Larvitz 10h ago

Eliminated the IPv4 NAT for my blog today and gave the Caddy jail it's own dedicated IPv4 address from my /28 subnet.

Makes the firewall configuration a lot simpler and I can drop all that rdr/nat stuff.. Modern IPv6 of course, always was a routed end-to-end connection.

It's time that we finally leave that legacy IP crap behind at some point .. le sigh.

#blog #ipv4 #ipv6 #networking #firewall

Michaela Molthagen12h ago

RE: https://meerjungfrauengrotte.de/@michaela/116583966531927015

Die Privacy Extensions für IPv6 sind eigentlich eine tolle Idee.

Durch sie bekommen ausgehende Verbindungen eine nur kurzzeitig gûltige IPv6-Adresse.

Allerdings kann das bei Verwendung eines DynDNS-Dienstes zu Problemen führen. Auf denjenigen meiner PCs, die auch aus dem Internet erreichbar sein sollen, habe ich Privacy Extensions darum deaktiviert.

Ubuntu 26.04 hat sie aber beim Upgrade wieder aktiviert, und schon waren meine Nextcloud (samt Passwort-Tresor), mein Paperless, mein SearXNG, mein MollySocket, mein Calibre, mein LibreTranslate, mein LanguageTool... nicht mehr erreichbar.

#Ubuntu2604 #PrivacyExtensions #PrivacyExtensionsIPv6 #IPv6

Michaela Molthagen14h ago

Na großartig. Bei Ubuntu 26.04 hat sich bei der Konfiguration der IPv6 Privacy Extensions etwas geändert. Die Konfigurationsdatei ist nicht mehr da, wo sie bisher immer war (/etc/sysctl.d/10-ipv6-privacy.conf). Und jetzt sind sie offenbar standardmäßig aktiviert. Heißt, ich erreiche meinen Mini-PC von außerhalb nur noch via IPv4.

#Ubuntu #Ubuntu2604 #PrivacyExtensionms #IPv6

goetz16h ago

#FritzBox #Rebind

TIL Die FritzBox macht auch eine #DNS Rebind Protection für FQDNs mit GUAs aus dem eigenen Subnet.

#IPv6 #Homelab

Larvitz 1d ago

While logging bogons received from route servers at various IXPs, I noticed two different router IDs announcing fc00:: space.

And yes, someone also attempted to announce a /127. 🙂

At least the filters are doing their job (e.g. deny ::/0 ge 49).

#bgp #ipv6 #bogon #monitoring

kravietz 🦇1d ago

Funny, someone sends #IPv6 ICMPv6 type 3 (time exceeded in transit) but with illegal code 3 (legal ones are 0-1).

Looks like genuine response to my packet, just with a weird code.

19:08:49.843233 IP6 2607:ff18:1000:1:0:66:77:35 > 2a04:4040:5:xxxxxxxxxxxxxx ICMP6, time exceeded in-transit, unknown code (3), length 88

The sender IP is GridFury from the US, looks like an ISP

🤔

Jens Link1d ago

Regarding IPv8

https://www.youtube.com/watch?v=W3jkZ1Ulz-s

#IPv6

Yes, IPv6 Is Complicated. IPv8 Won't Help

YouTube
Francisco de la Peña1d ago

https://sinartdigital.com/trecenoticias/nacionales/item/nuevo-requisito-tecnologico-obligara-a-instituciones-publicas-a-modernizar-sus-servicios-digitales

#CostaRica #IPv6

Nuevo requisito tecnológico obligará a instituciones públicas a modernizar sus servicios digitales

Yes
Show threadJason Tubnor 🇦🇺1d ago
@JulianOliver I have a #IPv6 /48 at home. I host all my services in a /64 of one of these. For people that need legacy connection to my services, they get piped through a CDN for access because I don't have time to deal with #IPv4 and #CGNAT garbage.
Show threadAxel 🚴😷🐧🐪⌨ | #WeAreNatenom1d ago

@tschaefer @JulianOliver: My #IPv6 /48 range at home is native: https://www.init7.net/en/support/faq/Statischer-IPv6-Range/

I could also get a static IPv4 address for some extra money, but it's not worth it anymore — static IPv6 suffices completely.

#Init7 #Fiber7

Fiber7: Can I have a static IPv6 range?

Fiber7: Can I have a static IPv6 range?