Re: need to disable IPv6

To: Anne Bennett <anne%porcupine.montreal.qc.ca@localhost>
Subject: Re: need to disable IPv6
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Wed, 27 Jun 2012 15:07:11 +0700

    Date:        Tue, 26 Jun 2012 21:45:58 -0400
    From:        Anne Bennett <anne%porcupine.montreal.qc.ca@localhost>
    Message-ID:  <20120627014558.EAC4F423%quill.porcupine.ca@localhost>

  | I can't believe that a Google search doesn't reveal this for me,
  | but how do I disable IPv6 on NetBSD 5.1?

The simplest current way is to simply not configure it at all.
Never mention ipv6 to ifconfig, and nothing will appear (start
no specific IPv6 daemons, like rtadvd or course).

I have some (now fairly old) kernel patches to make a sysctl node
for Ipv6 (and every other protocol domain) to disable it completely
(ie: leave the code in the kernel so it can be re-enabled at a moment's
notice, but for all other purposes, you can consider it gone).

I've never gptten around to sending those in, the changes are not large,
I can do that if there is interest (particularly from the people who
maintain the network code).   It was (a couple of years ago now) fairly
extensively tested (and has enough flexibility to handle different
variations of what "disable" really means when you already have running
IPv6 applications.)

  | As of early June, one of my automated jobs (to retrieve my contact
  | list from Google) stopped working with "no route to host"; fortunately
  | I remembered that this was just around "IPv6 Day", and I was able
  | to get it working again by telling a Perl module to use my IPv4
  | address as the connection origin.

That's weird, if it is all as below, as you don't seem to have an IPv6
address that you could have used instead.

  | Now I can't use Google Maps at all (with Firefox), and I'm wondering
  | if it's another IPv6 problem.

It does not look likely.   Try ping, and traceroute, and ping6 and
traceroute6, and see what happens - I'd exoect ping6 and traceroute6
to fail instantly.

  | For some time (months? years?) postfix has been trying and failing
  | to connect via IPv6 when a AAAA record is advertised, but since it
  | falls back to the A record, it hasn't caused a serious problem.

Yes, that's the nuisance that the project that produced the kernel mods
(new sysctl node & code to support it) was designed to overcome.   It
isn't relaly more than a nuisance, or shouldn't be if things are even
half reasonably configured, which you system seems to be (you could
delete the IPv6 link local addresses, but that looks to be about all
that's left).

You could also check yur v6 routing table (netstat -rn -f inet6)
and see what that looks like (I'd expect interface, and loopback
routes, and nothing else).

  | Since my machine is behind an IPv4 NAT gateway, I can't speak IPv6 to
  | the outside world.

You could, with the correct tunnel tools, or by permitting IPv6
through that NAT untouched (anything modern should be able to do
that, you can still have a v6 firewall installed there if needed).

  |   fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
  |           address: 00:11:d8:00:00:f3:a9:66

That (firewire) interface is down and irrelevant.

  |   fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  |           address: 00:18:f3:ad:85:bd
  |           media: Ethernet autoselect (10baseT)
  |           status: active
  |           inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
  |           inet6 fe80::218:f3ff:fead:85bd%fxp0 prefixlen 64 scopeid 0x2

That's just a link local address, which would only permit IPv6
to other nodes on the same ethernet.  Any attempt to go beyond that
should be instantly rejected (perhaps with the silly message you
mentioned, from some applications) followed by a retry with IPv4.

  |   lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
  |           inet 127.0.0.1 netmask 0xff000000
  |           inet6 ::1 prefixlen 128
  |           inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3

And that's purely loopback, and used for nothing else (you could,
ane perhaps even are, use IPv6 for connections to localhost - like
perhaps the one X11 sometimes uses if not using shared mem), but
aside from that (and its role in processing incoming data) that
interface is irrelevant.

To actually remove all IPv6 completely, right now, I believe you'll
need to modify the line in /etc/rc.d/network that is ...

        if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then

That simply tests if IPv6 is supported in the kernel, and if it is,
starts configuring it (our kernel mods would make that fail if the
protocol is diasabled).

Make it be

        if false && /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then

(or test some other, new, rc.conf variable if you like).

kre

References:
- need to disable IPv6
  - From: Anne Bennett

Prev by Date: Re: floating point exception on 6.0 Beta 2
Next by Date: Re: need to disable IPv6
Previous by Thread: Re: need to disable IPv6
Next by Thread: Re: need to disable IPv6
Indexes:

Home | Main Index | Thread Index | Old Index