Jump to content
aim60

IPv6 Addresses signed with Network Protocol Configured as IPv4 Only

3 posts in this topic Last Reply

Recommended Posts

Testing done with 6.4 RC6, with unRAID and a test client in VM's.

 

Even though an interface is configured for "Network Protocol = IPv4 only", an IPv6 link local address is being assigned to the interface or bridge.  This happens if an IPv4 address is assigned, or the interface is configured for "IP Address Assignment=None".

 

The enclosed screenshots show the server Network Settings, an ipconfig, and a Windows client connected to eth1 with no IP addresses assigned.  The client can ping the server, access the management GUI, and access server shares, all through the IPv6 Link Local address.

 

This can be a security concern if the interface is Internet facing, with the intent that the bridge will be used for the wan port of a vm firewall .

unRAID 6.4 RC6 IPv6.zip

Share this post


Link to post

The linux kernel has IPv6 enabled, as a result all active interfaces in the system receive a link-local address, this is part of the IPv6 standard, which foresees in automatic interface assignment. LL addresses are non-routable and do not bring a security issues. A bridge or router directly connected to the Internet can never forward a LL address to a remote destination.

Share this post


Link to post

If the interface is connected to a cable modem (not router) or some such device, your upstream provider's first hop is on the same link-local subnet that you are.  It seems that the most secure way to run a vm firewall is with a pass-through wan nic.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.