From slitt at troubleshooters.com Tue Nov 2 01:40:59 2021 From: slitt at troubleshooters.com (Steve Litt) Date: Mon, 1 Nov 2021 19:40:59 -0400 Subject: QOwnNotes Authoring Software presentation at November GoLUG meeting Message-ID: <20211101194054.5af90ffe@mydesk.domain.cxm> Hi all, The November GoLUG meeting is Wednesday, 11/3/2021, at 7PM Orlando time. I'll be presenting on the QOwnNotes authoring software. See http://golug.info for details. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques From erez0001 at gmail.com Sun Nov 7 10:27:03 2021 From: erez0001 at gmail.com (Erez D) Date: Sun, 7 Nov 2021 10:27:03 +0200 Subject: disabling ipv6 Message-ID: Hello I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't turn off. I have a few issues with ipv6: 1. no NAT so all my devices are accessible from outside 2. can't redirect DNS traffic to my DNS server I thought about adding a firewall, but this way i need a small fast-enough HW for this which is expensive, as well as disable HOT's router wifi so i actually need a wifi router ... can't i just install a dhcpv6 server on an RPi, which will hijack the default route and DNS servers, and so actually disable ipv6 ? Thanks, Erez. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rabin at rabin.io Sun Nov 7 10:52:12 2021 From: rabin at rabin.io (Rabin Yasharzadehe) Date: Sun, 7 Nov 2021 10:52:12 +0200 Subject: disabling ipv6 In-Reply-To: References: Message-ID: For best control you should go with the option of splitting the ISP router to only act as modem, and have a FW like PFsense/OpenSense for the rest (FW,DHCP 4/6, DNS, .... ). and have several wireless APs spread across the house, which act only as AP base stations. It's a bit more expensive, but it will give you the peace of mind you are looking for. -- Rabin On Sun, 7 Nov 2021 at 10:28, Erez D wrote: > Hello > > I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't > turn off. > I have a few issues with ipv6: > 1. no NAT so all my devices are accessible from outside > 2. can't redirect DNS traffic to my DNS server > > I thought about adding a firewall, but this way i need a small fast-enough > HW for this which is expensive, as well as disable HOT's router wifi so i > actually need a wifi router ... > > can't i just install a dhcpv6 server on an RPi, which will hijack the > default route and DNS servers, and so actually disable ipv6 ? > > Thanks, > Erez. > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -------------- next part -------------- An HTML attachment was scrubbed... URL: From borissh1983 at gmail.com Sun Nov 7 11:16:22 2021 From: borissh1983 at gmail.com (borissh1983 at gmail.com) Date: Sun, 07 Nov 2021 11:16:22 +0200 Subject: disabling ipv6 References: Message-ID: <1666377.m5AR8HjCy0@beast> Hi Erez, You should be able to disable DHCP on the router, and pass all logic to a secondary DHCP server. You can prepend your DNS server as first among DNS servers on each client (also make sure that your DNS server can answer for AAAA), you can add one line in /etc/dhcp/dhclient.conf (for dhcp clients) You should not trust NAT as a security mechanism, specifically when you have a foreign device inside your network . You should be able on your router to pass only ULA and not the public prefix you get. It is EXTREMELY important to separate your ISP router and your own one, it is better to run your own pfsense / openwrt with full control than to trust a third party device. You can disable ipv6 on client level via /etc/sysctl.d/XX_disable_ipv6.conf (just add one line net.ipv6.conf.all.disable_ipv6 = 1 it will disable ipv6 on all interfaces )- this is a VERY bad approach, but it is what you are asking for. You should enable per client router, do you really trust provider router not to attack your pc ? On Sunday, 7 November 2021 10:27:03 IST Erez D wrote: Hello I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't turn off. I have a few issues with ipv6: 1. no NAT so all my devices are accessible from outside 2. can't redirect DNS traffic to my DNS server I thought about adding a firewall, but this way i need a small fast-enough HW for this which is expensive, as well as disable HOT's router wifi so i actually need a wifi router ... can't i just install a dhcpv6 server on an RPi, which will hijack the default route and DNS servers, and so actually disable ipv6 ? Thanks, Erez. -------------- next part -------------- An HTML attachment was scrubbed... URL: From borissh1983 at gmail.com Sun Nov 7 11:16:22 2021 From: borissh1983 at gmail.com (borissh1983 at gmail.com) Date: Sun, 07 Nov 2021 11:16:22 +0200 Subject: disabling ipv6 References: Message-ID: <1666377.m5AR8HjCy0@beast> Hi Erez, You should be able to disable DHCP on the router, and pass all logic to a secondary DHCP server. You can prepend your DNS server as first among DNS servers on each client (also make sure that your DNS server can answer for AAAA), you can add one line in /etc/dhcp/dhclient.conf (for dhcp clients) You should not trust NAT as a security mechanism, specifically when you have a foreign device inside your network . You should be able on your router to pass only ULA and not the public prefix you get. It is EXTREMELY important to separate your ISP router and your own one, it is better to run your own pfsense / openwrt with full control than to trust a third party device. You can disable ipv6 on client level via /etc/sysctl.d/XX_disable_ipv6.conf (just add one line net.ipv6.conf.all.disable_ipv6 = 1 it will disable ipv6 on all interfaces )- this is a VERY bad approach, but it is what you are asking for. You should enable per client router, do you really trust provider router not to attack your pc ? On Sunday, 7 November 2021 10:27:03 IST Erez D wrote: Hello I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't turn off. I have a few issues with ipv6: 1. no NAT so all my devices are accessible from outside 2. can't redirect DNS traffic to my DNS server I thought about adding a firewall, but this way i need a small fast-enough HW for this which is expensive, as well as disable HOT's router wifi so i actually need a wifi router ... can't i just install a dhcpv6 server on an RPi, which will hijack the default route and DNS servers, and so actually disable ipv6 ? Thanks, Erez. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matan at svgalib.org Sun Nov 7 12:07:29 2021 From: matan at svgalib.org (Matan Ziv-Av) Date: Sun, 7 Nov 2021 12:07:29 +0200 Subject: disabling ipv6 In-Reply-To: References: Message-ID: All home routers should be able to firewall incoming IPv6 traffic, so it would be better to just firewall it, instead of disabling. If you use Hot's modem (hotbox) as a router, then it can do that. At least in the case of Hotbox2, it does so by default, so you should not worry about the first issue. Please also note that DHCPv6 is not the only (or even the mainly used) configuration protocol for network parameters, so it is not so easy to disable IPv6 network wide, if your router does not have this option. On Sun, 7 Nov 2021 at 10:27, Erez D wrote: > > Hello > > I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't turn off. > I have a few issues with ipv6: > 1. no NAT so all my devices are accessible from outside > 2. can't redirect DNS traffic to my DNS server > > I thought about adding a firewall, but this way i need a small fast-enough HW for this which is expensive, as well as disable HOT's router wifi so i actually need a wifi router ... > > can't i just install a dhcpv6 server on an RPi, which will hijack the default route and DNS servers, and so actually disable ipv6 ? > > Thanks, > Erez. > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Matan. From erez0001 at gmail.com Mon Nov 8 07:56:22 2021 From: erez0001 at gmail.com (Erez D) Date: Mon, 8 Nov 2021 07:56:22 +0200 Subject: disabling ipv6 In-Reply-To: References: Message-ID: as I said, best is a firewall, however GBE capable pfsense HW starts at 1000 NIS + need at least another 200 for an AP, this 1k NIS i wanted to save if i could find a satisfying solution however in HOT 4 router i can't disable or firewall ipv6, so i thought a simple dhcpv6 server could solve my problem ... On Sun, Nov 7, 2021 at 10:52 AM Rabin Yasharzadehe wrote: > For best control you should go with the option of splitting the ISP router > to only act as modem, and have a FW like PFsense/OpenSense for the rest > (FW,DHCP 4/6, DNS, .... ). > and have several wireless APs spread across the house, which act only as > AP base stations. It's a bit more expensive, but it will give you the peace > of mind you are looking for. > > > > > -- > Rabin > > > On Sun, 7 Nov 2021 at 10:28, Erez D wrote: > >> Hello >> >> I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't >> turn off. >> I have a few issues with ipv6: >> 1. no NAT so all my devices are accessible from outside >> 2. can't redirect DNS traffic to my DNS server >> >> I thought about adding a firewall, but this way i need a small >> fast-enough HW for this which is expensive, as well as disable HOT's router >> wifi so i actually need a wifi router ... >> >> can't i just install a dhcpv6 server on an RPi, which will hijack the >> default route and DNS servers, and so actually disable ipv6 ? >> >> Thanks, >> Erez. >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From slitt at troubleshooters.com Tue Nov 30 00:57:00 2021 From: slitt at troubleshooters.com (Steve Litt) Date: Mon, 29 Nov 2021 17:57:00 -0500 Subject: SSH Tunnelling and more at Wednesday GoLUG meeting Message-ID: <20211129175700.436f3e63@mydesk.domain.cxm> Hi all, Wednesday night, 7PM Eastern (New York) time, Wednesday, 12/1/2021, Linux guru der.hans will give a detailed presentation on SSH Tunnels. You can see the presentation writeup and a list of topics covered, as well as complete info on time and (virtual) place, at http://golug.info. This is the monthly GoLUG meeting, on ultra-Linux-compatible Jitsi, at https://meet.jit.si/golug . See http://golug.info for details. Thanks, SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques