On Tue, 20 Dec 2022 16:31:26 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:08:35 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 21:51:52 +0100, Marco Moock wrote:

Am 20.12.2022 um 14:51:00 Uhr schrieb Bit Twister:

I have disabled ipv6 at the system level with ipv6.disable=1 which
gets me kernel: IPv6: Loaded, but administratively disabled, reboot
required to enable

For what reason?

Reason 1: Seeing articles and CVE ipv6 bug exploits when surfing the net.
go ahead google for ipv6 exploits
Reason 2. My ISP only provides ipv4 to residential customers.

Are you positive about this?

Yup.
$ wget -qO - http://icanhazip.com
72.181.165.117

I even have a ck_network script to tell me if my ip address changes.

In my case, my router, which supposedly supported
ipv6 died (lightning strike). With a new router, my ipv6 connections started working as per the router's status page. At that point I re-enabled ipv6 on my
systems.

Reason 3. Other than lan computers and router I have no ipv6 devices.
Reason 4. Extra maintenance on things like shorewall, named...
Reason 5. Have not run across the need for it, so far.

There are sites that only have ipv6 addresses and their numbers are increasing.

Yep, but I believe the ISPs have a ipv4/ipv6 stack converter.

The ipv6 exploits are different, but similar to ipv4 exploits. The biggest security
difference is that with ipv6, every device is directly accessible without the the
need for the router to have rules to forward traffic to the device.

That means you cannot just rely on a firewall in the router to block unwanted traffic. It must be done in a firewall on every device using ipv6, which is strongly recommended in an ipv4 only lan anyway.

Security cameras and Over-the-Air TV network tuners are ipv4.

That will change at some point.

Yea, but I hope if I loose a tuner, or camera they will have ipv4 access.

Modified lan nic systemd network file to have
[Route]
Gateway=192.168.50.1

Did a restart network and default is back,
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.50.1 0.0.0.0 UG 10 0 0 enp4s0 169.254.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 enp4s0

[root@mtv ~]# ip route
default via 192.168.50.1 dev enp4s0 metric 10
169.254.1.0/24 dev enp3s0 proto kernel scope link src 169.254.1.200 192.168.50.0/24 dev enp4s0 proto kernel scope link src 192.168.50.200

[root@mtv ~]# host yahoo.com
yahoo.com has address 98.137.11.164
<big snip of results>

Hopefully, everything will still work on reboot.

Solution so far is set
[Network]
DHCP=no
and add
[Route]
Gateway=192.168.50.1
to system-networkd LAN nic network configuration file.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 16:54:27 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 16:31:26 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:08:35 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 21:51:52 +0100, Marco Moock wrote:

Am 20.12.2022 um 14:51:00 Uhr schrieb Bit Twister:

I have disabled ipv6 at the system level with ipv6.disable=1 which
gets me kernel: IPv6: Loaded, but administratively disabled, reboot
required to enable

For what reason?

Reason 1: Seeing articles and CVE ipv6 bug exploits when surfing the net. >>> go ahead google for ipv6 exploits
Reason 2. My ISP only provides ipv4 to residential customers.

Are you positive about this?

Yup.
$ wget -qO - http://icanhazip.com
72.181.165.117

I even have a ck_network script to tell me if my ip address changes.

In my case, my router, which supposedly supported
ipv6 died (lightning strike). With a new router, my ipv6 connections started >> working as per the router's status page. At that point I re-enabled ipv6 on my
systems.

Reason 3. Other than lan computers and router I have no ipv6 devices.
Reason 4. Extra maintenance on things like shorewall, named...
Reason 5. Have not run across the need for it, so far.

There are sites that only have ipv6 addresses and their numbers are increasing.

Yep, but I believe the ISPs have a ipv4/ipv6 stack converter.

The ipv6 exploits are different, but similar to ipv4 exploits. The biggest security
difference is that with ipv6, every device is directly accessible without the the
need for the router to have rules to forward traffic to the device.

That means you cannot just rely on a firewall in the router to block unwanted
traffic. It must be done in a firewall on every device using ipv6, which is >> strongly recommended in an ipv4 only lan anyway.

Security cameras and Over-the-Air TV network tuners are ipv4.

That will change at some point.

Yea, but I hope if I loose a tuner, or camera they will have ipv4 access.

Modified lan nic systemd network file to have
[Route]
Gateway=192.168.50.1

Did a restart network and default is back,
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.50.1 0.0.0.0 UG 10 0 0 enp4s0
169.254.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 enp4s0

[root@mtv ~]# ip route
default via 192.168.50.1 dev enp4s0 metric 10
169.254.1.0/24 dev enp3s0 proto kernel scope link src 169.254.1.200 192.168.50.0/24 dev enp4s0 proto kernel scope link src 192.168.50.200

[root@mtv ~]# host yahoo.com
yahoo.com has address 98.137.11.164
<big snip of results>

Hopefully, everything will still work on reboot.

Solution so far is set
[Network]
DHCP=no
and add
[Route]
Gateway=192.168.50.1
to system-networkd LAN nic network configuration file.

Ignore the article I posted just before I recived this on. :-)

Try the reboot, just to be sure.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 16:54:27 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 16:31:26 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:08:35 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 21:51:52 +0100, Marco Moock wrote:

Am 20.12.2022 um 14:51:00 Uhr schrieb Bit Twister:

I have disabled ipv6 at the system level with ipv6.disable=1 which
gets me kernel: IPv6: Loaded, but administratively disabled, reboot
required to enable

For what reason?

Reason 1: Seeing articles and CVE ipv6 bug exploits when surfing the net. >>> go ahead google for ipv6 exploits
Reason 2. My ISP only provides ipv4 to residential customers.

Are you positive about this?

Yup.
$ wget -qO - http://icanhazip.com
72.181.165.117

That does not show whether or not the router has ipv6.

Check the router's configuration page at http://192.168.50.1

On my tp-link router, after logging in, I have to select advanced, and then click on the ipv6 link on the internet part of the status page to see the router's ipv6 settings to see the router's dynamically assigned ipv6 address.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 17:56:14 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:54:27 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

Solution so far is set
[Network]
DHCP=no
and add
[Route]
Gateway=192.168.50.1
to system-networkd LAN nic network configuration file.

Ignore the article I posted just before I recived this on. :-)

Hehehe, you are supposed to read all posted articles before replying. :-D

Try the reboot, just to be sure.

Need to wait for time mythtv is not recording shows.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 18:03:25 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:54:27 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 16:31:26 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:08:35 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

Reason 2. My ISP only provides ipv4 to residential customers.

Are you positive about this?

Yup.
$ wget -qO - http://icanhazip.com
72.181.165.117

That does not show whether or not the router has ipv6.

Did you try the wget at your command line?
I thought it returned an ipv6 if ISP was giving you one.
If no ipv6 from icanhazip try these
wget -qO - http://ident.me/
wget -qO - http://smxi.org/opt/ip.php
wget -qO - https://ipecho.net/plain

I do remember someone's reply which showed an ipv6 but did not
note which one. I would be nice if you tell me which one(s) return ipv6
so I can update my hard copy brain book.

On my tp-link router, after logging in, I have to select advanced, and then click on the ipv6 link on the internet part of the status page to see the router's ipv6 settings to see the router's dynamically assigned ipv6 address.

Running Netgear router and click in the WAN box for details like address
and dhcp lease info.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 19:41:06 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 17:56:14 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 16:54:27 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

Solution so far is set
[Network]
DHCP=no
and add
[Route]
Gateway=192.168.50.1
to system-networkd LAN nic network configuration file.

Ignore the article I posted just before I recived this on. :-)

Hehehe, you are supposed to read all posted articles before replying. :-D

Hard to do when I received it in the same run of leafnode that the next article was downloaded. It posts my replies, then downloads the new articles. :-)

Try the reboot, just to be sure.

Need to wait for time mythtv is not recording shows.

Understood.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 19:56:55 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

Did you try the wget at your command line?
I thought it returned an ipv6 if ISP was giving you one.
If no ipv6 from icanhazip try these
wget -qO - http://ident.me/
wget -qO - http://smxi.org/opt/ip.php
wget -qO - https://ipecho.net/plain

icanhazip.com does not return anything anymore.

http://myip.dnsomatic.com/ returns the ipv4 address.

http://ident.me/ returns the ipv6 address.

http://smxi.org/opt/ip.php returns the ipv4 address.

Running "inxi -i" returns both the ipv4 and ipv6 public addresses.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 22:52:28 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 19:56:55 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

Did you try the wget at your command line?
I thought it returned an ipv6 if ISP was giving you one.
If no ipv6 from icanhazip try these
wget -qO - http://ident.me/
wget -qO - http://smxi.org/opt/ip.php
wget -qO - https://ipecho.net/plain

icanhazip.com does not return anything anymore.

http://myip.dnsomatic.com/ returns the ipv4 address.

http://ident.me/ returns the ipv6 address.

http://smxi.org/opt/ip.php returns the ipv4 address.

how about
wget -qO - http://whatismyip.akamai.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 23:44:20 -0500, David W. Hodgins wrote:

icanhazip.com does not return anything anymore.

If it did and now doesn't that is odd, could you try again with
curl http://icanhazip.com
wget -qO - http://icanhazip.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 20 Dec 2022 23:23:03 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 22:52:28 -0500, David W. Hodgins wrote:

On Tue, 20 Dec 2022 19:56:55 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

Did you try the wget at your command line?
I thought it returned an ipv6 if ISP was giving you one.
If no ipv6 from icanhazip try these
wget -qO - http://ident.me/
wget -qO - http://smxi.org/opt/ip.php
wget -qO - https://ipecho.net/plain

icanhazip.com does not return anything anymore.

http://myip.dnsomatic.com/ returns the ipv4 address.

http://ident.me/ returns the ipv6 address.

http://smxi.org/opt/ip.php returns the ipv4 address.

how about
wget -qO - http://whatismyip.akamai.com

The ipv4 address only.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 21 Dec 2022 00:42:23 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 23:44:20 -0500, David W. Hodgins wrote:

icanhazip.com does not return anything anymore.

If it did and now doesn't that is odd, could you try again with
curl http://icanhazip.com
wget -qO - http://icanhazip.com

It's working now, returning my ipv6 address.
The sites that return ipv6 if you have it, return ipv4 if you don't.

If you don't have ipv6, the router will do nat translation for the ipv4
address and send it from your public ipv4 address. Because icanhazip
receives an ipv4 packet, it responds with the ipv4 address your router
sent it using.

If you do have ipv6, the router doesn't do any translation. It's sent
with your computer as the sender. The address returned is the address
of your computer, not the address of the router.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 21 Dec 2022 03:07:52 -0500, David W. Hodgins wrote:

On Wed, 21 Dec 2022 00:42:23 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Tue, 20 Dec 2022 23:44:20 -0500, David W. Hodgins wrote:

icanhazip.com does not return anything anymore.

If it did and now doesn't that is odd, could you try again with
curl http://icanhazip.com
wget -qO - http://icanhazip.com

What about that other site I gave? My updated results, from you, gets me

$ urls address ipv
curl http://icanhazip.com ! fetch get your internet/wan ip address ipv4/6
curl http://ident.me ! fetch get your internet/wan ip address ipv4/6
curl https://ipecho.net/plain ! fetch get your internet/wan ip address ipv4
curl http://whatismyip.akamai.com ! fetch get your internet/wan ip address ipv4
curl whatismyip.akamai.com ! fetch get your internet/wan ip address ipv4
wget -qO - http://icanhazip.com ! fetch get your internet/wan ip address ipv4/6
wget -qO - http://ident.me/ ! fetch get your internet/wan ip address ipv4/6
wget -qO - https://ipecho.net/plain ! fetch get your internet/wan ip address ipv4
wget -qO - http://smxi.org/opt/ip.php ! fetch get your internet/wan ip address ipv4
wget -qO - http://whatismyip.akamai.com ! fetch get your internet/wan ip address ipv4
http://www.iana.org/assignments/ipv4-address-space ! whois ip4 assignment lookup

And for any curious Lurkers
$ type urls
urls is hashed (/usr/local/bin/urls)

which is linked to /usr/local/bin/ux, a custom script, and a snippet from its header.
#* ux - search different files with user supplied keywords. Version 2.4
#*
#* basename is called to determine command and file to use.

Rather than keep internet sites in my browser bookmarks, I keep them in my urls file
which has
$ wc -l < /local/doc/urls
3918
urls.

Currently I have
dir /usr/local/bin | grep ux | wc -l
52
ux commands


FYI: MTV reboot failed to bring up the network. Had to run
systemctl restart network
to get LAN access.

I assume failure is because of my named zone problems. :-(

OH yeah, you get nothing returned from ip route or route n
if no LAN connection.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)