Linux/IPv6
Basics
ip -6 addr show ifconfig
netstat -A inet6 -rn
ip -6 route show route -6
ping6 -c 3 ::1
traceroute6 google.com
tracepath6 ::1
tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
host -t AAAA google.com
dig google.com AAAA
wget -6 http://ipv6.oeey.com curl -6 http://ipv6.oeey.com
IPv6 DNS Lookup:
dig AAAA ipv6.google.com # 2607:f8b0:4005:800::100e
IPv6 Reverse DNS Lookup:
dig -x 2607:f8b0:4005:800::100e
# similar to arp with ipv4 ip -6 neigh ip neigh
Ref:
- Displaying existing IPv6 routes - http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/x1144.html
dhclient
Request IPv6 address:
dhclient -6 -d eth0
Release IPv6 address:
dhclient -6 -r -d eth0
Refs: [1]
---
v4:
dhclient -4 -r eth0 //or just dhclient -r eth0 dhclient -4 eth0 // or just dhclient eth0
v6:
dhclient -6 -r eth0 dhclient -6 eth0
iptables
service ip6tables stop service ip6tables start
Disable IPV6
sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1 sysctl -w net.ipv6.conf.lo.disable_ipv6=1
etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
refs: [2]
Enable IPV6
sysctl -w net.ipv6.conf.all.disable_ipv6=0 sysctl -w net.ipv6.conf.default.disable_ipv6=0 sysctl -w net.ipv6.conf.lo.disable_ipv6=0
etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0
refs: [3]
Delete IP from Interface
# sudo ip -6 addr del <ipv6address/prefixlength> dev <interface> sudo ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0
Flush All IP Address from Interface
# sudo ip -6 address flush dev <interface> sudo ip -6 address flush dev eth0
Rebuild Local Link
Just make sure to rebuild the link after, or you will get a "no link-local IPv6 address for eth0" error when you try to run "dhclient -6 -v eth0"
sudo ip link set eth0 up # sudo ip -6 addr add fe80::<1234>/64 dev eth0 # replace <1234> with desired address, probably something from the mac address sudo ip -6 addr add fe80::1234/64 dev eth0 sudo ip -6 addr add fe80::42:b6ff:fe33:aa0/64 dev eth0
dhclient -6 -v eth0
Failure to get the link-local setup - IA_NA (Identity Association for Non-temporary Addresses)
# FE80 Prefix: All link-local addresses start with the prefix fe80::/10 fe80:: and has "scope link"
Test with:
ping fe80::a00:27ff:fec6:6b97%eth0 # append the outgoing local interface with %eth0
scope global dynamic mngtmpaddr noprefixroute
# less dynamic scope global dynamic noprefixroute vs # more dynamic w/ privacy extension scope global dynamic mngtmpaddr noprefixroute vs # local link address only scope link
"dynamic mngtmpaddr noprefixroute" - in IPv6 describes an address that's automatically generated for privacy (temporary), managed by the kernel as a template for other short-lived addresses, but isn't automatically given a network route, requiring manual setup for connectivity, often seen with systemd or NetworkManager configurations.
Breakdown of the flags:
- dynamic: The address was obtained automatically, usually via Stateless Address Autoconfiguration (SLAAC) or DHCPv6, not manually set.
- mngtmpaddr (Manage Temporary Address): This address serves as a base or template for generating temporary addresses used for outgoing connections (Privacy Extensions). These temporary addresses change frequently (e.g., daily) to enhance privacy, making it harder for websites to track a device.
- noprefixroute: The kernel does not automatically create a network route (like a /64 route) for this address, nor does it remove one when the address disappears. This means you might have the address but no path to communicate with other devices on that network unless a route is manually added or configured elsewhere.