§}global addresses 2000::/3)§}³q¹L¹h ¹D3ffe:ffff:0:f101::1 ______________________________________________________________ # /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1 ______________________________________________________________ 7.3 ²¾°£ IPv6¸ô¥Ñ³q¹L¹h¹D ¨Ï¥Î"ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address> ? [dev <device>] ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 route del 2000::/3 via 3ffe:ffff:0:f101::1 ______________________________________________________________ ¨Ï¥Î "route" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/route -A inet6 del <network>/<prefixlength> [dev <device>] ______________________________________________________________ ¨Ò¤l:²¾°£«e©Ò¦³ªº(¥þ§½¦a§}global addresses 2000::/3)§}³q¹L¹h ¹D3ffe:ffff:0:f101::1 ______________________________________________________________ # /sbin/route -A inet6 del 2000::/3 gw 3ffe:ffff:0:f101::1 ______________________________________________________________ 7.4 ¼W¥[IPv6¸ô¥Ñ¦Üinterface(¬É±) ¨Ï¥Î "ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device> ? metric 1 ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 route add 2000::/3 dev eth0 metric 1 ______________________________________________________________ ¨Ï¥Î "route" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/route -A inet6 add <network>/<prefixlength> dev <device> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/route -A inet6 add 2000::/3 dev eth0 ______________________________________________________________ 7.5 ±qinterface(¬É±)²¾°£IPv6¸ô¥Ñ ¨Ï¥Î "ip" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/ip -6 route del <ipv6network>/<prefixlength> dev <device> ? metric 1 ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 route del 2000::/3 dev eth0 ______________________________________________________________ ¨Ï¥Î "route" ¨Ï¥Î¤èªk: ______________________________________________________________ # /sbin/route -A inet6 del <network>/<prefixlength> dev <device> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/route -A inet6 del 2000::/3 dev eth0 ______________________________________________________________ 7.6 FAQ for IPv6 routes(IPv6 ¸ô¥Ñªº¸g±`°Ýµª) Support of an IPv6 default route IPv6ªº¤@Ó¤èªk¬Ohierachical routing(¤À¯Å¸ô¥Ñ).¦]¦¹,¤À¯Å·í¤¤³Ì¤Ö»Ýn¤@ Ó¸ô¥Ñ. ¦b¥Ø«eªº®Ö¤ß¤¤¦³¤@¨Ç°ÝÃD: Clients (not routing any packet!)¨S¦³¥ô¦ó¼Æ¾Ú¥]³Q¸ô¥Ñ. Clinets ¥i¥H³]©w¤@ӯʬ٪ºprefix "::/0"(«eºó¬° ::/0 ªº¸ô¥Ñ). ______________________________________________________________ # ip -6 route show | grep ^default default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires ? 29sec mtu 1500 advmss 1440 ______________________________________________________________ Routers on packet forwarding (¸ô¥Ñ¥]Âà±H) ¥Ø«e¥D¬yªºLinux®Ö¤ß(³Ì¤Ö¬O <=2.4.17) ¤£¤ä«ù¯Ê¬Ù¸ô¥Ñ. ±z¥i¥H³]©w¥¦Ì,¦ý ¦bµo°e¼Æ¾Ú¥]®ÉÀô¶·|¥¢±Ñ. ©Ò¥H,¥Ø«eªº¯Ê¬Ù¸ô¥Ñ¥i¥H³Q³]©w¦¨ «eºó ¬°"2000::/3"ªº global (¥þ§½¦a§}). USAGI ¹ï³oÓ¦³µÛ¨}¦nªº¤ä«ù. ª`·N: ª`·N¨S¦³¦a§}¿z¿ïªºÃä½t¸ô¥Ñ¾¹ªº¯Ê¬Ù¸ô¥Ñ, ¤£µM·|¦³¦h¾lªºmulticast ©Î site-local ¶Ç¿é±qÃä½t·¸¥X. 8. Neighbor Discovery(µo²{ªÚ¾F) IPv6 ªº Neighbor DiscoveryÄ~©Ó¤FIPv4 ªº ARP (Address Resolution Protocol¦a§}¸ÑªR¨óij). ±z¥i¥H«·s±o¨ìªÚ¾Fªº¸ê°T. ¨Ã¥B¥i¥H½s¿è/§R°£¥¦. Neighbor detection(¹ïªÚ¾F¶i¦æ±´´ú) ®Ö¤ßt³d¹ï±´´ú¦¨¥\ªºªÚ¾F¶i¦æ°lÂÜ. ±z¥i¥H¥Î "ip" ¨Ó«õ±¸¨ä¤¤ªº«H®§. 8.1 Displaying neighbors using "ip" (¥Î"ip"©R¥O¦C¦LªÚ¾F) ¨Ï¥Î¥H¤Uªº©R¥O,±z¥i¥Hª¾¹DªÚ¾Fªº³]©w. ______________________________________________________________ # ip -6 neigh show [dev <device>] ______________________________________________________________ ¤U±ªº¨Ò¤l·í¤¤¦C¦L¤F¤@ÓªÚ¾F,¥¦¬O¤@Ó¥i¨ì¹Fªº¸ô¥Ñ¾¹. ______________________________________________________________ # ip -6 neigh show fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable ______________________________________________________________ 8.2 ¥Î "ip" ¹ïªÚ¾Fªº¦C¦Lªí¶i¦æ³B²z ¥Î¥H¤Uªº©R¥O¥i¥H¥[¤J¤@Óentry(¦C¦L¶µ) ______________________________________________________________ # ip -6 neigh add <IPv6 address> lladdr <link-layer address> dev <device> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 ______________________________________________________________ ¥Î¥H¤Uªº©R¥O¥i¥H²¾°£¤@Óentry(¦C¦L¶µ) ______________________________________________________________ # ip -6 neigh del <IPv6 address> lladdr <link-layer address> dev <device> ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 ______________________________________________________________ §ó°ª¶¥ªº³]©w "ip"¤u¨ã«D±`±j¤j, ¦ý¨S¦³¨¬°÷ªºÀ°§U¸ê°T. ______________________________________________________________ # ip -6 neigh help Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [ nud { permanent | noarp | stale | reachable } ] | proxy ADDR } [ dev DEV ] ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ] ______________________________________________________________ ¦³ÂI¹³IPv4ªº¦C¦L, ¦pªG±zª¾¹D¥¦ªº¸Ô²Ó¥Îªk,½ÐÀ°§Ú send ¤@¥÷¹L¨Ó. 9. Configuring IPv6-in-IPv4 tunnels(³]©w¹E¹D) 9.1 ¹E¹DªºÃþ«¬ ±NIPv6¼Æ¾Ú¥]¶Ç¿é¨ìIPv4³sµ²¤£¥u¦³¤@ºØ¥i¯à. Static point-to-point tunneling: 6bone (¥HÂI¹ïÂI¤è¦¡ºc«Øªº¹E¹D) IPv6©MIPv4ªº¹E¹D©w¸q¦b [27]RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers ¥²³Æ±ø¥ó: * ¹E¹D¥t¤@ºÝªºIPv4¦a§}¥²»Ý¬Ostatic(ÀRºAªº).global unique and reachable from the foreign tunnel endpoint * ±z¥H¸g¾Ö¦³ªº¤@Óglobal IPv6 prefix(«eºó),°Ñ·Ó 6bone registry. * ¦³¤@Ó¥i¥H±N±zªºIPv6 prefix ¸ô¥Ñ¨ì¥»¦aºÝªº¥~¬ÉtunnelºÝ(³q±`»Ýn¶i ¦æ»·ºÝ¾Þ§@) Automatically tunneling(¹E¹D¾Þ§@¦Û°Ê¤Æ) ·í¤@Ó¸`ÂIª½±µ¦P¥t¤@Ó¸`ÂI¶i¦æ³sµ²,¦b±o¨ì¸`ÂIIPv4¦a§}¤§«e,¸`ÂI´N·|°õ¦æ ¹E¹D¾Þ§@¦Û°Ê¤Æ. 6to4-Tunneling(¹E¹D¾Þ§@) ¥¦¨Ï¥Î¤@Ó²³æªº¾÷¨î¹ê¦æTunneling(¹E¹D¾Þ§@) [28]RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds. ¨CÓ¸`ÂIªºglobal unique IPv4 (°ß¤@¥þ §½¦a§})¥i¥H¦¨¬° 6to4 tunnel ªº²×ÂI(¦pªG¨S¦³IPv4¨¾¤õÀð¨î³q°T). 6to4-Tunneling(¹E¹D¾Þ§@)¤£¬O±M¥Î©ó¤@¹ï¤@ªº¹E¹D, ³oӮרҥi¥H¤À¶}°w ¹ïupstream and downstream (¤W¯Å©M¤U¯Å)ªº¹E¹D¾Þ§@. ¦P¼Ë,¤@Ó¯S§OªºIPv6 ¦a§}·|«ü¥X³oÓ¸`ÂI¨Ï¥Î6to4-Tunnel¦P¥þ¥@¬Éªº IPv6 ºô¸ô¶i¦æ³sµ². Generation of 6to4 prefix(²£¥Í6to4ªº«eºó). 6to4 ªº¦a§}¹³¤U±³o¼Ë©w¸q:(·½¦Û [29]RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds) ______________________________________________________________ __________________________________________________________________ | 3+13 | 32 | 16 | 64 bits | +---+------+-----------+--------+--------------------------------+ | FP+TLA | V4ADDR | SLA ID | Interface ID | | 0x2002 | | | | +---+------+-----------+--------+--------------------------------+ ______________________________________________________________ FP¬Oglobal addresses(¥þ§½¦a§})ªº«eºó. TLA¬Otop level aggregator(³Ì°ª¼h ¶°) V4ADDR¬OIPv4¥þ§½°ß¤@¦a§}((in hexadecimal notation). SLA¬O¤lºô¸ô¼Ð ½o(65536 local subnets possible). ³o¨Ç«eºó²£¥Í®ÉªºSLA ¬°"0000" «áºó¬O "::1" ¨Ã¤À°t¨ì6to4 tunnel interface(¬É±). 6to4 upstream tunneling(¤W¯Å¹E¹D¾Þ§@) ¸`ÂIª¾¹D¦Vþ¸Ìµo°e§t¦³IPv6¼Æ¾Ú¥]ªºIPv4¼Æ¾Ú¥]. ¦´Áªº6to4¹E¹D,¥²»Ý³]©w ¤@Ó±M¥Îªº¤W¯Å¸ô¥Ñ¾¹±µ¨ü³oºØ¾Þ§@. °Ñ·Ó [30]NSayer's 6to4 information ¸Ìªº¸ô¥Ñ¦C¦L. ²{¦b 6to4¤W¯Å¸ô¥Ñ¾¹¥i¥H¨Ï¥Îanycast address 192.88.99.1 ¥¦¥Ñ«á¥xªº¸ô¥Ñ¨óij±±¨î. °Ñ·Ó [31]RFC 3068 / An Anycast Prefix for 6to4 Relay Routers 6to4 downstream tunneling(¤U¯Å¹E¹D¾Þ§@) The downstream (6bone -> your 6to4 enabled node) is not really fix and can vary from foreign host which originated packets were send to. There exist two possibilities: ¥¦ÁÙ¨S¦³¥¿¦¡×¥¿¹ï¼Æ¾Ú¥]¨Ó·½ªº½T©w, ¦s ¦b¥H¤U¨âºØ¥i¯à: * ¥~³¡¥D¾÷ª½±µ¨Ï¥Î6to4§âIPv6¼Æ¾Ú¥]µo¦^µ¹±z. * ¥~³¡¥D¾÷³q¹L¥þ²yIPv6ºô¸ô, ¨Ì¾a°ÊºA¸ô«Ø¥ß¤@Óautomatic tunnel ¥Ñ ±NIPv6¼Æ¾Ú¥]µo¦^µ¹±z. Possible 6to4 traffic(6to4ªº´XºØ³q°T¤èªk) * ±q 6to4 ¨ì 6to4: ³q±`¦b¨âÓ 6to4 enabled ¥D¾÷¤§¶¡ª½±µ¶i¦æ¹E¹D¾Þ§@ tunneled between the * ±q 6to4 ¨ì non-6to4: ³q¹L¤W¯Å¹E¹D¾Þ§@µo°e¼Æ¾Ú¥]. * ±q non-6to4 ¨ì 6to4: ³q¹L¤U¯Å¹E¹D¾Þ§@µo°e¼Æ¾Ú¥]. 9.2 ¦C¦L²{¦sªºtunnels(¹E¹D) ¨Ï¥Î "ip" ¥Îªk: ______________________________________________________________ # /sbin/ip -6 tunnel show [<device>] ______________________________________________________________ ¨Ò¤l: ______________________________________________________________ # /sbin/ip -6 tunnel show sit0: ipv6/ip remote any local any ttl 64 nopmtudisc sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 ______________________________________________________________ ¨Ï¥Î "route" ¥Îªk: ______________________________________________________________ # /sbin/route -A inet6 ______________________________________________________________ ¨Ò¤l:¥u¦C¦L±qsit0¬É±³q¹Lªº¹E¹D. ______________________________________________________________ # /sbin/route -A inet6 | grep "\Wsit0\W*$" ::/96 :: U 256 2 0 sit0 2002::/16 :: UA 256 0 0 sit0 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 fe80::/10 :: UA 256 0 0 sit0 ff00::/8 :: UA 256 0 0 sit0 ______________________________________________________________ 9.3 Setup of point-to-point tunnel(³]©wÂI¹ïÂIªº¹E¹D) ¦³3ºØ¤èªk¥i¥H¥[¤J/²¾°£point-to-point tunnel Add point-to-point tunnels (¥[¤J) ¨Ï¥Î "ip" ¥Ø«e°w¹ï¤Ö¶qtunnelsªº¤èªk ³]©wtunnel device (¥¦¤£·|¥ß¬J±Ò¥Î.TTL¥²»Ý«ü©w, ¦]¬°ªì©lȬO0) ______________________________________________________________ # /sbin/ip tunnel add < device > mode sit ttl < ttldefault > remote ? < ipv4addressofforeigntunnel > local < ipv4addresslocal > ______________________________________________________________ ¥Îªk(³oÓ¨Ò¤l¤¤¦³¤TÓ¹E¹D) ______________________________________________________________ # /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote ? <ipv4addressofforeigntunnel1> local <ipv4addresslocal> # /sbin/ip set dev sit1 up # /sbin/ip -6 route add <prefixtoroute1> dev sit1 metric 1 # /sbin/ip tunnel add sit2 mode sit ttl <ttldefault> ? <ipv4addressofforeigntunnel2> local <ipv4addresslocal> # /sbin/ip set dev sit2 up # /sbin/ip -6 route add <prefixtoroute2> dev sit2 metric 1 # /sbin/ip tunnel add sit3 mode sit ttl <ttldefault> ? <ipv4addressofforeigntunnel3> local <ipv4addresslocal> # /sbin/ip set dev sit3 up # /sbin/ip -6 route add <prefixtoroute3> dev sit3 metric 1 ______________________________________________________________ ¨Ï¥Î "ifconfig" and "route" (deprecated) ¤£±ÀÂˤ@¦¸´N Non Broadcast Multiple Access (NBMA)³o»ò¦h,¦]¬°±z¦pªG¥u·Q Ãö³¬²Ä¤@Ó¦ý¤SnÅý¨ä¥¦ªºÄ~Äò¹B¦æ,¦³ÂIÃø°Ú.¥u¥[¤@Ó¬O¨S¦³°ÝÃDªº. ______________________________________________________________ # /sbin/ifconfig sit0 up # /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel1> # /sbin/ifconfig sit1 up # /sbin/route -A inet6 add <prefixtoroute1> dev sit1 # /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel2> # /sbin/ifconfig sit2 up # /sbin/route -A inet6 add <prefixtoroute2> dev sit2 # /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel3> # /sbin/ifconfig sit3 up # /sbin/route -A inet6 add <prefixtoroute3> dev sit3 ______________________________________________________________ ĵ§i:³o¼Ë°µ¦³«Ü¤jªº·ÀI, ¦]¬°¥ô¦ó¤H¥i¥H±qInternetªº¥ô¦ó¦aÂI¨Ï ¥Î"automatic tunneling"¦P±z¶i¦æ³sµ².§Ú¤£±ÀÂ˱z³o¼Ë°µ. ¨Ï¥Î "route" only ·íµM¥i¥H³]©wtunnel¨Ï¥Î Non Broadcast Multiple Access (NBMA)«D¦h¦a§}¼s ¼½ªº¤è¦¡ ³oºØ¤èªk¥i¥H¤@¦¸´N¥[¤J«Ü¦htunnel. ¨Ï¥Î¤èªk (¤TÓtunnelªº°ò¥» ¨Ò¤l): ______________________________________________________________ # /sbin/ifconfig sit0 up # /sbin/route -A inet6 add <prefixtoroute1> gw ? ::<ipv4addressofforeigntunnel1> dev sit0 # /sbin/route -A inet6 add <prefixtoroute2> gw ? ::<ipv4addressofforeigntunnel2> dev sit0 # /sbin/route -A inet6 add <prefixtoroute3> gw ? ::<ipv4addressofforeigntunnel3> dev sit0 ______________________________________________________________ ĵ§i:³o¼Ë°µ¦³«Ü¤jªº·ÀI, ¦]¬°¥ô¦ó¤H¥i¥H±qInternetªº¥ô¦ó¦aÂI¨Ï ¥Î"automatic tunneling"¦P±z¶i¦æ³sµ².§Ú¤£±ÀÂ˱z³o¼Ë°µ. Removing point-to-point tunnels(²¾°£¹E¹D) ¤â¤u¤è¦¡¤£¸g±`¨Ï¥Î,¥i¥H¥Îscripts²¾°£/«·s³]©wIPv6tunnels ¨Ï¥Î "ip" ²¾°£¹E¹D³]³Æªº¥Îªk: ______________________________________________________________ # /sbin/ip tunnel del <device> ______________________________________________________________ Usage (¤TÓtunnelªº°ò¥»¨Ò¤l): ______________________________________________________________ # /sbin/ip -6 route del <prefixtoroute1> dev sit1 # /sbin/ip set sit1 down # /sbin/ip tunnel del sit1 # /sbin/ip -6 route del <prefixtoroute2> dev sit2 # /sbin/ip set sit2 down # /sbin/ip tunnel del sit2 # /sbin/ip -6 route del <prefixtoroute3> dev sit3 # /sbin/ip set sit3 down # /sbin/ip tunnel del sit3 ______________________________________________________________ ¨Ï¥Î "ifconfig" and "route" (¦]¬°¤£«ç»ò¦³½ì©Ò¥H¤£ÃÙ¦¨³o»ò°µ) Usage (¤TÓtunnelªº°ò¥»¨Ò¤l):±z¥²»Ý¤Ï¦V²¾°£¥¦Ì, ¤]´N¬O¥ý«Ø¥ßªº¥²»Ý¥ý ²¾°£. ______________________________________________________________ # /sbin/route -A inet6 del <prefixtoroute3> dev sit3 # /sbin/ifconfig sit3 down # /sbin/route -A inet6 del <prefixtoroute2> dev sit2 # /sbin/ifconfig sit2 down # /sbin/route -A inet6 add <prefixtoroute1> dev sit1 # /sbin/ifconfig sit1 down # /sbin/ifconfig sit0 down ______________________________________________________________ ¨Ï¥Î "route" ²¾°£IPv6¸ô¥Ñ. ¨Ï¥Î¤èªk (¤TÓtunnelªº°ò¥»¨Ò¤l): ______________________________________________________________ # /sbin/route -A inet6 del <prefixtoroute1> gw ? ::<ipv4addressofforeigntunnel1> dev sit0 # /sbin/route -A inet6 del <prefixtoroute2> gw ? ::<ipv4addressofforeigntunnel2> dev sit0 # /sbin/route -A inet6 del <prefixtoroute3> gw ? ::<ipv4addressofforeigntunnel3> dev sit0 # /sbin/ifconfig sit0 down ______________________________________________________________ Numbered point-to-point tunnels(¦³ªºÂI¹ïÂI¹E¹D) ¦³®É»Ýn³]©w¤@Ópoint-to-point ¹E¹D ©MIPv6¦a§}, ¦ý¤èªk¤¤¥u¦³²Ä¤@ Ó(ifconfig+route - deprecated)©M²Ä¤TÓ(ip+route)¥i¦æ. ¦b³o¨Ç®×¨Ò¤¤±z ¥i¥H¥[¤J¤@ÓIPv6¦a§}¨ì tunnel interface(¥Î©ó¹E¹D¾Þ§@ªº¨ºÓ¬É±) 9.4 Setup of 6to4 tunnels (³]©w IPv6¦ÜIPv4ªº¹E¹D) ª`·N:6to4 tunnels ¥Ø«e¯Ê¥Fvanilla 2.2.x¨t¦C®Ö¤ßªº¤ä«ù. ¦P¼Ënª`·Nªº ¬O6to4¦a§}ªº«eºóªø«×¬O16 ©Ò¦³ªº 6to4 ¥D¾÷³£¦b¬Û¦Pªº²Ä¤G¼h. Add a 6to4 tunnel(¼W¥[¤@Ó 6to4 ¹E¹D) º¥ý, ±z¥²»Ý¥Î¥i¸ô¥Ñªº¥»¦aIPv4 global ¦a§}¨Ópºâ 6to4 ªº«eºó. (¦pªG±z ªº¥D¾÷¨S¦³¥i¸ô¥Ñªº¥»¦aIPv4 global ¦a§}, ¦b¹h¹DÃä½tªºNAT¦a§}¤]¦æ in special cases NAT on border gateways is possible): °²©w±zªºIPv4¦a§}¬°: ______________________________________________________________ 1.2.3.4 ______________________________________________________________ ²£¥Íªº6to4 prefix(«eºó)¬° : ______________________________________________________________ 2002:0102:0304:: ______________________________________________________________ ¥»¦aªº 6to4 ¹h¹D»Ýn¤â¤u³]©w«áºó¬°"::1", ¦]¦¹±zªº6to4¦a§}´N¦¨¬°: ______________________________________________________________ 2002:0102:0304::1 ______________________________________________________________ ¥H¤U¨Ì¾Ú«ü©wªºIPv4¦a§}²£¥Í6to4¦a§}: ______________________________________________________________ ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "` ______________________________________________________________ ¥Ø«e¦³¨âºØ¤èªk¥i¥H³]©w6to4¹E¹D ¨Ï¥Î "ip" ©M±M¥Îªº¹E¹D³]³Æ. ³o¬O³Q±ÀÂ˪º°µªk. ³Ð«Ø¤@Ó¹E¹D³]³Æ. ______________________________________________________________ # /sbin/ip tunnel add tun6to4 mode sit remote any local <localipv4address> ______________________________________________________________ Bring interface up(¿E¬¡¥¦) ______________________________________________________________ # /sbin/ip link set dev tun6to4 up ______________________________________________________________ ±N¥»¦a6to4¦a§}¥[¤J¨ì¬É±.(ª`·N:¥¦ªº«eºóªø«×¥²»Ý¬O16) ______________________________________________________________ # /sbin/ip -6 addr add <local6to4address>/16 dev tun6to4 ______________________________________________________________ ¥[¤J¤@Ó¥Îall-6to4-routers IPv4 anycast ¦a§}§@¬°¨ì¹Fglobal IPv6 ºô¸ôªº ¸ô¥Ñ(¯Ê¬Ùªº¸ô¥Ñ) ______________________________________________________________ # /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1 ______________________________________________________________ ¨Ï¥Î "ifconfig" and "route" and generic tunnel device "sit0" (¤£³Q±ÀÂ˪º°µªk) ¤£³Q±ÀÂˬO¦]¬°tunnel device sit0 ¤£¤ä«ù¯S§Oªº¹L¼{¾¹À³¥Î¦b¨CÓ³]³Æ¤W. Bring generic tunnel interface sit0 up(±N¬É±sit0¿E¬¡) ______________________________________________________________ # /sbin/ifconfig sit0 up ______________________________________________________________ Add local 6to4 address to interface(¦V¬É±²K¥[¥»¦a 6to4 ¦a§}) ______________________________________________________________ # /sbin/ifconfig sit0 add <local6to4address>/16 ______________________________________________________________ ¥[¤J¤@Ó¥Îall-6to4-relays IPv4 anycast¦a§}§@¬°¨ì¹Fglobal IPv6 ºô¸ôªº¸ô ¥Ñ(¯Ê¬Ùªº¸ô¥Ñ) ______________________________________________________________ # /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0 ______________________________________________________________ Remove a 6to4 tunnel(²¾°£ 6to4 ¹E¹D) ¨Ï¥Î "ip" and a ±M¥Î¹E¹D³]³Æ ±qdedicated tunnel device ²¾°£©Ò¦³¸ô¥Ñ ______________________________________________________________ # /sbin/ip -6 route flush dev tun6to4 ______________________________________________________________ Shut down interface(Ãö³¬¬É±) ______________________________________________________________ # /sbin/ip link set dev tun6to4 down ______________________________________________________________ Remove created tunnel device(²¾°£¹E¹D³]³Æ) ______________________________________________________________ # /sbin/ip tunnel del tun6to4 ______________________________________________________________ ¨Ï¥Î "ifconfig" and "route" and generic tunnel device "sit0" (¤£³Q±ÀÂ˪º°µªk) ²¾°£ 6to4 ¬É±¤W¹E¹Dªº¸ô¥Ñ ______________________________________________________________ # /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0 ______________________________________________________________ Remove local 6to4 address to interface(±q¬É±²¾°£¥»¦a 6to4 ¦a§}) ______________________________________________________________ # /sbin/ifconfig sit0 del <local6to4address>/16 ______________________________________________________________ ¨Ã³¬ generic tunnel device (·í¤ß, ¥i¯à¥¦ÁÙ¦b¨Ï¥Î·í¤¤) ______________________________________________________________ # /sbin/ifconfig sit0 down ______________________________________________________________ 10. ³]©w IPv4-in-IPv6 ¹E¹D ³o¸Ìªº¤º®e·|¦b±N¨Ó²K¥[,¥Ø«e³oºØ¹E¹D³B¦b¸ÕÅ綥¬q.°Ñ·Ó: [32]RFC 2473 / Generic Packet Tunneling in IPv6 Specification 11. ®Ö¤ß³]©w in /proc-filesystem 11.1 «ç¼Ë¶i¤J /proc-filesystem ¨Ï¥Î "cat"©M "echo" ¨Ï¥Î "cat"©M "echo" ¬O¶i¤J /proc-filesystemªº³Ì²³æ¤èªk. ¦ý¥²»Ý¨ã³Æ¤U ±´XÓ±ø¥ó: * ¦b®Ö¤ß¤¤¥´¶} /proc-filesystem ¤ä«ù, ¦b½sĶªº®ÉÔ¥i¥H³q¹L CONFIG_PROC_FS=y °µ¨ì. * /proc-filesystem ¤w¸g±¾¶i¨t²Î,¥i¥H¥Î¥H¤Uªº¤èªk´ú¸Õ: ______________________________________________________________ # mount | grep "type proc" none on /proc type proc (rw) ______________________________________________________________ * ±z¥²»Ýª¾¹D¹ï/proc-filesystem ªº¦UºØ¾Þ§@. ³q±`/proc/sys/* ³£¬O¥i¼gªº, ¨ä¥¦ªº³£¬O¥uŪ©Î¥u´£¨Ñ¬ÛÃö¸ê°T. ±o¨ì¤@ÓÈ ¥i¥H¨Ï¥Î "cat" ±o¨ì¤@ÓÈ. ______________________________________________________________ # cat /proc/sys/net/ipv6/conf/all/forwarding 0 ______________________________________________________________ ³]©w¤@ÓÈ ¥i¥H¨Ï¥Î "echo" ³]©w¤@ÓÈ. ______________________________________________________________ # echo "1" >/proc/sys/net/ipv6/conf/all/forwarding ______________________________________________________________ ¨Ï¥Î "sysctl" ¨Ï¥Î "sysctl" ³]©w®Ö¤ß¬O·í«e¬y¦æªº¤èªk, ±z¤]¯à¥Î. ¦pªG/proc-filesystem ¨S¦³±¾¶i¨Ó, ¨º»ò±z¥u¥i¥H³X°Ý/proc/sys/* "sysctl"µ{¦¡¦b"procps"¦w¸Ë¥]¤¤.(Red Hat Linux systems) sysctl-interface »Ýn¦b®Ö¤ß¤¤¶i¦æ¿E¬¡, ¦b½sĶªº®ÉÔ¥i¥H³q¹L¥H¤U¿ï¶µ§¹ ¦¨: ______________________________________________________________ CONFIG_SYSCTL=y ______________________________________________________________ ³]©w¤@ÓÈ A new value can be set (if entry is writable): ______________________________________________________________ # sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 ______________________________________________________________ ¦b "=" ¨âÃ䤣¯à¥X²{spaces²Å¸¹,¤]¤£¯à¹³¤U±¨º¼Ë¤@¦¸³]©w¦hÓÈ: ______________________________________________________________ # sysctl -w net.ipv4.ip_local_port_range="32768 61000" net.ipv4.ip_local_port_range = 32768 61000 ______________________________________________________________ ¥t¥~ sysctl¨Ï¥Î "/" ¥N´À "." ¸Ô²Ó¸ê°T½Ð¬Ýsysctlªºmanpage ´£¥Ü:§Ö³t¬d§ä³]©wªº¸ê°T,¥i¥HÁp¦X¨Ï¥Î±a"-a"ªºgrep. 11.2 /proc-filesystems ¸Ìªº¼ÆÈÃþ«¬. * BOOLEAN: simple a "0" (false) or a "1" (true) * INTEGER: an integer value, can be unsigned, too * more sophisticated lines with several values: sometimes a header line is displayed also, if not, have a look into the kernel source to retrieve information about the meaning of each value... 11.3 Entries in /proc/sys/net/ipv6/ conf/default/* Change the interface-specific default settings conf/all/* §ïÅÜ©Ò¦³ interface-specific ³]©w. °£¤F: "conf/all/forwarding" ¥¦¦³¤£¦Pªº§t¸q. conf/all/forwarding * Type: BOOLEAN ¦b¨âӬɱ¤§¶¡¶i¦æglobal IPv6 forwarding (¼Æ¾Ú¥]Âà±H.) IPv6 ·í¤¤±z¤£¯à³æ¿W±±¨î¤@Ó³]³Æªº forwarding (¼Æ¾Ú¥]Âà±H). forwarding ªº±±¨î¥ÑIPv6-netfilter §¹¦¨. ·íȬ°"0"®É ¼Æ¾Ú¥]Âà±Hªº¯à¤O³QÃö³¬,¼Æ¾Ú¥] ¤£·|Â÷¶}¦U¦Ûªº¬É±(¥]¬Aª«²z/µêÀÀ)¤ñ¦p tunnel. ·íȬ°"1"®É ¼Æ¾Ú¥]Âà±Hªº ¯à¤O³Q¶}±Ò. conf/interface/* §ïÅܳæӬɱªº³]©w. ¨Ì¾Úlocal forwarding ¬O enabled ©Î not. accept_ra * Type: BOOLEAN * Àq»{È: enabled if local forwarding is disabled. disabled if local forwarding is enabled. ±µ¨üIPv6¸ô¥Ñ¼s§i.¨Ã¥B®Ú¾Ú±o¨ìªº«H®§¦Û°Ê³]©w. accept_redirectsc * Type: BOOLEAN * Functional default: enabled if local forwarding is disabled. disabled if local forwarding is enabled. ±µ¨üIPv6¸ô¥Ñ¾¹ªº«©w¦V. autoconf * Type: BOOLEAN * Default: TRUE ³]©w¥»¦a³sµ²¦a§}¨Ï¥ÎL2µwÅé¦a§}. ¥¦¨Ì¾Ú¬É±ªºL2-MAC address¦Û°Ê²£¥Í¤@Ó ¦a§}¦p:"fe80::201:23ff:fe45:6789" dad_transmits * Type: INTEGER * Default: 1 µo°e«½Æ¦a§}¶å±´ªºÁ`¼Æ. forwarding * Type: BOOLEAN * Default: FALSE if global forwarding is disabled (default), otherwise TRUE ³]©w¥D¾÷/¸ô¥Ñªºinterface-specific°Ê§@. ª`·N:±ÀÂË©Ò¦³interface(¬É±)¨Ï¥Î¬Û¦Pªº³]©w.²V¦X¸ô¥Ñ¾¹/¥D¾÷ªº·Qªk¯u¬OÃø ±o. * Value FALSE: By default, Host behaviour is assumed. This means: + IsRouter ¼Ð½o¨S¦³¦bNeighbour Advertisements·í¤¤. + ·í»Ýnªº®ÉÔ´Nµo°e¸ô¥Ñ½Ð¨D. + ¦pªGaccept_ra¬OTRUE (default), ±µ¨ü¸ô¥Ñ¼s§i. + ¦pªGaccept_redirects ¬O TRUE (default), ±µ¨ü«©w¦V. * Value TRUE: ¦pªG¨ã³Æ¥»¦aforwarding(Âà±H),¸ô¥Ñ¾¹°Ê§@¬°°²©w.³o©M¤W± ªº±¡ªp¬Û¤Ï: + IsRouter ¼Ð½o¦s¦b©óNeighbour Advertisements·í¤¤. + ¤£µo°e¸ô¥Ñ½Ð¨D. + ©¿²¤¸ô¥Ñ¼s§i. + ©¿²¤«©w¦V. hop_limit * Type: INTEGER * Default: 64 ¯Ê¬Ùhop¨î. mtu * Type: INTEGER * Default: 1280 (IPv6 n¨Dªº³Ì¤pÈ) ¯Ê¬Ù³Ì¤j¶Ç¿é³æ¤¸. router_solicitation_delay * Type: INTEGER * Default: 1 ¦bµo°e¸ô¥Ñ½Ð¨D¤§«e¬É±ªºµ¥«Ý®É¶¡(¬í). router_solicitation_interval * Type: INTEGER * Default: 4 ¦b¨CÓ¸ô¥Ñ½Ð¨D¤§¶¡ªºµ¥«Ý®É¶¡(¬í). router_solicitations * Type: INTEGER * Default: 3 °²©w¨S¦³¸ô¥Ñªº±¡ªp¤Uµo°eªº½Ð¨DÓ¼Æ. neigh/default/* Change default settings for neighbor detection and some special global interval and threshold values: gc_thresh1 * Type: INTEGER * Default: 128 More to be filled. gc_thresh2 * Type: INTEGER * Default: 512 More to be filled. gc_thresh3 * Type: INTEGER * Default: 1024 ªÚ¾F¦C¦Lªí¤j¤pªº½Õ¸`¶µ. ¦pªG±z¦³³\¦h¬É±,©Î¸ô¥Ñªí²{¤Ï±` ¸ÕµÛ¼W¤j¼ÆÈ. Or if a running Zebra (routing daemon) reports: ______________________________________________________________ ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24), seq=426, pid=0 ______________________________________________________________ gc_interval * Type: INTEGER * Default: 30 More to be filled. neigh/interface/* Change special settings per interface for neighbor detection. anycast_delay * Type: INTEGER * Default: 100 More to be filled. gc_stale_time * Type: INTEGER * Default: 60 More to be filled. proxy_qlen * Type: INTEGER * Default: 64 More to be filled. unres_qlen * Type: INTEGER * Default: 3 More to be filled. app_solicit * Type: INTEGER * Default: 0 More to be filled. locktime * Type: INTEGER * Default: 0 More to be filled. retrans_time * Type: INTEGER * Default: 100 More to be filled. base_reachable_time * Type: INTEGER * Default: 30 More to be filled. mcast_solicit * Type: INTEGER * Default: 3 More to be filled. ucast_solicit * Type: INTEGER * Default: 3 More to be filled. delay_first_probe_time * Type: INTEGER * Default: 5 More to be filled. proxy_delay * Type: INTEGER * Default: 80 More to be filled. route/* ³]©wglobal(¥þ§½)¸ô¥Ñ flush Removed in newer kernel releases - more to be filled. gc_interval * Type: INTEGER * Default: 30 More to be filled. gc_thresh * Type: INTEGER * Default: 1024 More to be filled. mtu_expires * Type: INTEGER * Default: 600 More to be filled. gc_elasticity * Type: INTEGER * Default: 0 More to be filled. gc_min_interval * Type: INTEGER * Default: 5 More to be filled. gc_timeout * Type: INTEGER * Default: 60 More to be filled. min_adv_mss * Type: INTEGER * Default: 12 More to be filled. max_size * Type: INTEGER * Default: 4096 More to be filled. 11.4 IPv6-related entries in /proc/sys/net/ipv4/ ¥Ø«e(ª½¨ìIPv4¥þ³¡¦¨¬°®Ö¤ß¼Ò²Õ),¤@¨Ç¶}Ãö¤]¥i¥H¬°IPv6©Ò¨Ï¥Î. ip_* ip_local_port_range ¤]¥i¥H¬°IPv6¨Ï¥Î. tcp_* ¤]¥i¥H¬°IPv6¨Ï¥Î. ICMP_* ¤£¯à¬°IPv6¨Ï¥Î. ¿E¬¡ ICMPv6 ¤ñ²v¨î rate limting (·¥¤O±ÀÂË,¦]¬°¥¦¦³©è ¿m ICMPv6 ºô¸ô·¼Éªº¯à¤O) netfilter-v6 rules must be used. ¨ä¥¦ ¤£ª¾¹D, ¤£¯à¬°IPv6¨Ï¥Î§a. 11.5 IPv6-related entries in /proc/net/ ³oÓ¦a¤è¬O¥uŪªº, ±z¤£¯à³q¹L "sysctl" ±o¨ì¸ê°T,¥i¥H¨Ï¥Î "cat" if_inet6 ¨C¤@¦æ¦a§}¥]§t¦hÓÈ. ³o¸ÌIPv6¦a§}¬O¥Î¯S®íªº®æ¦¡¦C¦Lªº,¨Ò¤l¥u¦C¦LÀô¶interface(¬É±)§t¸q¦b¤U ± ______________________________________________________________ # cat /proc/net/if_inet6 00000000000000000000000000000001 01 80 10 80 lo +------------------------------+ ++ ++ ++ ++ ++ | | | | | | 1 2 3 4 5 6 ______________________________________________________________ 1. ¦a§}¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L. 2. ³sµ²ªº³]³Æ¼ÆÈ(interface index)¨Ï¥Î¤Q¤»¶i¨î¦C¦L. 3. «eºóªºªø«×¨Ï¥Î¤Q¤»¶i¨î¦C¦L. 4. Scope value (see kernel source " include/net/ipv6.h" and "net/ipv6/addrconf.c" for more) 5. Interface flags (see "include/linux/rtnetlink.h" and "net/ipv6/addrconf.c" for more) 6. ³]³Æ¦W. ipv6_route ¨C¤@¦æ¦a§}¥]§t¦hÓÈ. ³o¸ÌIPv6¦a§}¬O¥Î¯S®íªº®æ¦¡¦C¦Lªº,¨Ò¤l¥u¦C¦LÀô¶interface(¬É±)§t¸q¦b¤U ± ______________________________________________________________ # cat /proc/net/ipv6_route 00000000000000000000000000000000 00 00000000000000000000000000000000 00 +------------------------------+ ++ +------------------------------+ ++ | | | | 1 2 3 4 ? 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo ? +------------------------------+ +------+ +------+ +------+ +------+ ++ ? | | | | | | ? 5 6 7 8 9 10 ______________________________________________________________ 1. IPv6¥Ø¼Ðºô¸ô¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L. 2. IPv6prefix(«eºó)ªºªø«×¨Ï¥Î¤Q¤»¶i¨î¦C¦L. 3. IPv6¨Ó·½ºô¸ô¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L. 4. IPv6¨Ó·½prefix(«eºó)ªºªø«×¨Ï¥Î¤Q¤»¶i¨î¦C¦L. 5. IPv6¤U¤@Óhop(ÅDÂI)¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L. 6. Metric in hexadecimal 7. Reference counter 8. Use counter 9. Flags(¼Ð½o) 10.Device name sockstat6 ¨C¤@¦æ¦a§}¥]§t¦hÓÈ. IPv6 sockets²Îp: ______________________________________________________________ # cat /proc/net/sockstat6 TCP6: inuse 7 UDP6: inuse 2 RAW6: inuse 1 FRAG6: inuse 0 memory 0 ______________________________________________________________ tcp6 To be filled. udp6 To be filled. igmp6 To be filled. raw6 To be filled. ip6_flowlabel To be filled. rt6_stats To be filled. snmp6 Type: One line per SNMP description and value SNMP statistics, can be retrieved via SNMP server and related MIB table by netw ork management software. ip6_tables_names Available netfilter6 tables 12. Netlink-Interface to kernel ¤º®e¦³«Ý¼W¥[... ³o¤è±§Ú¨S¤°»ò¸gÅç... 13. ºô¸ô debugging 13.1 Server socket binding(¸j©w) 13.2 Using "netstat" for server socket binding check ¨Ï¥Î "netstat" ¬O±o¨ì³o¨Ç«H®§ªº±¶®|. ¨Ï¥Î¿ï¶µ: -nlptu ¨Ò¤l: ______________________________________________________________ # netstat -nlptu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State ? PID/Program name tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN ? 1258/rpc.statd tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN ? 1502/rpc.mountd tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN ? 22433/lpd Waiting tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN ? 1746/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN ? 1230/portmap tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN ? 3551/X tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN ? 18735/junkbuster tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN ? 18822/(squid) tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN ? 30734/named tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN ? 6742/xinetd-ipv6 tcp 0 0 :::13 :::* LISTEN ? 6742/xinetd-ipv6 tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN ? 6742/xinetd-ipv6 tcp 0 0 :::53 :::* LISTEN ? 30734/named tcp 0 0 :::22 :::* LISTEN ? 1410/sshd tcp 0 0 :::6010 :::* LISTEN ? 13237/sshd udp 0 0 0.0.0.0:32768 0.0.0.0:* ? 1258/rpc.statd udp 0 0 0.0.0.0:2049 0.0.0.0:* ? - udp 0 0 0.0.0.0:32770 0.0.0.0:* ? 1502/rpc.mountd udp 0 0 0.0.0.0:32771 0.0.0.0:* ? - udp 0 0 1.2.3.1:137 0.0.0.0:* ? 1751/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* ? 1751/nmbd udp 0 0 1.2.3.1:138 0.0.0.0:* ? 1751/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* ? 1751/nmbd udp 0 0 0.0.0.0:33044 0.0.0.0:* ? 30734/named udp 0 0 1.2.3.1:53 0.0.0.0:* ? 30734/named udp 0 0 127.0.0.1:53 0.0.0.0:* ? 30734/named udp 0 0 0.0.0.0:67 0.0.0.0:* ? 1530/dhcpd udp 0 0 0.0.0.0:67 0.0.0.0:* ? 1530/dhcpd udp 0 0 0.0.0.0:32858 0.0.0.0:* ? 18822/(squid) udp 0 0 0.0.0.0:4827 0.0.0.0:* ? 18822/(squid) udp 0 0 0.0.0.0:111 0.0.0.0:* ? 1230/portmap udp 0 0 :::53 :::* ? 30734/named ______________________________________________________________ 13.3 Examples for tcpdump packet dumps ¤U±¬O¤@¨Ç³Q®·Àòªº¼Æ¾Ú¥] ...¤U¤@¦¸§Ú·|¦h§Ë¤@ÂI¨Ó...: Router discovery(¸ô¥Ñµo²{) Router advertisement ______________________________________________________________ 15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router ? advertisement(chlim=64, router_ltime=30, reachable_time=0, ? retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, ? prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, ? preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr: ? 0:12:34:12:34:50) (len 88, hlim 255) ______________________________________________________________ ¸ô¥Ñ¾¹¨Ï¥Îlink-local ¦a§} "fe80::212:34ff:fe12:3450" µo°e¼s§i¦Ü all-node-on-link multicast address "ff02::1" ¦b¥¦¦Û¤vªº layer 2 MAC ¦a§} "0:12:34:12:34:50"¤¤, ¥]§t¨âÓ«eºó2002:0102:0304:1::/64" (lifetime 30 s) ©M "3ffe:ffff:0:1::/64" (lifetime 2592000 s) Router solicitation(¸ô¥Ñ½Ð¨D) ______________________________________________________________ 15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation ? (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) ______________________________________________________________ ¾Ö¦³link-local¦a§} "fe80::212:34ff:fe12:3456" ©M layer 2 MAC ¦a§} "0:12:34:12:34:56"ªº¸`ÂI´M§ä¦b½uªº ¸ô¥Ñ¾¹. ©Ò¥Hµo°e¤@Ó¸ô¥Ñ½Ð¨D¨ì©Ò¦³ ¦b½uªº¸ô¥Ñ¾¹¦a§}multicast address "ff02::2" Neighbor discovery(µo²{ªÚ¾F) Neighbor discovery solicitation for duplicate address detection(¹ïºô¸ôªÚ¾F·í ¤¤ "«½Æªº¦a§}" ¶i¦æÀˬd) ÀHµÛ¼Æ¾Ú¥]±qlayer 2 MAC ¦a§} "0:12:34:12:34:56" µo°e¥X¥hªº¦P®ÉÀˬd¬O§_ ¦³¸`ÂI¥Î¬Û¦Pªº¦a§}µo°e¼Æ¾Ú¥]. Following packets are sent by a node with layer 2 MAC address "0:12:34:12:34:56" during autoconfiguration to check whether a potential address is already used by another node on the link sending this to the solicited-node link-local multicast address * ·í¸`ÂI±N¨Ï¥Î¦a§}"fe80::212:34ff:fe12:3456"§@¬°¥»¦a³sµ²®ÉÀˬd«½Æªº ¦a§}. ______________________________________________________________ 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has ? fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) ______________________________________________________________ * ·í¸`ÂI±N¨Ï¥Î¦a§}"2002:0102:0304:1:212:34ff:fe12:3456"§@¬°global(¥þ §½)³sµ²®ÉÀˬd«½Æªº¦a§}(±o¨ì¤W±ªº¼s§i¤§«á). ______________________________________________________________ 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor s ol: who has ? 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34 :12:34:56) (len 32, ? hlim 255) ______________________________________________________________ * ·í¸`ÂI±N¨Ï¥Î¦a§}"3ffe:ffff:0:1:212:34ff:fe12:3456" §@¬°global(¥þ §½)³sµ²®ÉÀˬd«½Æªº¦a§}(±o¨ì¤W±ªº¼s§i¤§«á). ______________________________________________________________ 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor s ol: who has ? 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12 :34:56) (len 32, hlim ? 255) ______________________________________________________________ Neighbor discovery solicitation for looking for host or gateway(¬d§ä¤@¥x¥D¾÷ ©Î¹h¹D) * ¸`ÂI·Qnµo°e¼Æ¾Ú¥]¦Ü"3ffe:ffff:0:1::10",¦ý¬O¨S¦³layer 2 MAC ªºµo°e ¦a§},©ó¬Oµo°e½Ð¨D. ______________________________________________________________ 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff0 2::1:ff00:10: icmp6: ? neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e 0:18:90:92:5) (len 32, ? hlim 255) ______________________________________________________________ * ¸`ÂI²{¦b¬d§ä"fe80::10" ______________________________________________________________ 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00: 10: icmp6: neighbor ? sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (le n 32, hlim 255) ______________________________________________________________ 14. Support for persistent IPv6 configuration in Linux distributions(¦b¤£¦Pªºµo ¦æª©¤¤³]©wIPv6) 14.1 Red Hat Linux and "clones"(¤p¬õ´U©M¥¦ªº§Ì¥S®X©f) ¦Û±q§Ú¶}©l¼g [33]IPv6 & Linux - HowTo.§Ú¥´ºâ³]©w¤@Ó«ù¤[ªºIPv6°t¸m,¥] §t: host-only, router-only, dual-homed-host, router with second stub network, normal tunnels, 6to4 tunnels ©M¨ä¥¦.²{¦b§Ú¼g¤F¤@ Óconfiguration and script files ³oÓscript¦³¦Û¤vªºHOWTO: [34]IPv6-HOWTO/scripts/current. °÷¹Bªº¬O, Red Hat Linux ±q 7.1 ¶}©l´N ¥]§t¤F³oÓscript.¦hÁ«¤FPekka SavolaªºÀ°§U. 14.2 Mandrake(°Ò¼wµÜ§J)Linux ±q8.0«á¤]¥]§t¤F IPv6-enabled initscript package¦ý¬O¦³ÂI¤p°Ý ÃD("ifconfig" misses "inet6" before "add"). ¤ä«ùIPv6ªººô¸ô³]©w scripts ´ú¸Õ script libraryÀ³¸Ó¦s¦b: ______________________________________________________________ /etc/sysconfig/network-scripts/network-functions-ipv6 ______________________________________________________________ ¦Û°Ê´ú¸Õ: ______________________________________________________________ # test -f /etc/sysconfig/network-scripts/network-functions -ipv6 && echo "Main ? IPv6 script library exists" ______________________________________________________________ libraryªºª©¥»«Ü«n, §ó°ªªºª©¥»¥]§t¤F§ó¦hªº¥\¯à.±z¥i¥H³q¹L³oÓÀ˵ø¥¦: ______________________________________________________________ # source /etc/sysconfig/network-scripts/network-functions- ipv6 && ? getversion_ipv6_functions 20011124 ______________________________________________________________ Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...(¤@¨Ç¤p´£¥Ü) * À˵øIPv6¼Ò²Õ¬O§_¤w¸g±¾¶i¨t²Î. ______________________________________________________________ # modprobe -c | grep net-pf-10 alias net-pf-10 off ______________________________________________________________ * ¦pªG¬O"off" ¦b /etc/sysconfig/network ¤¤¥[¤JIPv6ªº¤ä«ù. ______________________________________________________________ NETWORKING_IPV6=yes ______________________________________________________________ * «·sªì©lºô¸ô: ______________________________________________________________ # service network restart ______________________________________________________________ * IPv6¼Ò²ÕÀ³¸Ó±¾¶i¨Ó¤F: ______________________________________________________________ # modprobe -c | grep ipv6 alias net-pf-10 ipv6 ______________________________________________________________ ¦pªG±z´£¨Ñ¸ô¥Ñ¼s§iautoconfiguration ·|¦Û°Ê¬°±z³]©w, §ó¦hªº¸ê°T½Ð¬Ý /usr/share/doc/initscripts-$version/sysconfig.txt. 14.3 SuSE(Ĭ¿A´µ)Linux 7.x ¥H¤W, ¤ä«ùIPv6. ¦b/etc/rc.config ¸Ì¦³§ó¦hªº¸ê°T. ¦]¬°¤£¦Pªº³]©w¤è ªk©Mscriptsµ²ºc, ©Ò¥H¤£¯à±NRed Hat Linux ·í¤¤ªº¤èªk·Ó·h¹L¨Ó. §ó¸ÔºÉªº¸ê°T½Ð¬Ý: [35]How to setup 6to4 IPv6 with SuSE 7.3 14.4 Debian(}¤ñ¦w)Linux °Ñ·Ó: [36]IPv6 on Debian Linux 15. ¨¾¤õÀð 15.1 ¨Ï¥Î netfilter6¨¾¤õÀð netfilter6¨¾¤õÀð¥u¤ä«ù2.4¥H¤Wªº®Ö¤ß.¦´Áªº2.2®Ö¤ß±z¥u¯à¥Î41¸¹¨óij¹L ÂoIPv6-in-IPv4. ĵ§i: «ö·Ó¨Ò¤l¨º¼Ë³]©w¨Ã¤£¯à¯u¥¿¦a«OÅ@±zªº§@·~¨t²Î. 15.2 §ó¦hªº¸ê°T: * [37]Netfilter project * [38]maillist archive of netfilter users * [39]maillist archive of netfilter developers * [40]Unofficial status informations 15.3 ·Ç³Æ ¤U¸ü³Ì·sªº®Ö¤ß: [41]http://www.kernel.org/ ¤U¸ü³Ì·sªºiptables: tar: [42]http://www.netfilter.org/ Source RPM for rebuild of binary (for RedHat systems): [43]ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/ ¸Ñ¶}·½¥N½X ¸Ñ¶}·½¥N½X»P§ó¦W ______________________________________________________________ # tar z|jxf kernel-version.tar.gz|bz2 # mv linux linux-version-iptables-version+IPv6 ______________________________________________________________ ¸Ñ¶} iptables ·½¥N½X ______________________________________________________________ # tar z|jxf iptables-version.tar.gz|bz2 ______________________________________________________________ Apply pending patches ______________________________________________________________ # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables- version/ ______________________________________________________________ Apply additional IPv6 related patches (still not in the vanilla kernel included) ______________________________________________________________ # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-ve rsion/ ______________________________________________________________ ¦b¤U±ªº¿ï³æ¤¤¦^µªyes: * ah-esp.patch * masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN connections like PPP or PPPoE) * ipv6-agr.patch.ipv6 * ipv6-ports.patch.ipv6 * LOG.patch.ipv6 * REJECT.patch.ipv6 À˵øIPv6¬A®i: ______________________________________________________________ # make print-extensions Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport ______________________________________________________________ Configure, build and install new kernel(³]©w,½sĶ,¦w¸Ë·sªº®Ö¤ß) ¶i¤J¥N½X¥Ø¿ý: ______________________________________________________________ # cd /path/to/src/linux-version-iptables-version/ ______________________________________________________________ §ïÅÜMakefile ______________________________________________________________ - EXTRAVERSION = + EXTRAVERSION = -iptables-version+IPv6-try ______________________________________________________________ ¹B¦æ¬ÛÃöªº³]©w:Run configure, enable IPv6 related ______________________________________________________________ Code maturity level options Prompt for development and/or incomplete code/drivers : yes Networking options Network packet filtering: yes The IPv6 protocol: module IPv6: Netfilter Configuration IP6 tables support: module All new options like following: limit match support: module MAC address match support: module Multiple port match support: module Owner match support: module netfilter MARK match support: module Aggregated address check: module Packet filtering: module REJECT target support: module LOG target support: module Packet mangling: module MARK target support: module ______________________________________________________________ ¦b¨t²Îªº¨ä¥¦¤è±¶i¦æ¬ÛÀ³ªº×§ï. Rebuild and install binaries of iptables (¥´³y¤@Ó·sªºiptables) ½T©w±zªº®Ö¤ß·½¥N½X¦s¦b©ó: /usr/src/linux/ Rename older directory ______________________________________________________________ # mv /usr/src/linux /usr/src/linux.old ______________________________________________________________ Create a new softlink ______________________________________________________________ # ln /path/to/src/linux-version-iptables-version /usr/src/linux ______________________________________________________________ Rebuild SRPMS ______________________________________________________________ # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm ______________________________________________________________ Install new iptables packages (iptables + iptables-ipv6) ¦w¸Ë·s ªºiptables * On RH 7.1 systems, ³q±`¤w¸g¦³¤@ӧ󦪺ª©¥», therefore use "freshen" ______________________________________________________________ # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm ______________________________________________________________ * ¦pªG¨S¦³¦w¸Ë,±z´N¿Ë¦Û¨Ó§a: ______________________________________________________________ # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm ______________________________________________________________ * ¦pªG¦bRH6.2¤W¦w¸Ë,n¥[¤W"--nodep": ______________________________________________________________ # rpm -ihv --nodep /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm ______________________________________________________________ * ¥i¯àn¬°iptables¥[¤W¤@Ósoftlink: ______________________________________________________________ # ln -s /lib/iptables/ /usr/lib/iptables ______________________________________________________________ 15.4 ¨Ï¥Î¤èªk À˵ø ±N¼Ò²Õ±¾¶i¨Ó: ______________________________________________________________ # modprobe ip6_tables ______________________________________________________________ À˵ø ______________________________________________________________ # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support ? 'ip6tables' firewalling (IPv6)!" ______________________________________________________________ 15.5 ¨Ï¥Îip6tables 16.3.2.1. List all IPv6 netfilter entries Short # ip6tables -L Extended # ip6tables -n -v --line-numbers -L List specified filter # ip6tables -n -v --line-numbers -L INPUT ¥[¤J¤@Ó¤é»x: # ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:" ? --log-level 7 ¥[¤J¤@Ó¤J¯¸¥á±óªº±ø¥ó: # ip6tables --table filter --append INPUT -j DROP ²¾°£¤@Ó±ø¥ó: # ip6tables --table filter --delete INPUT 1 ¤¹³\ ICMPv6: Using older kernels (unpatched kernel 2.4.5 and iptables-1.2.2) no type can be specified ¤¹³\¤J¯¸ ICMPv6 ¸g¹L tunnels # ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT ¤¹³\¥X¯¸ ICMPv6 ¸g¹L tunnels # ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT Newer kernels allow specifying of ICMPv6 types: # ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT ¨îRate-limiting Because it can happen (author already saw it to times) that an ICMPv6 storm wil l raise up, you should use available rate limiting for at least ICMPv6 ruleset. In addition logging rules should also get rate limiting to prevent DoS attacks against syslog and storage of log file partition. An example for a rate limite d ICMPv6 looks like: # ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request -j ACCEPT --m atch limit --limit 30/minute ¤¹³\¤J¯¸ªº SSH Here an example is shown for a ruleset which allows incoming SSH connection fro m a specified IPv6 address ¤¹³\¨Ó¦Û 3ffe:ffff:100::1/128 ªº SSH ¤J¯¸ # ip6tables -A INPUT -i sit+ -p tcp -s 3ffe:ffff:100::1/128 --sport 512:65535 ? --dport 22 -j ACCEPT ¤¹³\¦^À³¥]Allow response packets (¦¹¨è IPv6 ³sµ²°lÂܤ£¦b mainstream netfilter6 implemented ·í¤¤) # ip6tables -A OUTPUT -o sit+ -p tcp -d 3ffe:ffff:100::1/128 --dport 512:65535 ? --sport 22 ! --syn j ACCEPT ¥R³\ tunneled IPv6-in-IPv4 Tto accept tunneled IPv6-in-IPv4 packets, ¦bIPv4 ¨¾¤õÀ𰵬ÛÀ³ªº³]©w firewall se tup relating to such packets, for example ¥R³\ interface ppp0 ªº IPv6-in-IPv4 ¤J¯¸ # iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT ¥R³\ interface ppp0 ªº IPv6-in-IPv4 ¥X¯¸ # iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT If you have only a static tunnel, you can specify the IPv4 addresses, too, like ¥R³\¨Ó¦Û endpoint 1.2.3.4 ªº IPv6-in-IPv4 ³q¹L interface ppp0 ¤J¯¸ # iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT ¥R³\¨Ó¦Û endpoint 1.2.3.4 ªº IPv6-in-IPv4 ³q¹L interface ppp0 ¤J¯¸ # iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT 16.3.2.10. Protection against incoming TCP connection requests ·¥¤O±ÀÂË! ¥X©ó¦w¥þ¦Ò¼{ ±zÀ³·í¥[¤J¤@Óªý¤îTCP ³sµ²½Ð¨D¤J¯¸ªº±ø¥ó . Adapt "-i" op tion, if other interface names are in use! ªý¤î¤J¯¸ªº TCP ³sµ²½Ð¨D # ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP ¦b¸ô¥Ñ¾¹«á± ªý¤î¤J¯¸ªº TCP ³sµ²½Ð¨D # ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP ¥i¯à³o¨Ç±ø¥ó¥H¸g¦s¦b¨ä¥¦¦a¤è,¦ý³o¬O±z·Q·íµMªº·Qªk.³Ì¦n«Ø¤@Ó¥]§t«Ü¦h±ø¥óªº scri pt µM«á°õ¦æ. 16.3.2.11.ªý¤î¤J¯¸ªº UDP ³sµ²½Ð¨D ·¥¤O±ÀÂË! ´£°_¹L§Úªº¨¾¤õÀð¸ê°T¥i¥H±±¨î¥X¯¸ UDP/TCP ·|¸ÜªººÝ¤f. ©Ò¥H¦pªG±zªº¥»¦a IPv6¨t²Î¨Ï¥Î¥»¦aºÝ¤f ¤ñ¦p:±q 32768 ¦Ü 60999 ±z¤]¥i¥H¹³³o¼Ë¹LÂoUDP³sµ² (ª½¨ì³sµ² ¸òÂÜ¥¿±`¤u§@) like: ªý¤î¤J¯¸ªº UDP ¼Æ¾Ú¥] , ±ÙÂ_½Ð¨D¥X¯¸ªº¦^À³¼Æ¾Ú¥] # ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP ¦b¸ô¥Ñ¾¹¤W±ªý¤î¤J¯¸ªº UDP ¼Æ¾Ú¥]Âà±H¨ì¸ô¥Ñ¾¹«á±ªº¥D¾÷ ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP ¹ê¨Ò: ¤U±³oÓ¹ê¨Ò¬O¤@Ó¸g¨å, ¥Ñ Happy netfilter6 ruleset ¥Í¦¨: ______________________________________________________________ # ip6tables -n -v -L Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 extIN all sit+ * ::/0 ::/0 4 384 intIN all eth0 * ::/0 ::/0 0 0 ACCEPT all * * ::1/128 ::1/128 0 0 ACCEPT all lo * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `INPUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ? 0 0 int2ext all eth0 sit+ ::/0 ::/0 0 0 ext2int all sit+ eth0 ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `FORWARD-default:' 0 0 DROP all * * ::/0 ::/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ? 0 0 extOUT all * sit+ ::/0 ::/0 4 384 intOUT all * eth0 ::/0 ::/0 0 0 ACCEPT all * * ::1/128 ::1/128 0 0 ACCEPT all * lo ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `OUTPUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain ext2int (1 references) pkts bytes target prot opt in out source destination ? 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 ? tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `ext2int-default:' 0 0 DROP tcp * * ::/0 ::/0 0 0 DROP udp * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 Chain extIN (1 references) pkts bytes target prot opt in out source destination ? 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 ? tcp spts:512:65535 dpt:22 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 ? tcp spts:512:65535 dpt:22 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 ? tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 0 0 ACCEPT udp * * ::/0 ::/0 ? udp spts:1:65535 dpts:1024:65535 0 0 LOG all * * ::/0 ::/0 ? limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' 0 0 DROP all * * ::/0 ::/0 Chain extOUT (1 references) pkts bytes target prot opt in out source destination ? 0 0 ACCEPT tcp * * ::/0 ? 3ffe:ffff:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 0 0 ACCEPT tcp * * ::/0 ? 3ffe:ffff:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 ? tcp spts:1024:65535 dpts:1:65535 0 0 ACCEPT udp * * ::/0 ::/0 ? udp spts:1024:65535 dpts:1:65535 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `extOUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain int2ext (1 references) pkts bytes target prot opt in out source destination ? 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 ? tcp spts:1024:65535 dpts:1:65535 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `int2ext:' 0 0 DROP all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `int2ext-default:' 0 0 DROP tcp * * ::/0 ::/0 0 0 DROP udp * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 Chain intIN (1 references) pkts bytes target prot opt in out source destination ? 0 0 ACCEPT all * * ::/0 ? fe80::/ffc0:: 4 384 ACCEPT all * * ::/0 ff02::/16 Chain intOUT (1 references) pkts bytes target prot opt in out source destination ? 0 0 ACCEPT all * * ::/0 ? fe80::/ffc0:: 4 384 ACCEPT all * * ::/0 ff02::/16 0 0 LOG all * * ::/0 ::/0 ? LOG flags 0 level 7 prefix `intOUT-default:' 0 0 DROP all * * ::/0 ::/0 ______________________________________________________________ 16. ¦w¥þ 16.1 Access limitations ¦³³\¦hªA°È¨Ï¥Î tcp_wrapper library ±±¨î³X°Ý.Below is described the use of tcp_wrapper ¤º®e¦³«Ý¼W¥[... 16.2 IPv6¦w¥þ¼f®Ö ¥Ø«e¨S¦³¤°»ò¸û¦nªº°Ó·~¤u¨ã¨Ó¶i¦æ Legal issues ĵ§i:±z¥u¯à±½ºË¦Û¤vªº¨t²Î,¤£µM,¥i¯à·|IJ¤Îªk«ß.¶}©l¤§«e,½ÐÀ˹î±zn±½ºË ªºIPv6¥Ø¼Ð¦a§}¨â¦¸!. 16.3 Security auditing using IPv6-enabled netcat(¨Ï¥Î¾AÀ³IPv6ªºnetcat) Ãö©óIPv6-enabled netcatªº¸Ô²Ó¸ê°T½Ð°Ñ·Ó: [44] IPv6?status-apps/security-auditing ¨Ò¤l: ______________________________________________________________ # nc6 ::1 daytime 13 JUL 2002 11:22:22 CEST ______________________________________________________________ 16.4 Security auditing using IPv6-enabled nmap ¥þ¥@¬É³Ì¬°Àu¨qªº±½ºËµ{¦¡¤§¤@.¥¦ªºº¶: [45] http://www.insecure.org/nmap/ ±q 3.10ALPHA1 ªºª©¥»¶}©l¤ä«ùIPv6. ¨Ò¤l: ______________________________________________________________ # nmap -6 -sT ::1 Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Interesting ports on localhost6 (::1): (The 1600 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 53/tcp open domain 515/tcp open printer 2401/tcp open cvspserver Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 second s ______________________________________________________________ 16.5 Security auditing using IPv6-enabled strobe Strobe ¦P NMap¬Û¤ñ§ó¤£¨ãÆF¬¡©Ê,¦ý¤w¸g¦³ IPv6-enabling patch (see IPv6?status-apps/security-auditing for more). Usage example: ______________________________________________________________ # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org> . ::1 2401 unassigned unknown ::1 22 ssh Secure Shell - RSA encrypted rsh ::1 515 printer spooler (lpd) ::1 6010 unassigned unknown ::1 53 domain Domain Name Server ______________________________________________________________ 16.6 ¼f®Öµ²ªG ¦pªG¼f®Öµ²ªG¦P±zªºIPv6¦w¥þµ¦²¤¦³¥X¤J, ½Ð°ô¤WÀË´ú¥Xªºº|¬}. 17. Encryption and Authentication(¥[±K©M»{ÃÒ) Support in kernel Currently missing in 2.4, perhaps in 2.5 (see below). There is an issue about keeping the Linux kernel source free of export/import-control-laws regarding encryption code. This is also one case why [46]FreeS/WAN project (IPv4 only IPsec) isn't still contained in vanilla source. Support in USAGI kernel The USAGI project has taken over in July 2001 the IPv6 enabled FreeS/WAN code from the [47]IABG / IPv6 Project and included in their kernel extensions, but still work in progress, means that not all IABG features are already working in USAGI extension. 17.1 ¥Îªk °Ñ·Ó: [48]FreeS/WAN / Online documentation 18. ½u¤W´ú¸Õ¤u¨ã ¤º®e¦³«Ý¼W¥[... Åwªï´£«Øij! * finger, nslookup, ping, traceroute, whois: [49]UK IPv6 Resource Centre / The test page * ping, traceroute, tracepath, 6bone registry, DNS: [50]JOIN / Testtools (German language only, but should be no problem for non German speakers) * traceroute6, whois: [51]IPng.nl 19. ¨ä¥¦¸ê°T 19.1 ½u¤W¸ê°T ¥[¤JIPv6 backbone°©·Fºô¸ô IPv6 test backbone: [52]6bone, [53]How to join 6bone ¥Dnªºµù¥U°Ï°ì * America: [54]ARIN [55]Ripe * Asia/Pacific: [56]APNIC * Latin America and Caribbea: [57]LACNIC Also a list of major (prefix length 35) allocations per local registry is available here: [58]Ripe NCC / IPv6 allocations Tunnel brokers * [59]Freenet6 Canada * [60]Hurricane Electric US backbone * [61]Centro Studi e Laboratory Telecomunicazioni Italy * [62]Wanadoo Belgium * [63]CERTNET-Nokia China * [64]Tunnelbroker Leipzig Germany - DialupUsers with dynamic IP's can get a fix IPv6 IP... * [65]Internet Initiative Japan Japan - with IPv6 native line service and IPv6 tunneling Service * [66]XS26 - Access to SixNetherland - with POPs in Slovak Republic, Czech Republic, Netherlands, Germany and Hungary. * [67]IPng Netherland Netherland - Intouch, SurfNet, AMS-IX, UUNet, Cistron, RIPE NCC and AT& T are connected at the AMS-IX. It is possible (there are requirements...) to get an static tunnel. * [68]UNINETT Norway - Pilot IPv6 Service (for Customers): tunnelbroker & address allocation * [69]NTT Europe [70]NTT Euroope United Kingdom - IPv6 Trial. IPv4 Tunnel and native IPv6 leased Line connections. POPs are located in London, UK Dusseldorf, Germany New Jersey, USA (East Coast) Cupertino, USA (West Coast) Tokyo, Japan * [71]ESnet USA - Energy Sciences Network: Tunnel Registry & Address Delegation for directly connected ESnet sites and ESnet collaborators. * [72]6REN USA - The 6ren initiative is being coordinated by the Energy Sciences Network (ESnet), the network for the Energy Research program of the US Dept. of Energy, located at the University of California's Lawrence Berkeley National Laboratory §ó¦hªºIPv6¸ê°T: [73]ipv6-net.org 6to4 * [74]NSayer's 6to4 information * [75]RFC 3068 / An Anycast Prefix for 6to4 Relay Routers Latest news * [76]http://hs247.com/ name="hs247 / IPv6 news and information"> also homepage for #ipv6 channel on EFnet * [77]bofh.st / latest IPv6 news but currently Jan 2002 outdated..., also homepage for IPv6 channel on IRCnet * [78]ipv6-net.org German forum ¦³Ãö¨óijªº°Ñ¦Ò * [79]HS247 / IPv6 RFC list Publishing the list of IPv6-related RFCs is beyond the scope of this document, but given URLs will lead you to such lists: * [80]IPng Standardization Status a little bit out-of-sync at the moment * [81]IPv6 Related Specifications on IPv6.org ¥Ø«e»PIPv6¦³Ãöªº¯ó®×: * [82]IP Version 6 ipv6 * [83]Next Generation Transitition * [84]Dynamic Host Configuration * [85]Domain Name System Extension * [86]Mobile IP mobileip ¨ä¥¦ * [87]Network Sorcery / IPv6, Internet Protocol version 6 IPv6 protocol header * [88]SWITCH IPv6 Pilot / References big list of IPv6 references maintained by Simon Leinen * [89]Advanced Network Management Laboratory / IPv6 Address Oracle shows you IPv6 addresses in detail ²Îp * [90]IPv6 routing table history created by Gert Ding 19.2 §ó¦hªº¸ê°T ´Á«Ý¥[¤J§ó¦hªº¤º®e,Åwªï´£«Øij! Linux related * [91]IPv6-HowTo for Linux by Peter Bieringer - Germany, and his * [92]Bieringer / IPv6 - software archive * [93]Linux+IPv6 status by Peter Bieringer Germany * [94]USAGI project Japan, and their * [95]USAGI project - software archive * [96]Gav's Linux IPv6 Page * [97]Project6 - IPv6 Networking For Linux Italy, and their * [98]Project6 - software archive 19.3 ³q«H½×¾Â +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | | Focus Request e-mail address What to subscribe Maillist e-mail address Language Access through WWW | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | Linux kernel majordomo (at) oss.sgi.com netdev netdev (at) oss.sgi.com English http://oss.sgi.com/proj ects/netdev/archive/ | | networking | | including | | IPv6 | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | Linux and majordomo (at) linux-ipv6 linux-ipv6 (at) list.f00f.org English | | list.f00f.org | | IPv6 in (moderated) | | general (1) | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | Mobile IP majordomo (at) mipl (at) list.mipl. English http://www.mipl.mediapo li.com/mailinglist.html | | (v6) for list.mipl.mediapoli.com mipl mediapoli.com http://www.mipl.mediapo li.com/mail-archive/ | | Linux | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ |Linux IPv6 usagi-users-ctl usagi-users English http://www.mipl.mediapo li.com/mailinglist.html | |users using (at) linux-ipv6.org (at) linux-ipv6.org http://www.mipl.mediapo li.com/mail-archive/ | |USAGI | |extension | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | |IPv6 on Debian debian-ipv6 (at) English http://lists.debian.org /debian-ipv6/ | |Linux Web-based, see URL lists.debian.org | |Web-based | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | |IPv6/6bone in majordomo (at) ipv6 (at) German/English http://www.join.uni-mue nster.de/JOIN/ipv6/texte-englisch/mailingliste.html | | Germany atlan.uni-muenster.de ipv6 uni-muenster.de http://www.join.uni-mue nster.de/local/majordomo/ipv6/ | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | | 6bone majordomo (at) 6bone 6bone (at) English http://www.6bone.net/6b one_email.html | | isi.edu isi.edu http://ryouko.dgim.crc. ca/ipv6/ | | http://www.wcug.wwu.edu /lists/6bone/ | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | |IPv6 majordomo (at) ipng ipng (at) English http://playground.sun.c om/pub/ipng/html/instructions.html | |discussions sunroof.eng.sun.com sunroof.eng.sun.com ftp://playground.sun.co m/pub/ipng/mail-archive/ | | http://www.wcug.wwu.edu /lists/ipng/ | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | | IPv6 users majordomo (at) users users (at) ipv6.org English http://www.ipv6.org/mai ling-lists.html | | in general ipv6.org | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | | Bugtracking of bugtraq-subscribe (at) bugtraq (at) English http://online.securityf ocus.com/popups/forums/bugtraq/intro.shtml | | Internet securityfocus.com securityfocus.com (moderated) http://online.securityf ocus.com/archive/1 | | applications (2) | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | | IPv6 in general Web-based, see URL ipv6 (at) ipng.nl English http://mailman.ipng.nl/m ailman/listinfo/ipv6/ | | http://mailman.ipng.nl/p ipermail/ipv6/ | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ | | | | | | | | | majordomo (at) majordomo (at) ipv6 ipv6 (at) mfa.eti.br Portuguese http://www.mfa.eti.br/li stas.html | | mfa.eti.br mfa.eti.br | | | +------------------------------------------------------------------------------ ------------------------------------------------------------------------------- -------------------------------------------------------------+ (1) recommended for common Linux & IPv6 issues. (2) very recommended if you provide server applications. ¬O¤£¬O¦³¤°»ò¿òº|? Åwªï§Aªº«Øij! ³o¸ÌÁÙ¦³¥t¤@¥÷²M³æ: http://www.join.uni-muenster.de/JOIN/ipv6/texte-eng lisch/ipv6.infoquellen.html ¦³Ãöªºµo¦æª© * [99]Polish(ed) Linux Distribution ("market leader" in containing IPv6 enabled packages) * [100]Red Hat Linux * [101]Pekka Savola's IPv6 packages Germany * [102]Debian Linux * [103]Craig Small's IPv6 information and status * [104]SuSE Linux * [105]Linux Mandrake 20. ¾ú¥v x.yª©¥» µo§G¦bInternet¤W. x.y.z ªí¥Ü¥¿¦b¶i¦æªºª©¥»and only published as LyX file on CVS. Releases 0.x 0.31 2002-09-29/PB: Extend information in proc-filesystem entries 0.30 2002-09-27/PB: Add some maillists 0.29 2002-09-18/PB: Update statement about nmap (triggered by Fyodor) 0.28.1 2002-09-16/PB: Add note about ping6 to multicast addresses, add some labels 0.28 2002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle 0.27 2002-08-10/PB: Some minor updates 0.26.2 2002-07-15/PB: Add information neighbor discovery, split of firewalling (got so me updates) and security into extra chapters 0.26.1 2002-07-13/PB: Update nmap/IPv6 information 0.26 2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depr icated A6/DNAME, change P-t-P tunnel setup to use of "ip" only 0.25.2 2002-07-11/PB: Minor spelling fixes 0.25.1 2002-06-23/PB: Minor spelling and other fixes 0.25 2002-05-16/PB: Cosmetic fix for 2\^{ }128, thanks to Jos¡¼ Ab¡¼lio Oliveira Mat os for help with LyX 0.24 2002-05-02/PB: Add entries in URL list, minor spelling fixes 0.23 2002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL 0.22 2002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an en try in URL list and at maillists 0.21 2002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.4 2002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some ad ditional hints at DNS section 0.20.3 2002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan 0.20.2 2002-02-05/PB: Add mipl to maillist table 0.20.1 2002-01-31/PB: Add a hint how to generate 6to4 addresses 0.20 2002-01-30/PB: Add a hint about default route problem, some minor updates 0.19.2 2002-01-29/PB: Add many new URLs 0.19.1 2002-01-27/PB: Add some forgotten URLs 0.19 2002-01-25/PB: Add two German books, fix quote entinities in exported SGML code 0.18.2 2002-01-23/PB: Add a FAQ on the program chapter 0.18.1 2002-01-23/PB: Move "the end" to the end, add USAGI to maillists 0.18 2002-01-22/PB: Fix bugs in explanation of multicast address types 0.17.2 2002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document 0.17.1 2002-01-20/PB: Add a reference, fix URL text in online-test-tools 0.17 2002-01-19/PB: Add some forgotten information and URLs about global IPv6 addres ses 0.16 2002-01-19/PB: Minor fixes, remove "bold" and "emphasize" formats on code lines , fix "too long unwrapped code lines" using selfmade utility, extend list of UR Ls. 0.15 2002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document 0.14 2002-01-14/PB: Minor review at all, new chapter "debugging", review "addresses" , spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements 0.13 2002-01-05/PB: Add example BIND9/host, move revision history to end of document , minor extensions 0.12 2002-01-03/PB: Merge review of David Ranch 0.11 2002-01-02/PB: Spell checking and merge review of Pekka Savola 0.10 2002-01-02/PB: First public release of chapter 1 References 1. http://www.bieringer.de/pb/ 2. http://www.linuxports.com/howto/intro_to_networking/ 3. http://rfc.net/rfc1884.html 4. http://rfc.net/rfc3056.html/ 5. http://rfc.net/rfc2893.html 6. http://rfc.net/rfc2373.html 7. http://standards.ieee.org/regauth/oui/tutorials/EUI64.html 8. http://rfc.net/rfc3041.html 9. ftp://ftp.ietf.org/internet-drafts/ 10. http://rfc.net/rfc1519.html 11. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html 12. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html 13. http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html 14. ftp://ftp.bieringer.de/pub/linux/IPv6/kernel 15. http://www.linux-ipv6.org/faq.html 16. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#transport 17. http://rfc.net/rfc1055.html 18. ftp://ftp.inr.ac.ru/ip-routing/ 19. http://rpmfind.net/linux/rpm2html/search.php?query=iproute 20. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html 21. file://localhost/tmp/zh-sgmltools.21666/IPv6&Linux-CurrentStatus-Applications 22. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-3.html 23. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-4.html 24. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#HTTP 25. http://[3ffe:400:100::1]/ 26. http://www.kame.net/ 27. http://rfc.net/rfc2893.html 28. http://rfc.net/rfc3056.html 29. http://rfc.net/rfc3056.html 30. http://www.kfu.com/~nsayer/6to4/ 31. http://www.faqs.org/rfcs/rfc3068.html 32. http://rfc.net/rfc2473.html 33. http://www.bieringer.de/linux/IPv6/ 34. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/ 35. http://www.feyrer.de/IPv6/SuSE73-IPv6+6to4-setup.html 36. http://people.debian.org/~csmall/ipv6/ 37. http://www.netfilter.org/ 38. http://lists.samba.org/pipermail/netfilter/ 39. http://lists.samba.org/pipermail/netfilter-devel/ 40. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#netfilter6 41. http://www.kernel.org/ 42. http://www.netfilter.org/ 43. ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/ 44. http://www.bieringer.de/linux/IPv6/status/IPv6?status-apps.html#security-auditing 45. http://www.insecure.org/nmap/ 46. http://www.freeswan.org/ 47. http://www.ipv6.iabg.de/downloadframe/ 48. http://www.freeswan.org/doc.html 49. file://localhost/tmp/zh-sgmltools.21666/Linux-IPv6-HOWTO.txt.html 50. http://www.join.uni-muenster.de/lab/testtools.html 51. http://www.ipng.nl/ 52. http://www.6bone.net/6bone_hookup.html 53. http://www.6bone.net/6bone_hookup.html 54. http://www.arin.net/ 55. http://www.ripe.net/ 56. http://www.apnic.net/ 57. http://lacnic.org/ 58. http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html 59. http://www.freenet6.net/ 60. http://ipv6tb.he.net/ 61. https://carmen.cselt.it/ipv6tb/ 62. http://tunnel.be.wanadoo.com/ 63. http://tb.6test.edu.cn/ 64. http://joshua.informatik.uni-leipzig.de/ 65. http://www.iij.ad.jp/IPv6/index-e.html 66. http://www.xs26.net/ 67. http://www.ipng.nl/ 68. http://www.uninett.no/testnett/index.en.html 69. http://www.uk.v6.ntt.net/ 70. http://www.nttv6.net/ 71. http://www.es.net/hypertext/welcome/pr/ipv6.html 72. http://www.6ren.net/ 73. http://www.ipv6-net.de/ 74. http://www.kfu.com/~nsayer/6to4/ 75. http://www.faqs.org/rfcs/rfc3068.html 76. http://hs247.com/ 77. http://bofh.st/ipv6/ 78. http://www.ipv6-net.de/ 79. http://www.hs247.com/ipv6rfc.html 80. http://playground.sun.com/pub/ipng/html/specs/standards.html 81. http://www.ipv6.org/specs.html 82. http://www.ietf.org/ids.by.wg/ipv6.html 83. http://www.ietf.org/ids.by.wg/ngtrans.html 84. http://www.ietf.org/ids.by.wg/dhc.html 85. http://www.ietf.org/ids.by.wg/dnsext.html 86. http://www.ietf.org/ids.by.wg/mobileip.html 87. http://www.networksorcery.com/enp/protocol/ipv6.htm 88. http://www.switch.ch/lan/ipv6/references.html 89. http://steinbeck.ucs.indiana.edu:47401/ 90. http://www.space.net/~gert/RIPE/ 91. http://www.bieringer.de/linux/IPv6/ 92. ftp://ftp.bieringer.de/pub/linux/IPv6/ 93. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html 94. http://www.linux-ipv6.org/ 95. ftp://ftp.linux-ipv6.org/pub/ 96. http://www.bugfactory.org/~gav/ipv6/ 97. http://project6.ferrara.linux.it/ 98. ftp://ftp.ferrara.linux.it/pub/project6/ 99. http://www.pld.org.pl/ 100. http://www.redhat.com/ 101. http://www.netcore.fi/pekkas/linux/ipv6/ 102. http://www.debian.org/ 103. http://people.debian.org/~csmall/ipv6/ 104. http://www.suse.com/ 105. http://www.linux-mandrake.com/