Networking problem

JD jd1008 at gmail.com
Sat May 21 20:05:15 UTC 2011 

On 05/21/11 12:19, Tom H wrote:
> On Thu, May 19, 2011 at 10:06 PM, JD<jd1008 at gmail.com>  wrote:
>> On 05/19/11 18:45, Tom H wrote:
>>> On Thu, May 19, 2011 at 8:57 PM, JD<jd1008 at gmail.com>    wrote:
>>>> On 05/19/11 17:41, Tom H wrote:
>>>>> To the OP: Do you have a "/etc/sysconfig/network-scripts/ifcfg-wlan0"
>>>>> and a "/etc/sysconfig/network-scripts/ifcfg-wlan0:0"? What are their
>>>>> contents?
>>>> I have no  /etc/sysconfig/network-scripts/ifcfg-wlan0:0
>>>>
>>>> $ cat /etc/sysconfig/network-scripts/ifcfg-wlan0:
>>>> DEVICE=wlan0:0
>>>> IPV6INIT=no
>>> Why do you have "DEVICE=wlan0:0" in
>>> "/etc/sysconfig/network-scripts/ifcfg-wlan0"?
>> I think that is a remnant. Thank for pointing it out.
>> I had completely overlooked it. But, it is nevertheless,
>> harmless.
> You're welcome. It's harmless in your case, except for the weird
> ifconfig and netstat outputs. If you were using dhcp, it'd be even
> more harmless (only wlan0 would be brought up with a dhcp ipv4 address
> and a link-local ipv6 address) or harmful (neither wlan0 nor wlan0:0
> would be brought up).
>
>
>>>>>> It is a valid IPv6 interface.
>>>>> It's valid but it isn't routable. It's the equivalent of an ipv4
>>>>> 169.254.x.y address.
>>>> Yes. ifconfig always prints this even when ip6 is disabled.
>>> No, if ipv6 is disabled, no ipv6 address is assigned to any interface.
>> I do not see in any of my conf files, nor in services
>> where I have enabled ipv6.
> Take a look at "CONFIG_IPV6" in "/boot/config...".
>
>
>> But I think there are other internal interfaces/modules that, [do
>> not/are not configured to]
>> go out over the LAN, that use ipv6: such as:
>> bridge,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6
>>
>> But I see your point because I thought that it was completely disabled.
>> Now I wonder if any of the loadable modules that get loaded, depend on.
>> ipv6 being enabled.
>>>>>> The fact that IPv6 layer was disabled on the subnet (as JD clarified it later),
>>>>>> does not change anything. Once again, the type of configured interface wlan0
>>>>>> is of interest to me, that is IPv6-type.
>>>>> Since wlan0:0 has a ipv6 address, ipv6 must not be disabled.
>>>> It really IS disabled. Look at the contents of my ifcfg-wlan0 above.
>>>> It says IPV6INIT=no
>>> "IPV6INIT=no" doesn't disable ipv6; it's used by
>>> "/etc/sysconfig/network-scripts/ifup-ipv6" to determine whether to
>>> configure ipv6 for that interface. If ipv6.ko isn't prevented from
>>> loading through "/etc/modprobe.conf" or a conf file in
>>> "/etc/modprobe.conf.d/", an interface will be assigned an fe80 ipv6
>>> address.
>> Correct. I had overlooked that altogether.
>> As I asked above, I wonder if some service will break
>> if I black list the ipv6 modules.
> No idea but possible; exim (on Debian, never tried it on Fedora) craps
> out if you disable ipv6 globally without disabling ipv6 in exim's own
> configuration.
Well, I do not need a mail server. I would have to fight with
at&t to open up port 25 for me.
Also, I found out that because my machine on the lan
does not have a public domain, no smtp agent would
accept mail from my machine anyhow, except gmail
(and probably others) as a mail forwarding server.
So I do not run exim.
It would be nice to find a way to have a public domain
name and public mx record mapped onto the router's
public ip address - and forward port 25 to my fedora
machine. But that will open me up to bazzillions of spam
emails, and I really do not want to have to admin yet
another app or apps to deal with that.
After reading a few blogs about diabling ipv6, I collected
these settings to be added to a new file in /etc/modprobe.conf
(say disable-ipv6.conf):

alias net-pf-10 ipv6      off
alias net-pf-10           off
alias ipv6                off
install ipv6              /bin/true
install ip6table_filter   /bin/true
install ip6_tables        /bin/true
blacklist ipv6
blacklist ip6table_filter
blacklist ip6_tables

Not sure which of these will prevent the loading of ipv6 modules altogether.
blacklist seems to be advisory and can be overruled by modprobe.
aliasing something to off  sounds like it could be the ax, but not sure.
Using /bin/true as a substitute to a module seems to be the sure fire way
of preventing the loading of that module.
But even here, I wounder if there are ways to circumvent it, as in using
insmod /..../...../etc.../module.ko

More information about the users mailing list