fudcon-room-7
LOGS
19:14:24 <jistone> #startmeeting
19:14:24 <zodbot> Meeting started Sat Dec  5 19:14:24 2009 UTC.  The chair is jistone. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:14:24 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:14:33 <ianweller> jistone: thanks!
19:14:51 <jistone> we're starting the logging late here...
19:15:21 <jistone> have covered a few use cases so far, like static ipv6 routing behind ipv4 NAT
19:15:41 <jistone> currently talking about radvd for advertising your ipv6 addresses
19:16:07 <jistone> NetworkManager has ipv6 support in f12
19:16:42 <jistone> fedoraproject.org and mirrormanager are ipv6-enabled
19:17:50 <jistone> ipv6 has a prefix that you get from your isp or a tunnel broker (like SixXs)
19:20:01 <jistone> setting up a 4-to-6 tunnel on F11:
19:20:12 <jistone> cd /etc/sysconfig/network-scripts/
19:21:02 <jistone> vim ifcfg-eth0
19:21:20 <jistone> (add)
19:21:29 <jistone> IPV6INIT=yes
19:21:43 <jistone> IPV6TO4=yes
19:21:52 <jistone> IPV6ADDR="..."
19:22:47 <jistone> in ./network, add IPV6_DEFAULTDEV=tun6to4
19:24:03 <jistone> beware that all of the hosts in your subnet will be exposed (for better or worse)
19:25:49 <jistone> 6to4 addresses always have a 2002: prefix
19:28:23 <jistone> to directly access a v6 host, you must have a v6 address on your client
19:28:54 <jistone> sometimes a v4 border host may route services to internal v6 hosts
19:30:47 <jistone> some more benefits: better QoS, mobile ipv6 as you roam networks
19:30:47 <ricky> Hey, just a note, we are having ipv6 issues on fp.o, so we had to disable that for now :-(
19:32:14 <jistone> SixXS FAQ as a "Cool IPv6 Stuff" page
19:32:55 * warthog9 confirms similar "issues" investigating ipv6 on/for korg
19:36:39 <jistone> if you use ipv6, you can get a Dancing KAME: http://www.kame.net.ipv4.sixxs.org/
19:39:27 <ricky> s/we/people at FUDCon/ :-)
19:40:34 <jistone> ricky, I think we were recommended to disable ipv6 here for that reason
19:46:36 <jistone> with ipv6, you may want a stateful firewall to serve a similar purpose that NAT does to help security
19:51:36 <jistone> if you're accepting ipv6 routing advertisements, someone may be able to easily snoop your connections.  can be disabled in-kernel with:
19:52:16 <jistone> echo 0 >/proc/sys/net/ipv6/conf/all/accept_ra
19:55:38 <jistone> #endmeeting