= Сообщение: 7236 из 7402 ============================================= IPV6 = От : Michiel van der Vlist 2:280/5555 04 Apr 23 13:00:19 Кому : Rob Swindell 04 Apr 23 13:00:19 Тема : Connection Tests FGHI : area://IPV6?msgid=2:280/5555+642c0344 На : area://IPV6?msgid=2.ipv6@1:103/705+288fc8b9 = Кодировка сообщения определена как: CP850 ================================== ============================================================================== Hello Rob,
On Monday April 03 2023 01:47, you wrote to me:
RS> So my ISP (Spectrum, aka Comcast Business) enabled IPv6 for me RS> recently (after many years of service and unanswered inquiries from me RS> about IPv6 support) without any notice or explanation.
Better late than never and late they are. I have had native IPv6 ftom my ISP since 2016 and I consider that "late" as well. One ISP here in The Netherlands suppoted IPv6 since 2010 or so...
RS> I have 5 static IPv4 addresses (a so-called "5 pack"), but I have no RS> idea if I also have static IPv6 addresses or what they are.
In IPv6 the correct term is a "static prefix" or "dynamic prefix". I have a dynamic prefix. Technically speaking. In practise changes are rare. Here ISPs offer static prefixes on a Business account.
RS> For my public network interface on my Windows box (vert.synchro.net), RS> ipconfig reports:
With IPv6 you do not get a single address or just a handfull as is common practice with IPv4. You get a block of addreses. For business accounts a /48 is common. I have a /56 on my consumer account.
With IPv6 it is common to assign one or more adresses to each interface in the LAN. The one that is always there is the so called "link local address". It is only valid on the local link and can not be routed. It is always assigned, even when there is no internet connection. It starts with fe80:. It should be pingable from other devices on the same LAN segment.
Then there are the global unicast addresses that is assigned when there is an IPv6 router present that is connected to the internet. There should be at least one. It can either be assigned by SLAAC or DHCP6. In your case it is the address ending in ::f5a. It is that address that you should advertise in the DNS when making that system available for running servers.
You also see some temporary adresses. So called privacy addersses. These are used for making outgoing calls. They can be disabled on the OS level. I have disabloed them on the system running servers as I find they are just in the way for that paricular use.
RS> When I connect out to an Internet site (e.g. whatismyipaddress.com), RS> it says I'm connecting from 2600:6c88:8c40:5b:915d:3a98:8ac1:7886, but RS> I'm pretty sure that address changes.
I am a bit puzzeld where that comes from. Keep in mind that with IPv6 every device in your LAN has it own IPv5 address(es). So the result depends on what machine you use to connect to whatsmyipaddress.com.
RS> My ISP provided router appears to be a Sagemcom,
I too have a Sagemcom. An F3896LG-ZG to be precise. I am afraid I can't be of much help as it is a DOCSIS 3.1 modem/router with ISP specific firmware.
RS> but I don't know much more about it (I use my own wireless access RS> points and routers for DHCP/NAT/Firewall for the other devices on my RS> internal/private networks).
I am a bit puzzled here. You say you use your own router. Does that mean the Sagemcom is in bridge mode? Or do you have a router behind router configuration?
RS> The ISP router (the Sagemcom) web UI reports that the vert.synchro.net RS> system has IPv6 address 2600:6c88:8c40:5b::f5a,
Checks out... So you Sagemcom is not in bridge mode. The Sagemcom acts as a router and has assigned that addres (via DHCP6) to the Fido Machine.
RS> but when I attempt to connect to that IPv6 address or the ::7886 RS> address (or even just ping6 them) from a remote host, I don't have any RS> success.
Of course. With IPv6 there is no NAT (or not normally) and so there is also no port forwarding. Every device has its own public address. But... that does not mean that it is open to the internet. There is no NAT, but every decent router has a firewall that blocks any unsollicited incoming packet. To run a server on that address one has to go through a procedure that is a bit similar to port forwarding in IPv4. On must instruct the firewall to pass the port for that particular address. Some router manufactures call it pinholing. Others call it ... port forwarding... To make it easier to understand for the customet they say... :(
So, the reason you can not connect from a remote host is because port 24554 is blocked by the firewall in the router. (as it should by default) It presumably also blocks Ping.
RS> Still a bit mysterious to me with so many addresses and so little RS> information from the ISP. Any tips are welcome,
Perhaps you should go through some of the many basic training course in IPv6 that are available on the Internet. I find this one a good starting point for the IPv6 newbie:
